telegrintelegrin
Sign inStart free

Privacy Policy

How we handle data - in plain English, then in legal English.

Effective: 2026-01-01 · Last updated: 2026-05-19 · Draft pending final legal review.

The 60-second version

We store what we need to make the product work - your account, your setups, signals the AI flagged, conversation history with leads you replied to. We don't sell it. We don't read it for fun. We don't aggregate it across customers.

Encrypted at rest. EU servers. 12-month auto-purge by default. GDPR-compliant. Delete on request, within 30 days.

1. Who we are

Telegrin is operated by Grinfi OU, an Estonian private company (registration no. 16654321), with its registered office in Tallinn, Estonia. We act as the data controller for personal data processed via the Telegrin product.

Contact: support@grinfi.io - privacy queries, GDPR requests. Response within 30 days.

2. What data we collect

Account data

  • Email address (used as login + transactional emails)
  • Hashed password (never stored in clear-text)
  • Display name + workspace name you choose
  • Subscription status (Stripe customer ID, plan tier)

Telegram session data

  • Telegram session token (encrypted at rest with envelope encryption)
  • The phone number you used for Telegram login
  • The Telegram chats you've added to monitor

Operational data

  • Messages flagged by the AI as signals - encrypted at rest
  • Conversation history with leads - encrypted at rest
  • Setup configurations, prompts, keywords, pipeline stages

What we do NOT collect

  • The full chat backlog of any Telegram group - only what the AI surfaces
  • 1:1 direct messages between other users - by design, not accessible
  • Your contacts, your 1:1 direct messages, your "saved messages"
  • Behavioural tracking across the open web (no Facebook pixel, no ad-tech trackers)

3. How long we keep it

  • Account data: while active + 90 days grace, then anonymized
  • Conversation history: default 12 months - configurable 30 days to 36 months
  • IP logs: 90 days, then deleted
  • Billing records: 7 years - required by EU accounting law

4. Who we share it with

Sub-processors under DPAs:

  • Hetzner Online GmbH (Frankfurt) - hosting + database
  • Stripe Inc. (Ireland) - payment processing
  • Anthropic + OpenAI - AI inference (no training-on-input)
  • Sentry.io - error reporting (scrubbed)
  • Postmark / Resend - transactional email
  • Intercom - customer support chat

We do not sell your data. We do not share it for advertising.

5. Your rights (GDPR)

  • Access all data we hold - email support@grinfi.io
  • Correct inaccurate data - self-serve or email
  • Delete your data - self-serve workspace deletion or email request
  • Export in CSV/JSON
  • Restrict processing
  • Object to legitimate-interest processing
  • Complain to a supervisory authority

6. Security

  • TLS 1.3 in transit
  • AES-256 envelope encryption at rest for sensitive fields
  • Bcrypt cost-12 password hashing
  • 2FA (TOTP) available on all accounts
  • Daily encrypted backups + weekly automated restore tests

7. Contact