tlgrm

Application Disclaimer

Last updated: May 2026 · Applies to: tlgrm operated by tlgrm

This disclaimer is provided to ensure full transparency about how tlgrm is built, maintained, and the inherent limitations that apply to any software operating in regulated domains. By using tlgrm you acknowledge and accept the statements set out below.

1. Technology-Assisted Development Notice

Parts of tlgrm — including code, documentation, configuration files, and compliance templates — were created with the assistance of AI-powered development tools (including large-language-model code assistants). We believe in transparency about how our product is built.

  • AI-assisted development: Certain features, boilerplate, and documentation were drafted or refined using AI tools. Every AI-generated artifact has been reviewed, tested, and approved by a human engineer before being merged into the production codebase.
  • Human oversight applied: All security-sensitive code paths (authentication, billing, data access controls, audit logging) have undergone manual code review. AI outputs are treated as a starting point, not a finished product.
  • No autonomous deployment: No AI tool has the ability to deploy code, modify production databases, or alter infrastructure without explicit human authorisation.

2. Commitment to Compliance

tlgrm is designed with compliance in mind for the following regulatory frameworks:

  • GDPR (EU) 2016/679: We apply data-minimisation, purpose-limitation, and storage-limitation principles. Data subject rights requests are honoured within the statutory timeframes. Where required, we execute Data Processing Agreements with sub-processors.
  • HIPAA (US): Where tlgrm is used in a healthcare context, we apply appropriate administrative, physical, and technical safeguards as required under the HIPAA Security Rule. Prospective covered entities should contact us to execute a Business Associate Agreement (BAA) before processing protected health information.
  • India IT Act 2000 & DPDPA 2023: We comply with the Information Technology Act 2000, the IT (Amendment) Act 2008, and the Digital Personal Data Protection Act 2023. Users in India have the right to access, correct, and erase their personal data as provided under applicable law.

Compliance is an ongoing process. We conduct periodic internal reviews and engage external advisors to assess our posture as regulations evolve.

3. Acknowledgement of Inherent Limitations

Despite our best efforts, you should be aware of the following limitations:

  • No perfect system: No software is entirely free from bugs, security vulnerabilities, or unexpected behaviour. We follow industry best practices (OWASP Top 10, WCAG 2.1 AA, TLS 1.2+, AES-256 at rest) but cannot guarantee absolute security or zero-defect operation.
  • AI development considerations: AI-assisted code generation may occasionally produce outputs that contain subtle logic errors, outdated patterns, or incomplete handling of edge cases. Our review processes are designed to catch such issues, but we cannot warrant that every AI-generated line has been exhaustively validated against all possible inputs.
  • Evolving regulations: Data-protection and privacy laws change frequently. While we monitor regulatory developments, there may be a lag between a regulatory change and our product update. We will notify users of material compliance changes via the notice mechanism described in Section 4.
  • Third-party limitations: tlgrm integrates with third-party services (Telegram API, cloud infrastructure, payment processors, analytics). We cannot control the availability, security, or regulatory compliance posture of those third parties. We perform due diligence when selecting sub-processors and execute Data Processing Agreements where required, but we are not liable for third-party failures beyond our reasonable control.
  • Telegram data: tlgrm accesses Telegram channel and group content via the official Telegram API. We do not control the content published in third-party channels. Users are responsible for ensuring their use of aggregated Telegram data complies with Telegram's Terms of Service and applicable copyright law.

4. What We Do to Mitigate Risk

We take the following concrete steps to manage the risks described above:

  • Periodic reviews: We conduct quarterly internal security and compliance reviews, and an annual external penetration test. Findings are triaged and remediated according to severity within defined SLAs.
  • Audit trail: Every data-access and data-modification event is recorded in an immutable audit log retained for six to seven years. This log can be produced to demonstrate compliance in the event of a regulatory inquiry or litigation.
  • User rights fulfilment: We maintain a documented process for handling data subject access requests (DSARs), correction requests, erasure requests, and portability requests. Requests are acknowledged within 72 hours and completed within 30 days (or the statutory period if shorter).
  • Breach notification: In the event of a personal data breach that poses a risk to individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and affected users without undue delay, as required by GDPR Art. 33–34 and equivalent provisions in other applicable laws.
  • Dependency management: We use automated dependency scanning tools to identify known vulnerabilities in our software supply chain and apply patches promptly.

5. Your Rights and Options

Regardless of the limitations described above, you retain the following rights with respect to your personal data held by tlgrm:

  • Access: Request a copy of the personal data we hold about you, including audit-log metadata relating to your account.
  • Correct: Ask us to correct inaccurate or incomplete personal data.
  • Export: Receive your account data in a structured, commonly used, machine-readable format (JSON or CSV).
  • Withdraw consent: Where processing is based on your consent, withdraw that consent at any time via Settings → Privacy → Consent Management without affecting the lawfulness of processing carried out before withdrawal.
  • Close account: Delete your account and request erasure of your personal data via Settings → Account → Close Account. Residual data retained for legal compliance (e.g., billing records, audit logs) will be held only for the minimum period required by law and will not be used for any other purpose.

To exercise any of these rights, contact us at [email protected].

6. Reporting a Concern

If you have a concern about how tlgrm handles your data or believe we have failed to meet our compliance obligations, please contact us first:

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory or regulatory authority:

  • EU / EEA users: Your national Data Protection Authority (DPA). A full list is available at edpb.europa.eu.
  • UK users: The Information Commissioner's Office (ICO) at ico.org.uk.
  • India users: The Data Protection Board of India, established under the Digital Personal Data Protection Act 2023.
  • US users (healthcare context): The U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) at hhs.gov/ocr.

Questions about this disclaimer? Email [email protected].