This document informs Users about the technologies that help this Application to achieve the purposes described below. Such technologies allow the Owner to access and store information (for example by using a Cookie) or use resources (for example by running a script) on a User’s device as they interact with this Application.
For simplicity, all such technologies are defined as "Trackers" within this document – unless there is a reason to differentiate.
For example, while Cookies can be used on both web and mobile browsers, it would be inaccurate to talk about Cookies in the context of mobile apps as they are a browser-based Tracker. For this reason, within this document, the term Cookies is only used where it is specifically meant to indicate that particular type of Tracker.
Some of the purposes for which Trackers are used may also require the User's consent. Whenever consent is given, it can be freely withdrawn at any time following the instructions provided in this document.
This Application uses Trackers managed directly by the Owner (so-called “first-party” Trackers) and Trackers that enable services provided by a third-party (so-called “third-party” Trackers). Unless otherwise specified within this document, third-party providers may access the Trackers managed by them.
The validity and expiration periods of Cookies and other similar Trackers may vary depending on the lifetime set by the Owner or the relevant provider. Some of them expire upon termination of the User’s browsing session.
In addition to what’s specified in the descriptions within each of the categories below, Users may find more precise and updated information regarding lifetime specification as well as any other relevant information — such as the presence of other Trackers — in the linked privacy policies of the respective third-party providers or by contacting the Owner.
Activities strictly necessary for the operation of this Application and delivery of the Service
This Application uses so-called “technical” Cookies and other similar Trackers to carry out activities that are strictly necessary for the operation or delivery of the Service.
Other activities involving the use of Trackers
Basic interactions & functionalities
This Application uses Trackers to enable basic interactions and functionalities, allowing Users to access selected features of the Service and facilitating the User's communication with the Owner.
By registering or authenticating, Users allow this Application to identify them and give them access to dedicated services.
Depending on what is described below, third parties may provide registration and authentication services. In this case, this Application will be able to access some Data, stored by these third-party services, for registration or identification purposes.
Some of the services listed below may also collect Personal Data for targeting and profiling purposes; to find out more, please refer to the description of each service.
Latest version: https://telegram.org/privacy
1.1 Privacy Principles
Telegram has two fundamental principles when it comes to collecting and processing private data:
We don't use your data to show you ads.
We only store the data that Telegram needs to function as a secure and feature-rich messaging service.
1.2. Terms of Service
1.3. Table of Contents
the legal basis for processing your personal data;
what personal data we may collect from you;
how we keep your personal data safe;
what we may use your personal data for;
who your personal data may be shared with; and
your rights regarding your personal data.
1.4. EEA Representative
If you live in a country in the European Economic Area (EEA), the Services are provided by Telegram, which for the purposes of applicable data protection legislation is the data controller responsible for your personal data when you use our Services. However, as Telegram is located outside the EEA, we have designated one of our EEA-based group companies, Telegram UK Holdings Ltd (71-75 Shelton Street, Covent Garden, London, England, WC2H 9JQ), as a representative to whom you may direct any issues you have relating to our processing of your personal data.
2. Legal Ground for Processing Your Personal Data
We process your personal data on the ground that such processing is necessary to further our legitimate interests (including: (1) providing effective and innovative Services to our users; and (2) to detect, prevent or otherwise address fraud or security issues in respect of our provision of Services), unless those interests are overridden by your interest or fundamental rights and freedoms that require protections of personal data.
3. What Personal Data We Use
3.1. Basic Account Data
Telegram is a communication service. You provide your mobile number and basic account data (which may include profile name, profile picture and about information) to create a Telegram account.
To make it easier for your contacts and other people to reach you and recognize who you are, the screen name you choose, your profile pictures, and your username (should you choose to set one) on Telegram are always public. We don't want to know your real name, gender, age or what you like.
