Privacy Policy

For Eggella AI Bots on Telegram

Effective Date: January 1, 2025

1. Introduction

This Privacy Policy explains how Eggella ("we", "us", "our") collects, uses, protects, and shares your information when you use our AI-powered bots ("the Bots") on Telegram.

GDPR & International Compliance: This policy is designed to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other international privacy laws. We are committed to protecting your privacy and being transparent about our data practices.

2. Data Controller

Eggella is the data controller responsible for your personal data collected through our Bots.

Contact: For privacy inquiries, contact us at eggellaai@gmail.com or via @eggella on Telegram.

3. Information We Collect

3.1 Information You Provide

Data Type Description Purpose
Telegram User Data User ID, username, first name, language preference Account identification and personalization
Messages Text messages, images, documents you send to the Bot Process requests and generate responses
Generated Content AI-generated responses and documents Provide service and maintain context
Payment Information Transaction records via Telegram Stars (no card details) Process payments and manage credits

3.2 Automatically Collected Information

  • Usage Data: Timestamps, message counts, feature usage, bot interactions
  • Technical Data: Language settings, chat IDs, Telegram-provided metadata
  • Performance Data: Response times, error rates, system logs

3.3 Third-Party Data

We receive basic user information from Telegram as required to operate the Bot service.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide the Bot services you requested and maintain your account
  • Legitimate Interests: To improve our service, prevent fraud and abuse, and ensure security
  • Legal Obligations: To comply with applicable laws and regulations
  • Consent: Where explicitly provided by you for specific purposes (e.g., marketing communications)

5. How We Use Your Information

Your information is used exclusively for the following purposes:

  • Service Provision: Process your requests, generate AI responses, and maintain bot functionality
  • Account Management: Manage your account, message credits, and subscription status
  • Payment Processing: Handle transactions through Telegram Stars payment system
  • Context Maintenance: Temporarily store conversation history to provide coherent responses
  • Service Improvement: Analyze usage patterns to enhance features and performance
  • Security & Fraud Prevention: Detect and prevent abuse, fraud, and unauthorized access
  • Legal Compliance: Comply with legal obligations and respond to legal requests
  • Communication: Send service-related notifications and updates (opt-out available for non-essential communications)
We do NOT:
  • Sell your personal data to third parties
  • Use your data for advertising purposes
  • Share your conversations with other users
  • Train AI models on your private conversations without consent

6. Data Storage and Retention

6.1 Storage Location

Your data is stored in:

  • Primary Database: Supabase (PostgreSQL) - secure cloud database
  • Cache Storage: Redis - temporary session data (auto-deleted)
  • Third-Party AI Services: Temporary processing by AI providers (OpenRouter, Google Gemini)
  • File Storage: Temporary storage for generated documents (auto-deleted after 24 hours)

6.2 Retention Periods

Data Type Retention Period Reason
Account Data While account is active + 30 days Account recovery period
User Messages & Conversation History 30 days Provide conversation context and improve user experience
Anonymized Messages (for analytics) 1 year Service improvement and quality assurance
Transaction Records 7 years Legal/tax requirements
Generated Files 24 hours User access period
Logs & Analytics 90 days Security & troubleshooting
πŸ“ Message Storage Details:
  • First 30 days: Your messages are stored with your user information to maintain conversation context and improve your experience with the Bot
  • After 30 days: Messages are permanently anonymized - all personally identifiable information (User ID, username, etc.) is removed
  • Up to 1 year: Anonymized messages are retained for service quality improvement, AI model training, and analytics. These cannot be linked back to you
  • After 1 year: All data is permanently deleted
πŸ—‘οΈ Your Right to Delete: You can request immediate deletion of your messages at any time by contacting us at eggellaai@gmail.com or using the /delete_my_data command in the Bot (if available). This will permanently remove all your identifiable messages before the 30-day period.

After retention periods expire, data is permanently and securely deleted using industry-standard data destruction methods.

7. Telegram Platform and Third-Party Processing

7.1 Telegram's Role

Our Bots operate on the Telegram platform. When you use our Bots:

  • Telegram acts as an intermediary for message delivery
  • Telegram has its own privacy policy and data practices
  • We receive basic user information from Telegram (User ID, username, first name)
  • Your messages to our Bot are transmitted through Telegram's infrastructure
πŸ“± Telegram Privacy: Please review Telegram's privacy policies to understand how they handle your data:

We are a third-party application operating on Telegram and are subject to both our privacy policy and Telegram's third-party apps privacy policy.

