Privacy Policy
Effective date: June 24, 2026
1.Information We Collect
Account information. When you register, we collect your name, email address, and authentication credentials. If you sign in via OAuth (Google, GitHub), we receive your public profile data from the provider.
Usage data. We automatically collect information about your interactions with the Service, including IP addresses, browser type, device identifiers, pages visited, and feature usage patterns.
Telegram data. When you connect Telegram channels or bots, we process message content, metadata, sender identifiers, and channel information solely to provide the monitoring, forwarding, and analytics features you configure.
Payment data. Billing information is collected and processed by our third-party payment processor. We do not store full credit card numbers on our servers.
2.How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Process transactions and send billing-related communications
- Authenticate users and protect account security
- Monitor for abuse, fraud, and violations of our Terms
- Generate aggregated, anonymized analytics to improve our platform
- Respond to support requests and communicate service updates
- Comply with legal obligations and enforce our agreements
3.Legal Bases for Processing
We process personal data under the following legal bases as defined by GDPR and KVKK:
- Contract performance: Processing necessary to deliver the Service you requested
- Legitimate interest: Analytics, security monitoring, and fraud prevention
- Consent: Marketing communications and optional cookies (withdrawable at any time)
- Legal obligation: Tax records, law enforcement requests, and regulatory compliance
4.Data Sharing and Disclosure
We do not sell your personal data. We may share information with:
- Service providers: Infrastructure, payment processing, and analytics partners who process data on our behalf under contractual obligations. See our Subprocessors page for the current list.
- Legal requirements: When required by law, regulation, legal process, or governmental request. See our Law Enforcement Guidelines.
- Business transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users.
5.International Data Transfers
Your data may be processed in Turkey, the United States, and the European Union. When transferring data outside your jurisdiction, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent safeguards under Turkish data protection law.
Details of our data processing arrangements are available in our Data Processing Agreement.
6.Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Policy:
- Account data: Retained for the duration of your account plus 30 days after deletion
- Telegram message data: Retained according to your workspace configuration (default: 90 days)
- Usage logs: Retained for 12 months for security and analytics
- Billing records: Retained for 7 years as required by tax regulations
7.Your Rights
Depending on your jurisdiction (GDPR, KVKK, CCPA), you may have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict or object to certain processing activities
- Port your data to another service in a machine-readable format
- Withdraw consent at any time for consent-based processing
- Opt out of the sale of personal information (CCPA)
To exercise any of these rights, contact privacy@teleradar.org. We will respond within 30 days (or as required by applicable law).
8.Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.
9.Security Measures
We implement industry-standard technical and organizational measures to protect your data, including AES-256 encryption at rest, TLS 1.3 in transit, per-tenant key isolation, MFA for operator accounts, and continuous monitoring. For a comprehensive overview, visit our Security page.
10.Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The “Effective date” at the top of this page indicates when the policy was last revised.
Data Protection Contact
For privacy-related inquiries, data subject requests, or complaints, contact our Data Protection Officer at privacy@teleradar.org.