We do not require your screen name to be your real name. Note that users who have you in their contacts will see you by the name they saved and not by your screen name. This way your mother can have the public name ‘Johnny Depp’ while appearing as ‘Mom’ to you and as ‘Boss’ to her underlings at work (or the other way around, depending on how these relationships are structured).
3.2. Your E-mail Address
When you enable 2-step-verification for your account or store documents using the Telegram Passport feature, you can opt to set up a password recovery email. This address will only be used to send you a password recovery code if you forget it. That's right: no marketing or “we miss you” bullshit.
3.3. Your Messages
3.3.1. Cloud Chats
Telegram is a cloud service. We store messages, photos, videos and documents from your cloud chats on our servers so that you can access your data from any of your devices anytime without having to rely on third-party backups. All data is stored heavily encrypted and the encryption keys in each case are stored in several other data centers in different jurisdictions. This way local engineers or physical intruders cannot get access to user data.
3.3.2. Secret Chats
Secret chats use end-to-end encryption. This means that all data is encrypted with a key that only you and the recipient know. There is no way for us or anybody else without direct access to your device to learn what content is being sent in those messages. We do not store your secret chats on our servers. We also do not keep any logs for messages in secret chats, so after a short period of time we no longer know who or when you messaged via secret chats. For the same reasons secret chats are not available in the cloud — you can only access those messages from the device they were sent to or from.
3.3.3. Media in Secret Chats
When you send photos, videos or files via secret chats, before being uploaded, each item is encrypted with a separate key, not known to the server. This key and the file’s location are then encrypted again, this time with the secret chat’s key — and sent to your recipient. They can then download and decipher the file. This means that the file is technically on one of Telegram’s servers, but it looks like a piece of random indecipherable garbage to everyone except for you and the recipient. We don’t know what this random data stands for and we have no idea which particular chat it belongs to. We periodically purge this random data from our servers to save disk space.
3.3.4. Public Chats
In addition to private messages, Telegram also supports public channels and public groups. All public chats are cloud chats (see section 3.3.1 above). Like everything on Telegram, the data you post in public communities is encrypted, both in storage and in transit — but everything you post in public will be accessible to everyone.
3.3.5. Phone Number and Contacts
Telegram uses phone numbers as unique identifiers so that it is easy for you to switch from SMS and other messaging apps and retain your social graph. We ask your permission before syncing your contacts.
We store your up-to-date contacts in order to notify you as soon as one of your contacts signs up for Telegram and to properly display names in notifications. We only need the number and name (first and last) for this to work and store no other data about your contacts.
Our automatic algorithms can also use anonymized sets of phone numbers to calculate the average number of potential contacts an unregistered phone number may have on Telegram. When you open the ‘Invite friends’ interface, we display the resulting statistics next to your contacts to give you an idea of who could benefit most from joining Telegram.
You can always stop syncing contacts or delete them from our servers in Settings > Privacy & Security > Data Settings.
If you are using Android, Telegram will ask you for permission to access your phone call logs (READ_CALL_LOG). If you grant this permission, Telegram will be able verify your account by transmitting a phone call instead of asking you to enter a code. Telegram uses this permission only to confirm receipt of the confirmation call by verifying the number in the call log.
4. Keeping Your Personal Data Safe
4.1. Storing Data
If you signed up for Telegram from the UK or the EEA, your data is stored in data centers in the Netherlands. These are third-party provided data centers in which Telegram rents a designated space. However, the servers and networks that sit inside these data centers and on which your personal data is stored are owned by Telegram. As such, we do not share your personal data with such data centers. All data is stored heavily encrypted so that local Telegram engineers or physical intruders cannot get access.
4.2. End-to-End Encrypted Data
Your messages, media and files from secret chats (see section 3.3.2 above), as well as the contents of your calls and the data you store in your Telegram Passport are processed only on your device and on the device of your recipient. Before this data reaches our servers, it is encrypted with a key known only to you and the recipient. While Telegram servers will handle this end-to-end encrypted data to deliver it to the recipient – or store it in the case of Telegram Passport data, we have no ways of deciphering the actual information. In this case, we neither store nor process your personal data, rather we store and process random sequences of symbols that have no meaning without the keys which we don’t have.
