Privacy Policy and Data Protection for teledisk.net and @telediskbot
Version 1.1 - April 20, 2025
1 Scope of Application
This Policy describes in detail how Teledisk Team (hereinafter "Controller", "Teledisk", "we") processes personal data when the user:
- visits the website www.teledisk.net (hereinafter "Website");
- interacts with the Official Telegram Bot @TelediskBot (hereinafter "Bot").
The Policy is drafted in compliance with:
- Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree 196/2003 as amended;
- other international data protection regulations (e.g., UK DPA 2018, CCPA where applicable);
- Telegram's Terms of Service, Privacy Policy, and Bot Platform Policies.
Using the Website or Bot implies full acceptance of this Policy.
2 Data Controller and Contacts
| Role | Entity | Contact |
|---|---|---|
| Controller | Teledisk Team | support@teledisk.net |
| Internal Privacy Contact | privacy@teledisk.net | |
| Hosting & IaaS | OVH SAS (EU data center) – Processor under Art. 28 GDPR | — |
3 Data Sources
- Directly from the User: messages, forms, commands.
- Indirectly: Telegram API (profile metadata) or HTTP requests (server logs, cookies).
4 Personal Data Collected Through the BOT
| Category | Fields | Required | Technical Source | Notes |
|---|---|---|---|---|
| Profile Data | Phone number, Telegram numeric ID, first name, last name, username, profile photo (file_id) | Phone number and ID required; others if present | getUpdates → message.from |
Creation and maintenance of unique license. |
| Interaction Data | Texts/commands, button clicks, media file_id | Generated through use | Telegram Bot API | Transitory log to process request. |
| Usage/Diagnostic Logs | Event timestamps, chat ID, IP (if forwarded), error traces | Automatic | Backend/Proxy | Separate from user DB, daily rotation. |
| Support Tickets | Conversation content, attachments | Voluntary | Email/Telegram | Stored in encrypted ticket system. |
No special categories of data (Art. 9 GDPR) are required. If the user enters such data in messages, they are only passively processed and deleted upon request.
5 Personal Data Collected Through the WEBSITE
- HTTP access logs (IP, user-agent, URL, date/time, status code);
- Technical session cookies (no profiling cookies);
- Data voluntarily provided in forms (name, email, phone).
We do not use third-party analytics or behavioral tracking.
6 Purposes and Legal Bases (Art. 6 GDPR)
| # | Purpose | Detail | Legal Basis |
|---|---|---|---|
| 1 | Account-license creation/management | Associate license with phone number, verify identity, enforce single-account policy. | Contractual necessity Art. 6(1)(b) |
| 2 | Bot Functionality | Execute commands, send notifications, retrieve content. | Contractual necessity |
| 3 | Security and abuse prevention | Detect spam, brute-force attempts, policy violations. | Legitimate interest Art. 6(1)(f) |
| 4 | Technical operations and troubleshooting | Diagnose crashes, monitor performance. | Legitimate interest |
| 5 | Legal compliance | Satisfy legitimate requests, retain logs (Art. 132 Communications Code). | Legal obligation Art. 6(1)(c) |
| 6 | User support | Handle requests, exercise GDPR rights. | Contractual necessity |
We do not perform marketing, profiling, or automated decision-making (Art. 22 GDPR).
7 Processing Operations and Security Measures
- Collection – The Bot receives data through the encrypted TLS tunnel imposed by Telegram; our servers communicate only with HTTPS Bot API endpoints.
- Transmission – Between Teledisk backend and database: TLS 1.3 with forward secrecy.
- Storage –
- PostgreSQL user tables with transparent encryption (pgcrypto);
- Media and logs on LUKS volumes; keys stored in Hardware Security Module.
- Access controls – Roles, principle of least privilege, MFA, audit logging.
- Backup – Off-site encrypted (GPG AES-256) kept for 30 days, then deleted.
- Environment isolation – Separation of prod-stage-dev networks.
- Vulnerability management – Monthly patches; critical CVEs within 72h.
8 Retention Policy
| Dataset | Retention Period | Deletion Procedure |
|---|---|---|
| License/profile data | Active + 6 months from revocation or deletion | Hard delete DB, encryption keys destroyed; hash on suppression list for 24h. |
| Interaction messages | Rolling 30-day window; beyond that, anonymized. | |
| Diagnostic/security logs | 12 months (legal limit). | |
| Support tickets | 24 months after closure unless legal hold. | |
| HTTP access logs | 7 days, then anonymous aggregates. |
9 Recipients and Communication
- Internal staff bound by confidentiality obligations and GDPR trained;
- External processors: OVH SAS (hosting), Mailgun Inc. (transactional email – EU region) with Art. 28 GDPR agreement;
- Public authorities upon legitimate request.
Data is not sold, rented, or exchanged with third parties for commercial purposes.
10 International Transfers
Processing takes place primarily in the European Economic Area. Any transfers outside the EEA will be through:
- adequacy decisions (Art. 45), or
- Standard Contractual Clauses (Art. 46) with supplementary measures.
11 Data Subject Rights
The user may at any time:
- access their data (Art. 15);
- rectify it (Art. 16);
- request its deletion (Art. 17), within the limits of legal obligations;
- limit or object to processing (Arts. 18-21);
- receive it in a portable format (Art. 20);
- lodge a complaint with the Data Protection Authority.
How to Exercise Your Rights
- Email: support@teledisk.net (subject GDPR Request);
- Bot Command:
/privacyreturns a summary and link to this Policy.
We respond within 30 days (extendable under Art. 12(3) GDPR).
12 Minors
The service is intended for users at least 16 years old (or local digital consent age). Accounts detected below this age will be deleted.
13 User Obligations
The user agrees to:
- provide truthful data and maintain an active phone number;
- not upload illegal content or violate Telegram's Bot Policies;
- consult updates to this Policy.
Improper use may result in license revocation and/or Telegram account ban. Teledisk is not responsible for sanctions imposed by Telegram.
14 Policy Changes
The Policy may be updated for regulatory or technical adjustments. Changes will be communicated:
- on https://www.teledisk.net/privacy, and
- via Bot message
/policy update.
Continuing to use the service after changes equals acceptance.
15 Contacts
- General and privacy inquiries: support@teledisk.net
- Telegram Channel: https://t.me/telediskofficial
Last updated: April 20, 2025