1. Introduction

Innexum OÜ (“Innexum,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we handle information when you use TelegrApp, our Telegram integration and message filtering service (“Service”).

Company Details:

• Legal Name: Innexum OÜ
• Address: Harju maakond, Kuusalu vald, 74626, Estonia
• Contact: innexumtech@gmail.com

2. Information We Collect

2.1 Telegram Account Data:

• Phone number (for phone-based authentication connections)
• Verification codes (processed in real-time, not stored)
• Bot tokens (for bot-based connections, encrypted at rest)
• Telegram user ID and session information
• Device information (displayed name, connection status)

2.2 Conversation Metadata:

• Chat, group, and channel identifiers
• Conversation names and types (Chat, Group, Channel)
• Message filtering preferences and settings
• User-defined conversation categories

2.3 User Account Information:

• Username and login credentials for the Service
• Admin or regular user privilege status
• User preferences for filtering and notifications
• Connection type selection (phone or bot token)

2.4 Technical Data:

• API request logs for system monitoring
• Error logs for troubleshooting and service improvement
• Session management data
• Performance metrics for optimization

3. How We Use Your Information

We use collected information to:

• Authenticate and maintain your Telegram connection
• Process and apply your message filtering preferences
• Display your connected devices and conversation lists
• Enable admin users to manage multiple user accounts
• Synchronize filtering settings across your devices
• Provide technical support and troubleshoot issues
• Monitor system performance and prevent abuse
• Communicate important service updates

4. Data Storage & Retention

4.1 Active Storage:

• User account data and preferences are stored in AWS DynamoDB
• Telegram authentication sessions remain active until disconnected
• Filtering preferences persist until modified or account deletion
• Conversation metadata is cached for performance optimization

4.2 Data Retention Period:

• Account data: Retained while your account is active
• Connection data: Deleted immediately upon disconnection
• Filtering preferences: Retained until account deletion
• Technical logs: Retained for 90 days for troubleshooting
• Deleted accounts: All associated data permanently removed within 30 days

4.3 Message Content:

• We do not store, read, or access the content of your Telegram messages
• The Service only processes conversation metadata for filtering purposes
• All message filtering occurs through Telegram’s official API

5. Data Security

5.1 Encryption:

• All data transmissions use TLS 1.3 encryption
• Bot tokens are encrypted using AES-256 encryption at rest
• Session tokens are encrypted and refreshed regularly
• AWS infrastructure provides enterprise-grade security controls

5.2 Access Controls:

• Multi-factor authentication for admin users
• Role-based access controls (admin vs. regular user privileges)
• Each user limited to one active connection type (phone or bot)
• Individual device disconnection capability
• Strict internal access controls with audit logging

5.3 Infrastructure Security:

• AWS Lambda functions with restricted IAM roles
• DynamoDB encryption at rest and in transit
• CloudWatch monitoring for security anomalies
• Regular security assessments and updates

6. Data Sharing & Third Parties

6.1 No Selling of Data:

• We never sell, rent, trade, or lease your data to third parties
• Your message filtering preferences remain confidential

6.2 Service Providers:

• Amazon Web Services (AWS) – for hosting, database, and serverless infrastructure
• Telegram API – for authentication and conversation metadata retrieval

6.3 Admin User Access:

• Admin users can view and manage accounts they are authorized to access
• Admin access is governed by organizational policies and user consent
• All admin actions are logged for accountability

6.4 Legal Requirements:

• We may disclose information if required by law or valid legal process
• We will notify affected users unless legally prohibited
• We may disclose data to protect our legal rights or prevent harm

7. Your Rights

7.1 Access and Control:

• View all your connected devices in the device information table
• Access and modify your filtering preferences at any time
• Disconnect individual devices or your entire account
• Request a copy of your stored data by contacting us

7.2 Data Portability:

• Export your filtering preferences and settings upon request
• Receive your data in a structured, machine-readable format

