1. Information We Collect

We collect information you provide when you create an account, use GeniGram, or contact us for support.

• Account: Name, email address, profile image (optional), and password (stored only in hashed form). Sign-in may be via email/password or magic link.
• Session: Session token, expiry, IP address, and user agent for security and abuse prevention.
• Telegram connection: We do not store your Telegram session or MTProto session data in our database. Connection and authentication are handled by Telegram (MTProto) and are unique to the device you sign in from. If you use another device, you must connect Telegram on that device as well. We may store minimal identifiers and display information (e.g. which Telegram account is linked, phone number, username, first/last name, avatar) so the app can function.
• Forwarding and credits: Source and destination chat/channel identifiers, job settings (filters, batch size), job status and progress, and credit balance and transaction history. We do not store the text or media of your Telegram messages.
• Referrals: Referral codes and referrer–referred relationships and timestamps.

2. What We Do Not Collect

We do not store the content of your Telegram messages (text or media). Forwarding is done via Telegram’s API in real time. We only store identifiers, job configuration, and aggregate counts (e.g. for credits). We do not keep a copy of your Telegram session or MTProto session in our systems; that is managed by Telegram and is per-device.

3. How We Use Your Information

• Provide, maintain, and improve GeniGram
• Run forwarding jobs and manage credits and referrals
• Secure your account and prevent abuse
• Send magic links, password reset emails, and important notices
• Respond to support requests and comply with law
• Use aggregated, non-personal statistics (e.g. total messages forwarded) for product and marketing purposes

4. Data Security

We use reasonable technical and organizational measures to protect your data: hashed passwords, server-side sessions, HTTPS, and environment-based secrets. Only you can access your own data. We do not store Telegram session strings in our database; connection is handled by Telegram (MTProto) and is per-device.

No system is 100% secure. We cannot guarantee absolute security.

5. Third-Party Services

We use: Better Auth (authentication), PostgreSQL (database), Resend (or similar) for transactional email, and Telegram for forwarding. Your use of Telegram is subject to Telegram’s privacy policy. We do not sell your personal data.

6. Data Retention

We retain your data while your account is active and as needed for the service and legal compliance. When you delete your account, we delete or anonymize your personal data. Aggregated, non-personal statistics may be retained.

7. Your Rights

You can:

• Access and update your profile and Telegram connection in the app
• Delete your account (settings), which permanently removes your account and associated data
• Request a copy of your data or object to processing; contact us for this

If you are in the EU/EEA/UK, you may lodge a complaint with a supervisory authority.

8. Cookies and Local Storage

We use a session cookie for sign-in (essential). Local storage may be used for non-personal UI state (e.g. sidebar preference, current job ID). We do not use advertising or third-party tracking cookies.

9. Children’s Privacy

GeniGram is not directed at children under 13 (or 16 where required). We do not knowingly collect data from children. If you believe we have collected a child’s data, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy. We will post the new version here and update the “Last updated” date. Continued use after the change constitutes acceptance unless the change is material and we require renewed consent.