Privacy Controls

Privacy toggles, encryption, and what is never logged

The platform provides several privacy controls that let you manage how your data is handled.

Privacy toggles

Message analytics

Controls whether your messages are included in workspace analytics. See the Analytics page for full details.

On (default): Message content and metadata are included in analytics processing.
Off: Only workspace-level aggregates are tracked. Your message content is not analyzed.

Account runtime isolation

Controls whether the platform can run cost-optimization that shares underlying infrastructure across accounts from different workspaces.

On (default): Each account gets its own isolated runtime process, as described in the Accounts section. No runtime sharing across workspace boundaries.
Off: The platform may use shared runtime infrastructure when cost optimization is active. This has no security implications (tenant isolation is still enforced at the data and proxy layers) but shares compute resources.

Login-code redaction

Controls whether messages from Telegram's system peer (777000) are redacted for rented accounts.

On (default): Messages from peer 777000 are replaced with a placeholder. Login codes and recovery codes are not visible.
Off: These messages appear in the inbox normally. Only available for owned accounts. For rented accounts, this toggle is locked to On and cannot be changed.

What is encrypted at rest

Data	Encryption
Account credentials (API tokens, session files)	AES-256-GCM, keyed per workspace via KMS
Proxy credentials	AES-256-GCM, same key hierarchy
Message content (inbox)	AES-256-CTR at the storage layer
Bot API tokens	AES-256-GCM, workspace-scoped key
Attachments (S3)	AES-256-SSE
Database backups	AES-256, with separate backup key rotated quarterly

What is never logged

The platform explicitly does not log the following:

Plaintext passwords (only bcrypt hashes are stored, with work factor 12)
Telegram authentication codes or 2FA codes
Full credit card numbers (only tokenized references via Stripe)
Crypto wallet private keys or seed phrases
API tokens in request logs (redacted at the ingress layer)
Session file contents (only metadata like "session created at" is logged)
Message content in operational logs (aggregate metrics only, no message bodies)
HTTP request bodies for bot webhooks (only delivery status and latency are logged)

Data access controls

Role	Can view private data
Workspace owner	Full access to all workspace data
Admin	Full access to all workspace data
Operator	Access to accounts and conversations they are assigned to
Viewer	Metadata only. No access to message content, credentials, or session data

Data processing location

All data processing occurs in the platform's infrastructure region (US East). Data is not processed outside this region unless explicitly stated in your subscription agreement. Proxy traffic egresses from the proxy's assigned region, which may differ from the processing region.

Privacy toggles

Message analytics

Controls whether your messages are included in workspace analytics. See the Analytics page for full details.

On (default): Message content and metadata are included in analytics processing.

Off: Only workspace-level aggregates are tracked. Your message content is not analyzed.

Account runtime isolation

Controls whether the platform can run cost-optimization that shares underlying infrastructure across accounts from different workspaces.

On (default): Each account gets its own isolated runtime process, as described in the Accounts section. No runtime sharing across workspace boundaries.

Off: The platform may use shared runtime infrastructure when cost optimization is active. This has no security implications (tenant isolation is still enforced at the data and proxy layers) but shares compute resources.

Controls whether messages from Telegram's system peer (777000) are redacted for rented accounts.

On (default): Messages from peer 777000 are replaced with a placeholder. Login codes and recovery codes are not visible.

Off: These messages appear in the inbox normally. Only available for owned accounts. For rented accounts, this toggle is locked to On and cannot be changed.

What is encrypted at rest

Data	Encryption
Account credentials (API tokens, session files)	AES-256-GCM, keyed per workspace via KMS
Proxy credentials	AES-256-GCM, same key hierarchy
Message content (inbox)	AES-256-CTR at the storage layer
Bot API tokens	AES-256-GCM, workspace-scoped key
Attachments (S3)	AES-256-SSE
Database backups	AES-256, with separate backup key rotated quarterly

What is never logged

The platform explicitly does not log the following:

Plaintext passwords (only bcrypt hashes are stored, with work factor 12)

Telegram authentication codes or 2FA codes

Full credit card numbers (only tokenized references via Stripe)

Crypto wallet private keys or seed phrases

API tokens in request logs (redacted at the ingress layer)

Session file contents (only metadata like "session created at" is logged)

Message content in operational logs (aggregate metrics only, no message bodies)

HTTP request bodies for bot webhooks (only delivery status and latency are logged)

Role

Can view private data

Workspace owner

Full access to all workspace data

Admin

Full access to all workspace data

Operator

Access to accounts and conversations they are assigned to

Viewer

Metadata only. No access to message content, credentials, or session data