← Back to home

Privacy Policy

Last updated: March 25, 2026

1. Overview

Sovereign is available as both open-source self-hosted software and as a hosted service (SaaS) at web.tgsovereign.com. This Privacy Policy explains how data is handled under each model.

2. Self-Hosted Software

When you self-host Sovereign, all data — including Telegram messages, credentials, and AI model interactions — resides entirely on your own infrastructure. We do not collect, receive, or have access to any data from self-hosted installations. No telemetry, analytics, or tracking of any kind is included in the open-source Software.

3. Hosted Service (SaaS) — Data We Collect

When you use the hosted Service at web.tgsovereign.com, we collect and process the following data to provide and operate the Service:

  • Telegram Session Data — encrypted session tokens and metadata necessary to connect to the Telegram API on your behalf.
  • Message Data — Telegram messages processed by the Service in order to provide AI-powered features. Messages may be temporarily held in memory or cache for processing and are not stored longer than necessary.
  • Payment Information — if you subscribe to a paid plan, payment details are processed by our third-party payment processor. We do not store full credit card numbers.

We only store information strictly necessary to perform the Service. We do not collect email addresses, usage analytics, or any data beyond what is required for core functionality.

4. How We Use Your Data

We use data collected through the hosted Service to:

  • Provide, operate, and maintain the Service.
  • Process your Telegram interactions and deliver AI-powered features.
  • Authenticate your identity and protect against unauthorized access.
  • Comply with legal obligations.

5. Data Storage & Security

Data collected through the hosted Service is stored on secure servers with industry-standard encryption at rest and in transit. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

The hosted Service runs the same codebase that is publicly available as open source. If you discover a security vulnerability, please report it by opening an issue on our GitHub repository.

6. Data Sharing & Third-Party Services

We do not sell your personal data. We may share data with the following categories of third parties as necessary to operate the Service:

  • Telegram API — your messages and session data are transmitted to Telegram to provide core functionality. Subject to Telegram's Privacy Policy.
  • AI Model Providers — message content may be sent to AI providers (e.g. OpenAI, Anthropic) for processing. Data shared with AI providers is subject to their respective privacy policies.
  • Payment Processors — billing data is handled by our payment processor in accordance with PCI-DSS standards.
  • Infrastructure Providers — we use third-party cloud providers to host the Service. Data is processed in accordance with our data processing agreements with these providers.

7. Data Retention

We retain your data only for as long as necessary to provide the Service and fulfill the purposes described in this policy. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g. fraud prevention, dispute resolution).

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate or incomplete data.
  • Deletion — request that we delete your personal data.
  • Portability — request a machine-readable export of your data.
  • Objection — object to certain types of processing.

For self-hosted users, all data resides on your own infrastructure and you have full control at all times.

To exercise any of these rights for the hosted Service, please contact us using the details in Section 12.

9. Cookies & Tracking

The marketing website (tgsovereign.com) does not use cookies or tracking. The hosted Service at web.tgsovereign.com may use strictly necessary cookies for authentication and session management. We do not use advertising or third-party tracking cookies.

10. Children's Privacy

The Software and Service are not directed to children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated revision date. It is your responsibility to review this policy periodically. Continued use of the Software or Service after changes constitutes acceptance of the revised policy.

12. Contact

For privacy-related questions or to exercise your data rights, please open an issue on our GitHub repository.