← Home

Privacy Policy

Last updated: April 21, 2026

1. Who we are

TelegramScrap is an operated-in-France community intelligence tool for Telegram. In this policy we refer to ourselves as "we", "us", or "the Service". Contact: support@telegramscrap.com.

2. Data we collect

2.1 From you (the account holder):

  • Email address (to authenticate you)
  • Your Telegram phone number (to let Telegram's official API identify you)
  • Your encrypted Telegram session (stored server-side, AES-GCM encrypted)
  • Stripe billing information (name, country, last 4 digits of card - Stripe is the data processor)
  • Usage analytics: pages viewed, extractions run, timestamps

2.2 From Telegram groups you analyze:

  • Member profile fields that Telegram already exposes to group members: user ID, first name, last name, username, last-seen status, Telegram Premium flag
  • Message metadata from public messages: sender ID, date, text content (used to compute engagement metrics, never persisted as raw text)
  • Phone numbers only when members have explicitly opted to show their phone to others in their Telegram privacy settings

We do not collect private chats, direct messages, or any data that Telegram does not expose to a regular member of the group.

3. Legal basis (GDPR)

For account holders in the EU/EEA/UK:

  • Contract (Art. 6(1)(b) GDPR): processing necessary to deliver the Service you've subscribed to
  • Legitimate interest (Art. 6(1)(f)): fraud prevention, service security, product analytics
  • Consent (Art. 6(1)(a)): for non-essential analytics cookies, where applicable

For Telegram members whose data you analyze through our Service, the lawful basis is your own legitimate interest as the data controller. You remain responsible for ensuring your use is compliant with applicable laws (including GDPR, CCPA, and Telegram's Terms of Service). See our Terms for details.

4. How we use data

  • Deliver the extraction, analysis, and reporting features you explicitly request
  • Bill you and maintain your subscription
  • Detect and prevent abuse, spam, and account fraud
  • Improve product quality through aggregated, de-identified usage statistics
  • Respond to support requests and legal obligations

We do not sell your personal data. We do not use extracted member data to train machine-learning models.

5. Sub-processors

The following third parties process data on our behalf:

  • Google Firebase (Firestore, Auth) - database and authentication, EU + US regions
  • Stripe - payments processing, EU + US
  • Vercel - frontend hosting, global CDN
  • Render - backend hosting, US
  • Telegram LLC - official MTProto API for data retrieval (we only read what Telegram shows you)

6. Data retention

  • Your account + subscription data: while your account is active, plus 12 months after closure for legal/accounting obligations
  • Extraction snapshots: retained until you delete them or your account is closed
  • Encrypted Telegram sessions: deleted immediately on logout or account closure
  • Backups: rolling 30-day window

7. Your rights

Under GDPR and similar regimes, you have the right to:

  • Access the personal data we hold about you
  • Correct or update inaccurate data
  • Request deletion of your account and all associated data
  • Export your data in a portable format (CSV)
  • Withdraw consent for non-essential processing
  • Lodge a complaint with your local data protection authority (e.g. CNIL in France)

Exercise any of these rights by emailing support@telegramscrap.com. We respond within 30 days.

Right of Telegram members you've analyzed:

If a Telegram user whose data has been processed through our Service contacts us directly, we will forward the request to the account holder responsible for the extraction. As the data controller of that extraction, they are responsible for honoring the request.

8. Security

Telegram sessions are encrypted at rest with AES-GCM using a 256-bit key. Data in transit is TLS 1.2+. Access to production systems is limited to essential personnel with 2FA. We conduct internal reviews at minimum once per quarter.

9. International transfers

Some of our sub-processors are based in the US. Transfers are covered by Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework where applicable.

10. Changes

We'll post material changes on this page and update the "Last updated" date. Significant changes will be emailed to active subscribers.

Questions? support@telegramscrap.com