Two modes. Your choice.

1. Who this policy is for

This policy applies to Tryvom telechat (the "Service") and covers two groups of people: account holders (you, the website owner who signs up) and visitors (people who use the chat widget on your site). Different data flows apply to each — we describe both below.

2. The short version

Each widget runs in one of two storage modes, picked by the widget's owner inside their dashboard.

Standard mode (the default) stores chat messages and session info on our servers so visitors can resume the same conversation across browser sessions and devices. Forward-only mode stores nothing about the conversation on our servers beyond a topic↔visitor mapping — visitor messages are relayed straight to Telegram, agent replies are deleted from our database the moment the visitor's browser receives them, and no name/email/IP from the session is kept.

Either way, we never read, sell, share, or train AI on your conversations, and your Telegram group always holds a copy you fully control.

3. What we collect and store

3.1 From account holders (always)

These items are stored regardless of which mode you pick — they're what we need to log you in and route messages to your bot:

• Account details: your name, email address, and a hashed (irreversible) password.
• Telegram bot token: the token you paste during onboarding. Stored encrypted at rest. Used only to forward visitor messages into your group and deliver your replies to visitors.
• Telegram group metadata: the group ID and group title we auto-detect during onboarding, so we know where to send messages.
• Widget customization: brand name, color, avatar initial, welcome message, privacy URL, and any pre-chat form fields you configure.
• Operational logs: minimal request logs (timestamps, IP, status codes) used for abuse prevention and debugging. Rotated and deleted on a short schedule.
• Topic↔visitor mapping: for each conversation, an internal record linking a Telegram topic ID to an anonymous visitor ID, so replies posted in Telegram can be routed back to the right browser. Stored in both modes — without it the widget can't deliver replies.

3.2 From visitors — Standard mode

When the widget owner has Standard mode enabled (the default), we additionally store:

• Chat messages: the text of each message a visitor sends and each reply your team sends back, together with role (visitor/agent), the agent's display name from Telegram, a delivery flag, and the timestamp. Stored so the widget can deliver agent replies and show past conversation when the visitor returns.
• Pre-chat form answers: if the operator configures fields (e.g. name, email), the answers a visitor enters are stored on the session and also shown in the Telegram topic header.
• Anonymous visitor ID: a random identifier generated in the visitor's browser (localStorage) and persisted with the session, so they can resume the same conversation.
• Connection metadata: the IP address and User-Agent of the connecting browser. Used for abuse prevention and to show context in the Telegram topic header.

3.3 From visitors — Forward-only mode

When the widget owner has Forward-only mode enabled, we store much less:

• Anonymous visitor ID: still required, so Telegram replies can be routed back to the right browser. The ID itself contains no personal information.
• Topic↔visitor link: see 3.1 above.
• Agent replies — transiently only: when your team replies in Telegram, the reply is briefly inserted into our database so the visitor's browser can poll for it. The row is deleted the moment that poll completes. After delivery, nothing about the agent's reply remains in our DB.

In Forward-only mode we explicitly do not store: the text of any visitor message, the visitor's name or email, their pre-chat form answers, their IP address, or their User-Agent. Those values are still passed to your Telegram group (so you see context in the topic header) — but we don't keep a copy of them.

4. What we explicitly do not do

In either mode, we don't:

• Read, analyze, or staff-review your conversations as a routine matter.
• Sell, rent, share, or otherwise monetize your messages — to anyone, ever.
• Train machine-learning models on your messages or your visitors' data.
• Run behavioral analytics, ad tracking, or third-party trackers in the widget.
• Use cross-site cookies, advertising identifiers, or browser fingerprinting.

The only times a human at Tryvom would access stored messages are: (a) you explicitly ask us to investigate a delivery problem on your widget, or (b) we are compelled to by valid legal process. In both cases we do the minimum needed and log it. (And in Forward-only mode there's effectively nothing for us to look at — the messages aren't there.)

5. Where your data lives

Standard mode: the conversation sits in two places at once — our database (chat messages + session, plus your account and widget settings) and your Telegram group (the same conversation as topics). The Telegram copy is the one you control directly.

Forward-only mode: the conversation lives in your Telegram group only. Our database holds your account, widget settings, encrypted bot token, and the topic↔visitor mapping — but no message content, no transcripts, no PII from the session.

Telegram's side is governed by Telegram's privacy policy.

6. How we use the data

We use the data we store only to:

• Authenticate you and let you manage your widget.
• Route messages between your visitors and your Telegram group.
• Render the chat widget with your branding.
• Prevent abuse, debug issues, and keep the Service running.

We do not use your data to train AI models, to profile users, or for advertising.

7. Who can see your data

You can see: your account details and widget settings (via the dashboard), and every message in your Telegram group (via Telegram).

We can see: your account details and widget settings. We cannot read your past conversations because we don't store them.

Third parties: only essential service providers needed to run the Service (e.g. our hosting provider, Telegram's Bot API). We never sell data and never share it for advertising.

8. Security

Bot tokens are stored encrypted at rest. Passwords are hashed using industry-standard one-way hashing. Traffic is served over HTTPS. We follow standard practices to protect data, but no system is perfectly secure — if a breach occurs, we'll notify affected users promptly.

9. Cookies and tracking

The marketing site uses no third-party tracking, no advertising cookies, and no analytics that identify you. The chat widget uses localStorage to remember the visitor's anonymous session ID so they can continue the same conversation on return visits. That's it.

10. Your rights

You can, at any time:

• View and update your account details and widget settings in the dashboard.
• Switch storage modes at any time — toggle Standard ↔ Forward-only from your dashboard. Switching to Forward-only doesn't retroactively delete messages already stored under Standard mode; for that, see the bullet below.
• Disconnect your Telegram bot — this immediately stops message routing.
• Delete your account — this cascades and removes your widget configuration, encrypted bot token, all chat sessions belonging to your widget, and all chat messages within those sessions from our database.
• Request a copy of the data we hold about you by emailing the contact below.
• Request deletion of specific chat sessions, historical messages, or your account data by emailing us.

The Telegram-side copy of conversations is not under our control — to remove those you need to delete topics inside Telegram, or delete the group itself.

11. Data retention

• Account & widget configuration: kept while your account is active. Deleted when you delete your account.
• Chat messages and sessions — Standard mode: persisted for as long as your widget is active and not explicitly deleted, so we can deliver replies and let visitors resume the same conversation later.
• Chat messages and sessions — Forward-only mode: visitor messages are never written to our database. Agent replies are written briefly and deleted on the very next visitor poll that delivers them (typically within a few seconds of the agent sending). If a visitor never returns to receive the reply, the row stays in our DB until manually cleaned — we're adding automatic short-TTL cleanup.
• Operational logs: retained for a short window (typically 14–30 days) for security and debugging, then deleted automatically.

We're working on dashboard controls for custom retention windows (e.g. auto-purge messages older than 30 days even in Standard mode). Until then, email us and we'll handle deletion manually.

12. Children

The Service is not directed at children under 13 (or under 16 in the EU). We don't knowingly collect data from children. If you believe a child has provided us data, contact us and we'll delete it.

13. International users

By using the Service you consent to your data being processed on the infrastructure that runs the Service. If you're in a jurisdiction with specific data-protection rights (GDPR, CCPA, etc.), you can exercise them by contacting us.

14. Changes to this policy

We may update this policy as the Service evolves. Material changes will be communicated in-app or via email to account holders. The "Last updated" date at the top reflects the most recent revision.

15. Contact

Privacy questions, data requests, or anything else: email tryvomtech@gmail.com.