Privacy Policy

For your dashboard account, KROOZ is the data controller. For your subscribers' data inside your bot, you are the controller and KROOZ processes that data on your behalf.

Account data: your email, name, and authentication credentials (passwords are hashed; we never store them in plain text).

Operational data: bot tokens and payment-provider keys, which are encrypted at rest and never logged in full.

Subscriber data on your behalf: Telegram user IDs, usernames, language, and subscription state — the minimum needed to grant and revoke access.

Usage and analytics needed to operate and improve the product.

To provide the service, process your platform-fee billing, secure accounts, prevent abuse, and meet legal obligations. We do not sell personal data.

Secrets (bot tokens, provider keys, webhook secrets) are encrypted at rest. Webhook payloads are signature-verified. Payment writes are idempotent. Access is least-privilege via role-based permissions.

Subject to applicable law, you may request access to, correction of, or deletion of your data. Data export and deletion tooling is available for subscriber data so you can meet your own obligations to your members.

We keep data for as long as your account is active and as needed for legal and operational purposes, then delete or anonymize it.

Privacy questions or requests? Use the contact page.