Privacy Policy

We collect the following categories of personal data:

• Account data — name, email address, password (hashed), profile picture, and timezone.
• Telegram data — Telegram user ID, username, and channel/group data you connect through our tools.
• Payment data — billing address and payment method (card tokens processed by Stripe; we never store raw card numbers).
• Usage data — features accessed, pages visited, session duration, and device/browser information collected via cookies and similar technologies.
• Communication data — messages sent through our contact form, support tickets, and email correspondence.

We process your personal data for the following purposes:

• To provide, maintain, and improve the TeleGrowth Service
• To process subscriptions, payments, and deliver purchased features
• To send service-related notifications (quota alerts, billing reminders, security alerts)
• To provide customer support
• To analyze usage patterns and improve our product (aggregated and anonymized)
• To comply with legal obligations

We process your data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Contractual necessity (Art. 6(1)(b)) — processing required to deliver the Service you subscribed to.
• Legitimate interest (Art. 6(1)(f)) — for fraud prevention, security, service improvement, and direct marketing (where applicable, with opt-out).
• Consent (Art. 6(1)(a)) — for optional analytics tracking and marketing communications beyond transactional emails.
• Legal obligation (Art. 6(1)(c)) — where required by law (e.g., tax and accounting records).

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., financial records kept for 5 years under French law).

Anonymized, aggregated analytics data may be retained indefinitely for product improvement purposes.

We share your data only with the following categories of recipients:

• Stripe — payment processing (card tokens, billing). Stripe processes data under its own Privacy Policy.
• Cloudflare — CDN, DDoS protection, and performance services.
• Analytics providers — anonymized usage data for product improvement.

We do not sell your personal data. We require all processors to adhere to data protection standards equivalent to the GDPR.

TeleGrowth is based in France and stores data within the European Union. If any processing involves a transfer outside the EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure — request deletion of your data ("right to be forgotten")
• Right to restrict processing — limit how we process your data in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interest
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

We use essential cookies to maintain session authentication and preferences. We also use analytics cookies to understand how the Service is used. Analytics cookies are set only after you provide consent via our cookie banner.

You may manage your cookie preferences at any time through your browser settings. Disabling essential cookies may affect the functionality of the Service.

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS 1.3), encryption at rest, regular security audits, access controls, and monitoring. We also enforce two-factor authentication (2FA) for administrative access.

Despite our efforts, no system is entirely secure. In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours, in accordance with GDPR requirements.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting a notice on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

If you have questions about this Privacy Policy or wish to exercise your data subject rights, you may contact our Data Protection Officer at [email protected] or via our contact page.