7.3 Right to Deletion:

• Disconnect your account at any time through the interface
• Request complete account deletion by contacting innexumtech@gmail.com
• All data permanently deleted within 30 days of deletion request

7.4 Right to Rectification:

• Update your account information and preferences directly in the app
• Correct inaccurate data by contacting our support team

7.5 Right to Object:

• Object to processing of your data for specific purposes
• Opt-out of non-essential data processing activities

8. Compliance & Legal Basis

8.1 GDPR Compliance:

• We process data under the legal basis of contract fulfillment and legitimate interest
• You have the right to withdraw consent at any time
• We comply with all applicable GDPR requirements for EU users

8.2 Data Controller/Processor Relationship:

• Innexum OÜ acts as the data controller for Service account data
• We act as a data processor for Telegram conversation metadata
• Users remain controllers of their own Telegram data

8.3 Lawful Processing:

• Necessary for contract performance (providing the Service)
• Legitimate interest in improving and securing the Service
• Compliance with legal obligations

9. International Data Transfers

Your data may be processed and stored on AWS servers in various regions worldwide. We ensure appropriate safeguards are in place for international data transfers:

• AWS complies with EU-US Data Privacy Framework
• Standard Contractual Clauses (SCCs) for data transfers outside the EEA
• Adequate protection measures as required by GDPR Article 46

10. Children’s Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If we become aware that a user is under 18, we will promptly delete their account and associated data. Parents or guardians who believe their child has provided information to us should contact innexumtech@gmail.com.

11. Cookies & Tracking

11.1 Essential Cookies:

• Session cookies for authentication and login persistence
• Preference cookies to remember your filtering settings

11.2 No Third-Party Tracking:

• We do not use advertising cookies or third-party trackers
• We do not share data with advertising networks
• No cross-site tracking or behavioral profiling

11.3 WordPress Integration:

• The Service operates within WordPress embedded code blocks
• WordPress may set its own cookies according to its privacy policy

12. Telegram API Compliance

Our Service uses Telegram’s official API and complies with Telegram’s Terms of Service and API usage policies:

• We only access metadata necessary for filtering functionality
• We do not access message content or media files
• Authentication follows Telegram’s official protocols
• We respect Telegram’s rate limits and usage guidelines
• Bot token connections follow Telegram Bot API standards

13. Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make material changes:

• We will update the “Last Updated” date at the top of this policy
• We will notify users via email or in-app notification for significant changes
• Continued use of the Service after changes constitutes acceptance
• Previous versions will be archived and available upon request

14. Data Breach Notification

In the unlikely event of a data breach affecting your information:

• We will notify affected users within 72 hours as required by GDPR
• Notification will include the nature of the breach and affected data
• We will provide guidance on protective measures you can take
• Appropriate authorities will be notified as required by law
• We maintain an incident response plan and conduct regular security drills

15. User Responsibilities

As a user of the Service, you are responsible for:

• Maintaining the confidentiality of your account credentials
• Ensuring authorized use of admin privileges
• Complying with Telegram’s Terms of Service
• Not using the Service for illegal or unauthorized purposes
• Promptly reporting any security concerns or unauthorized access

16. Contact & Complaints

For privacy inquiries or data requests:
Email: innexumtech@gmail.com
Response time: We aim to respond within 5 business days

For complaints:
You have the right to lodge a complaint with:

• Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
• Your local data protection authority in the EU/EEA
• Contact us first so we can address your concerns directly

17. Definitions

• Service: TelegrApp, the Telegram integration and message filtering web application
• Admin User: User with elevated privileges to manage multiple accounts
• Regular User: Standard user with access to their own account only
• Connection Type: Method of Telegram authentication (phone number or bot token)
• Filtering Preferences: User-defined settings for conversation categories and visibility
• Device: A connected Telegram account instance within the Service
• Data Controller: The entity that determines purposes and means of processing personal data
• Data Processor: The entity that processes data on behalf of the controller
• Personal Data: Any information relating to an identified or identifiable natural person