00Summary
We collect the minimum data needed to deliver a Telegram-based subscription product. We do not run advertising trackers, share or sell personal data, attempt to deanonymise wallet addresses, or fingerprint browser sessions. We do store your Telegram user id, your subscription tier, and the on-chain transaction hashes that paid for your subscription.
01What We Collect
| Category | Specific data | Source | Lawful basis |
|---|---|---|---|
| Identity (minimal) | Telegram numeric user id · optional username | Telegram getUpdates webhook | Contract (delivering the service) |
| Subscription | Tier, start date, renewal status | Bot internal state | Contract |
| Payment | Polygon transaction hash, payer wallet, amount, token, timestamp | Public blockchain | Contract + legitimate interest (anti-fraud) |
| Support | Messages you DM to @OinSignalbot | Telegram getUpdates | Contract |
| Server logs | IP + user-agent only when you call the HTTP API (Pro tier) | nginx access log | Legitimate interest (abuse prevention) |
| Analytics (Wave 5) | Page views, click events — aggregated, no personal identifiers | Self-hosted Plausible (when wired) | Legitimate interest |
We do not collect: your real name, your phone number (Telegram hides it from us), email (unless you DM us one), browser fingerprints, social-media profiles, contacts, location, microphone, or camera.
02How We Use It
- Deliver the service. Match payments to Telegram user ids, mint invite links, expire access at renewal time.
- Respond to support. Read your DMs to
@OinSignalbotand reply. - Prevent fraud. Detect duplicate payments, sanctioned wallets, refund abuse.
- Improve the product. Aggregate signal-engagement metrics (open rates, click-through). No individual profiling.
- Comply with law. Respond to lawful requests (we have very little to give — see retention).
We do not use your data to train models, profile you, sell ads, or build advertising look-alike audiences.
03Sharing
We do not sell, rent, lease, or share personal data with third parties for their independent commercial use. Disclosure is limited to:
- Payment infrastructure — Polygon is a public blockchain. Your wallet's transactions to and from us are inherently public.
- Messaging infrastructure — Telegram processes your messages under its own privacy policy.
- Service providers — the operator's VPS host (currently Hetzner) processes traffic and stores logs subject to their privacy policy.
- Legal compliance — lawful subpoena, court order, or regulator request.
- Sale or merger — in the event of acquisition or operator-entity transfer, subscriber data may transfer to the successor under the same Privacy Policy. Subscribers will receive 30 days' notice.
04Cookies & Tracking
The website currently sets zero cookies. There is no login, no analytics tracker, no advertising pixel, no fingerprinting script. When the public site instruments self-hosted Plausible analytics (Wave 5 of the roadmap), the data captured is page-aggregate (pageview counts, referrer host, country at city-grain) and stored on our own infrastructure — no third-party shipping. When authenticated sessions ship (Wave 6), a single HTTP-only signed session cookie will be set on login.
05Security
We rely on minimal surface area as the primary defence. No passwords are stored on our servers. Bot tokens, OAuth tokens, and payment wallet private keys are stored only in operator-protected environment variables. Off-site encrypted backups run nightly. Despite reasonable precautions, no internet service is perfectly secure; you transmit data to us at your own risk.
06Retention
- Subscription state retained while your subscription is active and for 12 months after the last renewal, for tax-record and dispute-resolution purposes.
- Support messages retained for 24 months.
- Server access logs rotated and deleted after 30 days.
- Anonymised aggregate analytics retained indefinitely (no personal identifiers).
- On-chain transactions are permanent on Polygon and cannot be deleted by us or anyone.
07Your Rights
Depending on your jurisdiction (GDPR in the EU, LGPD in Brazil, CCPA in California, similar regimes elsewhere) you may have rights to:
- Access — ask for a copy of what we store about your subscription.
- Correction — ask us to correct inaccurate data.
- Deletion — ask us to delete bot-internal records (excluding the immutable on-chain payment record, which we cannot delete from Polygon).
- Portability — receive your records in a structured machine-readable format.
- Objection / restriction — object to specific processing.
- Withdraw consent — where processing relies on consent.
- Lodge a complaint — with your local data-protection authority.
To exercise any of the above, DM @OinSignalbot with /privacy-request or email contact@oracleintel.io. We will respond within 30 days.
08Children
The service is not directed to children under 18 and we do not knowingly process data from minors. If you believe a minor has subscribed, contact us and we will revoke access and delete the data.
09International Transfers
Our infrastructure is located in the European Union (Germany). If you access the service from outside the EU, your data is transferred to the EU under standard contractual clauses or equivalent safeguards.
10Third-Party Services
- Telegram — messages and identities are processed under Telegram's privacy policy.
- Polygon (PoS chain) — payment transactions are public and permanent.
- Hetzner Cloud (DE) — VPS host; processes infrastructure logs.
- Let's Encrypt — TLS certificate issuance; receives only the domain name.
We do not embed third-party scripts (Google Analytics, advertising pixels, Intercom, Hotjar, Mixpanel, social-media widgets, etc.) on any public page.
11Changes
Material changes to this Privacy Policy will be announced in the Telegram channel and on this page at least 30 days before they become effective. The current version and version history are available on this page; the version number increments with each material change.
12Contact
Privacy questions and data-subject-access requests: contact@oracleintel.io · in-app: DM @OinSignalbot · subject line "Privacy".