5. Processing Your Personal Data
5.1. Our Services
Telegram is a cloud service. We will process your data to deliver your cloud chat history, including messages, media and files, to any devices of your choosing without a need for you to use third-party backups or cloud storage.
5.2. Safety and Security
Telegram supports massive communities which we have to police against abuse and Terms of Service violations. Telegram also has more than 200 million users which makes it a lucrative target for spammers. To improve the security of your account, as well as to prevent spam, abuse, and other violations of our Terms of Service, we may collect metadata such as your IP address, devices and Telegram apps you've used, history of username changes, etc. If collected, this metadata can be kept for 12 months maximum.
5.3. Spam and Abuse
To prevent phishing, spam and other kinds of abuse and violations of Telegram’s Terms of Service, our moderators may check messages that were reported to them by their recipients. If a spam report on a message you sent is confirmed by our moderators, your account may be limited from contacting strangers – temporarily or permanently. You can send an appeal using @Spambot. In case of more serious violations, your account may be banned. We may also use automated algorithms to analyze messages in cloud chats to stop spam and phishing.
5.4. Cross-Device Functionality
We may also store some aggregated metadata to create Telegram features (see section 5.5 below) that work across all your devices.
5.5. Advanced features
We may use some aggregated data about how you use Telegram to build useful features. For example, when you open the Search menu, Telegram displays the people you are more likely to message in a box at the top of the screen. To do this, we calculate a rating that shows which people you message frequently. A similar rating is calculated for inline bots so that the app can suggest the bots you are most likely to use in the attachment menu (or when you start a new message with “@”). To turn this feature off and delete the relevant data, go to Settings > Privacy & Security > Data Settings and disable “Suggest Frequent Contacts”.
5.6. No Ads
Unlike other services, we don't use your data for ad targeting or other commercial purposes. Telegram only stores the information it needs to function as a secure and feature-rich cloud service.
6. Bot Messages
Telegram has an API that allows third-party developers to create bots. Bots are apps that look like special Telegram users: you can talk to them from your chat list, add them to groups or use a special “inline” interface to access their features. By performing any of these actions, you will be sending some of your data to the respective third-party bot developers.
6.2. How Bots Can Receive Data
You can send data to bot developers when you interact with their bots in one of these ways:
By sending messages to a bot.
By using an inline bot.
By participating in a group with a bot.
By pressing buttons in messages sent by a bot.
By paying for goods and services via bots (see section 7 below).
6.3. What Data Bots Receive
In any of the above cases, the developers of an automated user (bot) can get your public account data (see section 3.1 above): your screen name, username and profile picture(s).
Bots can also receive the following data when you interact with them.
Bots will obviously get your messages when you send them something.
If you click on links or buttons provided by the bot, the bot can potentially get your IP address (provided that it controls the website to which the link leads).
If the bot is a member of the same group with you, it may know you are a member.
When you start your message with the username of an inline bot (e.g. @gif) the interface transforms so that everything you type becomes a query to that bot. This query is sent to the bot so that it can provide its service. We will warn you about this the first time you use an inline bot.
Bots added to groups can operate in two modes: with access to messages in the group or without access. If the bot has access to messages, it can see everything that happens in the group. The interface clearly shows whether or not a bot has access to messages in groups.
6.4. Bots Are Not Maintained by Telegram
Other than our own bots, no other bots or third-party bot developers are affiliated with Telegram. They are completely independent from us. They should ask you for your permission before they access your data or you make it available to them.