7.2 Data Processing Chain

When you send a message to our Bot, it follows this path:

  1. You β†’ Send message via Telegram app
  2. Telegram β†’ Delivers message to our Bot infrastructure
  3. Eggella Bot β†’ Processes your request
  4. AI Provider (OpenRouter/Google Gemini) β†’ Generates response (temporary processing only)
  5. Eggella Bot β†’ Sends response back through Telegram
  6. You β†’ Receive response

Throughout this process:

  • Messages are encrypted in transit
  • AI providers process requests temporarily and do not store your personal data
  • We store messages according to our retention policy (30 days + 1 year anonymized)

7. Data Sharing and Disclosure

We do NOT sell your personal data. We may share your information only with:

7.1 Service Providers

  • AI Processing: OpenRouter, Google Gemini, and other AI providers for request processing
  • Infrastructure: Supabase for database hosting, Redis for caching
  • Payment Processing: Telegram payment system for transaction handling

All service providers are contractually bound to protect your data and use it only for specified purposes.

7.2 Legal Requirements

We may disclose information when required by law, court order, or legal process, including to:

  • Comply with legal obligations
  • Protect our rights and property
  • Prevent fraud or illegal activities
  • Protect user safety

7.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

Third-Party AI Services: When you use our Bots, your messages are processed by third-party AI providers. These providers have their own privacy policies and may process data according to their terms. We select providers with strong privacy commitments.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: Data in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access limitations and authentication
  • Regular Audits: Security assessments and vulnerability scanning
  • Rate Limiting: Protection against abuse and automated attacks
  • Monitoring: 24/7 system monitoring and incident response
  • Secure Infrastructure: Hosted on secure, certified cloud platforms
Security Disclaimer: While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to industry best practices.

9. Your Rights (GDPR, CCPA, and Beyond)

You have comprehensive rights regarding your personal data:

πŸ” Right to Access

Request a copy of all personal data we hold about you

✏️ Right to Rectification

Correct inaccurate or incomplete personal data

πŸ—‘οΈ Right to Erasure

Request deletion of your data ("right to be forgotten")

⏸️ Right to Restriction

Limit how we process your personal data

πŸ“¦ Right to Data Portability

Receive your data in a portable, machine-readable format

β›” Right to Object

Object to certain processing activities

πŸ”“ Right to Withdraw Consent

Withdraw consent where processing is based on consent

πŸ€– Automated Decision Rights

Not be subject to purely automated decisions with legal effects

How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond to your request within 30 days (or as required by applicable law).

10. Children's Privacy

Our Bots are not intended for children under 13 years of age (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children.

If we discover that we have collected information from a child under 13, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at eggellaai@gmail.com.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own, including:

  • United States (cloud infrastructure)
  • European Union (data processing)
  • Other countries where our service providers operate

We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for certain countries
  • Certification frameworks (EU-U.S. Data Privacy Framework where applicable)

12. Cookies and Tracking

The Bots themselves do not use cookies. However:

  • Our website (eggella.com) uses cookies as described in our Cookie Policy
  • Telegram may use its own tracking technologies
  • We use local storage in your device to save language preferences

13. Automated Decision-Making and AI

Our Bots use AI to generate responses. This involves automated processing but does not make legal or similarly significant decisions about you.

  • AI responses are suggestions, not final decisions
  • You retain full control over how to use the information
  • No automated profiling for decision-making purposes
  • You can always request human review if needed
AI Limitations: AI systems can make mistakes. Always verify important information independently, especially for critical decisions.

14. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know: What personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in:

  • Our practices
  • Applicable laws and regulations
  • Bot features and functionality

We will notify you of material changes by:

  • Posting the updated policy with a new "Effective Date"
  • Sending notification through the Bot
  • Posting on our website and Telegram channel

Continued use of the Bots after changes constitutes acceptance of the updated policy.

16. Data Protection Officer

For privacy-related inquiries and to exercise your rights, contact our data protection representative:

Email: eggellaai@gmail.com
Telegram: @eggella

17. Filing Complaints

If you believe your privacy rights have been violated, you have the right to lodge a complaint with:

By using any Eggella AI Bot, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

We are committed to protecting your privacy and handling your data responsibly.

Last Updated: January 1, 2025