Skip to main content
SynAppUs Bot

Privacy Policy for SynApp Telegram Bot

Effective Date: 1 July 2025

This Privacy Policy explains how SynApp (the "Service", the "Bot", and any related web dashboard) processes information when you use our Telegram bot and connected services. It supplements the Telegram Standard Bot Privacy Policy and the Telegram Privacy Policy.

1. Who we are & scope

This policy covers the SynApp Telegram bot, its automation features, and any linked web dashboard used by your organization.

If you access SynApp under an organization workspace, your organization is usually the data controller and SynApp acts as the processor under their instructions. If you use SynApp directly as an individual, SynApp is the data controller.

2. What we collect

Only data needed to operate the bot and provide features is processed.

  • Telegram identifiers & profile: user ID, username/display name, language, and whether you are an admin/member of a chat; chat/group/channel IDs, titles.
  • Membership & roles: join/leave status, role-based access (RBAC) assignments, allow/deny lists.
  • Message data you send to the Bot: commands, forms, support requests, and content for automations (e.g., scheduled/bulk announcements). We store message content only when necessary to execute a feature (e.g., queueing a scheduled message, moderation review) or when your organization enables audit logging.
  • Group management signals: actions taken by the Bot (add/remove users, mute, delete messages), auto‑delete rules, inactivity metrics and timestamps used for clean‑up.
  • SSO/Identity data (if enabled): basic account info returned by your chosen identity provider (e.g., name, email, org ID, roles) to sign you in and assign permissions.
  • CRM integration (if enabled by your organization): interaction logs sent to the CRM (e.g., HubSpot/Salesforce)—typically message text you instruct SynApp to log, plus related metadata (sender, chat, time, link to message).
  • Web/app telemetry: IP address, user-agent, device/OS info, timestamps, and error/diagnostic logs for security and reliability of the dashboard and APIs.
  • Attachments & media: only if you submit them to the Bot for delivery or moderation; stored transiently or per your organization's retention settings.

3. Why we use your data (legal bases)

  • Provide the service (perform our contract): group/channel management, bulk & scheduled messaging, onboarding/offboarding, RBAC, moderation, and alerts.
  • Security & abuse prevention (legitimate interests): fraud/spam prevention, rate limiting, audit trails, incident investigation.
  • Improve reliability (legitimate interests): analytics, debugging, and quality assurance using aggregated or de‑identified data where possible.
  • With consent: where required (e.g., optional marketing updates or where local law demands consent for certain logging).

4. Automated actions & moderation

SynApp can automatically apply rules (e.g., keyword filters, link restrictions, or inactivity removal) configured by your admins. These actions may affect your ability to post or remain in a group. You can request human review from your group's admins at any time.

5. Sharing & recipients

We don't sell your data. We share it only with:

  • Telegram Platform (by design, messages and metadata flow through Telegram).
  • Your organization's selected tools (if enabled): identity providers (SSO), CRMs (e.g., HubSpot/Salesforce), and other integrations you connect.
  • Service providers under contract (hosting, storage, monitoring/alerting, analytics, email/support desk) bound by confidentiality and security commitments.
  • Law enforcement when legally required.

6. Data storage, location & retention

Data is encrypted in transit; at rest where applicable. Access is RBAC‑restricted and audited.

We store only what's needed and for as long as necessary:

  • Operational logs & diagnostics: up to ~90 days, unless extended for security investigations.
  • Scheduled/queued messages: until sent or canceled.
  • Role/membership mappings & configuration: while your workspace exists or until removed by admins.
  • Audit logs (if enabled): default 180 days (admin‑configurable).

Data may be processed in the US and other regions. Where required, we use approved transfer mechanisms (e.g., Standard Contractual Clauses) for cross‑border transfers.

7. Your rights & choices

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing, and to data portability.

  • Through your organization: if your workspace controls the Bot, contact the group's admins or your organization's privacy contact.
  • Directly with us: see Contact below. We will respond within applicable legal timeframes.

For privacy-related inquiries or to exercise your rights, please visit our contact page.

8. Children

The Service is not intended for children under 18 (or the minimum age required by your jurisdiction). We do not knowingly collect data from such individuals.

9. Security

We apply industry practices: encryption, SSO/2FA support, secrets management for API tokens, least‑privilege roles, input validation, rate limiting, and continuous monitoring. No method is 100% secure, but we strive to protect your data.

10. Changes to this policy

We may update this Policy. We'll post changes here and update the "Effective Date". Material changes will be highlighted in‑bot or on our site.