7. Third Party Payment Services
7.1. Payment Information
The Payment Platform for Bots is available to users as of Telegram 4.0. Telegram does not process payments from users and instead relies on different payment providers around the world. It is the payment providers that handle and store your credit card details. Neither Telegram nor the merchants on the platform (bot developers) have access to this information. Although we work with payment providers they are completely independent from Telegram. Please study their relevant privacy policies before making your data available to them.
7.2. Credit Card Information
When making a purchase, you enter your credit card details into a form supplied by the payment provider that will be processing the payment, and this information goes directly to the payment provider‘s server. Your credit card information never reaches Telegram’s servers. We do not access and do not store your credit card information. When you save your credit card info, it is saved on the respective payment provider's servers and the payment provider gives Telegram a token that you can reuse for future payments. It is not possible to reconstruct your credit card info from the token.
7.3 Shipping Information
When you enter shipping information in the process of placing an order, we send it directly to the merchant bot developer. We can store your shipping information for you if you choose to save it for future purchases. We will delete this information immediately if you ask us to.
7.4. Clearing Payment Information
You can clear all payment information associated with your account at any time by going to Telegram Settings > Privacy & Security > Data Settings and selecting ‘Clear Payment & Shipping Info’. If you choose to remove your payment information, we will delete your stored shipping info and payment tokens from all providers and ask the payment providers to remove your credit card information that they store.
7.5. Payment Disputes
Due to the fact that Telegram doesn't store any credit card details or transaction information, it is impossible for us to handle complaints or cashbacks – any disputed payments are the responsibility of the bot developers, payment providers, and banks that participated in the exchange.
8. Who Your Personal Data May Be Shared With
8.1. Other Telegram Users
8.2. Telegram’s Group Companies
We may share your personal data with: (1) our parent company, Telegram Group Inc, located in the British Virgin Islands; and (2) Telegram FZ-LLC, a group member located in Dubai, to help provide, improve and support our Services. We will implement appropriate safeguards to protect the security and integrity of that personal data. This will take the form of standard contract clauses approved by the European Commission in an agreement between us and our relevant group companies. If you would like more information regarding these clauses, please contact us using the details in section 12 below.
8.3. Law Enforcement Authorities
If Telegram receives a court order that confirms you're a terror suspect, we may disclose your IP address and phone number to the relevant authorities. So far, this has never happened. When it does, we will include it in a semiannual transparency report published at: https://t.me/transparency.
9. Your Rights Regarding the Personal Data You Provide to Us
9.1. Your Rights
Under applicable data protection legislation, in certain circumstances, you have rights concerning your personal data. You have a right to: (1) request a copy of all your personal data that we store and to transmit that copy to another data controller; (2) delete (see section 10 below) or amend your personal data; (3) restrict, or object to, the processing of your personal data; (4) correct any inaccurate or incomplete personal data we hold on you; and (5) lodge a complaint with national data protection authorities regarding our processing of your personal data.
9.2. Exercising Your Rights
If you wish to exercise any of these rights, kindly contact us using the details in section 12 below.
9.3. Data Settings
You can control how your data is used (e.g., delete synced contacts) in Settings > Privacy & Security > Data Settings (using one of our mobile apps).
Sadly, if you‘re generally not OK with Telegram’s modest requirements, it won't be possible for us to provide you with our Services. You can delete your Telegram account by proceeding to the deactivation page.
10. Deleting data
If you would like to delete your account, you can do this on the deactivation page. Deleting your account removes all messages, media, contacts and every other piece of data you store in the Telegram cloud. This action must be confirmed via your Telegram account and cannot be undone.
In secret chats, deleting a message always instructs the app on the other end to delete it too.
In cloud chats, you can choose to delete a message for all participants within at least 48 hours after sending. Otherwise, deleting a message will delete it from your message history. This means that a copy will stay on the server as part of your partner‘s message history. As soon as your partner deletes it too, it’s gone forever.
As of version 5.5, any party can choose to delete any messages in one-on-one chats, both sent and received, for both sides. There is no time limit. Any party can also opt to clear the entire chat history for both parties, in which case the apps will be instructed to remove all messages in that chat, however many of them are still retained by either of the participants.
In supergroups and channels, deleting a message removes it for all participants. Note that deleted messages and original versions of edited messages from supergroups are stored for 48 hours after deletion in order to be shown in the admins log.
10.3. Self-Destructing Messages
Messages in Secret Chats can be ordered to self-destruct. As soon as such a message is read (2 checks appear), the countdown starts. When the timer expires, both devices participating in a secret chat are instructed to delete the message (photo, video, etc.). Media with short timers (less than a minute) are shown with blurred previews. The timer is triggered when they are viewed.
10.4. Account Self-Destruction
By default, if you stop using Telegram and do not come online for at least 6 months, your account will be deleted along with all messages, media, contacts and every other piece of data you store in the Telegram cloud. You can go to Settings to change the exact period after which your inactive account will self-destruct.
March 25, 2019
Expanded [10.2. Deleting Messages] with data on the new features in version 5.5, which allow both participants to remove any messages from one-on-one chats for both sides without a time limit.
12. Questions and concerns
If you have any questions about privacy and our data policies, please contact our @GDPRbot. Use the /access command to learn how to get a copy of your Telegram data and use the /contact command to leave a request, which we will answer at the earliest opportunity.
Telegram is an open source project. You can examine more information on our:
API at: https://core.telegram.org/api;
Bot Platform at: https://core.telegram.org/bots;
Protocol at: https://core.telegram.org/mtproto; and
Source Code at: https://telegram.org/apps#source-code.
This Application uses Trackers to measure traffic and analyze User behavior with the goal of improving the Service.
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Amplitude Analytics (Amplitude Inc.)
Amplitude Analytics is an analytics service provided by Amplitude Inc.
Personal Data processed: Trackers and Usage Data.
How to manage preferences and provide or withdraw consent
There are various ways to manage Tracker related preferences and to provide and withdraw consent, where relevant:
Users can manage preferences related to Trackers from directly within their own device settings, for example, by preventing the use or storage of Trackers.
Additionally, whenever the use of Trackers is based on consent, Users can provide or withdraw such consent by setting their preferences within the cookie notice or by updating such preferences accordingly via the relevant consent-preferences widget, if available.
It is also possible, via relevant browser or device features, to delete previously stored Trackers, including those used to remember the User’s initial consent.
Other Trackers in the browser’s local memory may be cleared by deleting the browsing history.
Locating Tracker Settings
Users can, for example, find information about how to manage Cookies in the most commonly used browsers at the following addresses:
Users may also manage certain categories of Trackers used on mobile apps by opting out through relevant device settings such as the device advertising settings for mobile devices, or tracking settings in general (Users may open the device settings and look for the relevant setting).
Consequences of denying consent
Users are free to decide whether or not to grant consent. However, please note that Trackers help this Application to provide a better experience and advanced functionalities to Users (in line with the purposes outlined in this document). Therefore, in the absence of the User's consent, the Owner may be unable to provide related features.
Owner and Data Controller
(a) If User is located in EU countries as well as the UK:
DEV WAY LTD
165, Spyrou Araouzou, Lordos Waterfront Court, Office 402, 3036 Limassol, Cyprus
(b) If User is located anywhere else in the world:
INVITEMEMBER LLC (a company incorporated and existing under the laws of the State of Delaware under the number 6979516, mailing address 16192 Coastal Highway, Lewes, Delaware 19958 USA)
Since the use of third-party Trackers through this Application cannot be fully controlled by the Owner, any specific references to third-party Trackers are to be considered indicative. In order to obtain complete information, Users are kindly requested to consult the privacy policies of the respective third-party services listed in this document.
Given the objective complexity surrounding tracking technologies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of such technologies by this Application.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookies are Trackers consisting of small sets of data stored in the User's browser.
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).