Privacy Policy

This Privacy Policy explains how MetaMind ("MetaMind", "we", "us", "our") collects, uses, shares, and protects information when you use our AI agent products delivered through Telegram (the "Service"). It is incorporated into the Terms of Service by reference.

If you do not agree with this Policy, do not use the Service.

Plain-language summary. We collect what is needed to run a Telegram bot, deliver AI responses, and bill you in Stars. We use Anthropic's Claude API to generate responses; conversations are processed there under terms that prohibit training on your data. We do not sell your data, and we do not use it to train AI models. You can request export or deletion at any time.

1. Who we are and how to contact us

Controller of your data: MetaMind, an unincorporated online service operated from US-located infrastructure. The natural person responsible for the operation of MetaMind is identifiable upon lawful request to operator [at] metamind [dot] team.

Email (primary contact): operator [at] metamind [dot] team
In-bot: the /paysupport command for payment-related deletion requests, and account-deletion requests by email.

We do not currently maintain a Data Protection Officer or an EU/UK Article 27 representative. If you reside in the EEA, the United Kingdom, or Switzerland, see Section 14 for the practical implications.

2. Scope

This Policy applies to information we process about you when you interact with our Telegram bots, mini-apps, and supporting websites. It does not cover:

the Telegram messenger itself (governed by Telegram's privacy policy);
third-party services you reach through links in our content;
the Anthropic Claude API, which acts as our sub-processor for AI inference (see Section 6).

3. Information we collect

3.1 Information you give us through Telegram

When you start a conversation with one of our Agents, Telegram passes us the following from your Telegram account:

Telegram user ID (a numeric identifier),
Telegram username (if you have one set),
First and last name (as set in your Telegram profile),
Language code (your Telegram-preferred language).

We do not receive your Telegram phone number, email, contacts, or other Telegram profile data unless you separately provide them in conversation.

3.2 Conversation content

Any messages, files, voice notes, images, or other content you send to an Agent (your "Inputs") and the Agent's responses (the "Outputs"). Together these are your User Content, as defined in the Terms of Service.

3.3 Payment and billing data

For purchases made through Telegram Stars:

Stars purchase metadata: telegram_payment_charge_id, payload identifier, Stars amount, timestamp, currency code (XTR).
Subscription state: plan tier, start/end dates, status (trial / paid / expired / refunded).
Wallet ledger entries: credit grants, decrements per Agent invocation, refunds.

We do not receive or store your credit card or other payment-instrument data. That data is held by Telegram and the platform you used to purchase Stars (e.g., Apple, Google, @PremiumBot).

3.4 Operational and security data

Bot logs (timestamps, command names, error states) for debugging, abuse prevention, and rate limiting.
Webhook delivery records from Telegram (delivery IDs, retry counts).
Audit events (consent acceptance, account-deletion requests, payment events).

3.5 Information you choose to share with an Agent

You decide what to tell an Agent. Some Agents (especially the Companion product line) may invite you to share personal information, preferences, or feelings. Do not share information you would not be comfortable storing in a third-party AI service. Avoid sharing highly sensitive data (such as government identification numbers, full payment-card numbers, or precise medical records) unless an Agent specifically asks for it for a documented purpose.

3.6 What we do NOT collect

We do not access your Telegram messages with anyone other than our Agents.
We do not read your Telegram contacts or chat list.
We do not track your location, except inferring an approximate region from Telegram's language_code and request metadata at most.
We do not place advertising cookies; we do not advertise.

4. How we use information

We process your data for the following purposes and on the following lawful bases:

Purpose	Lawful basis (GDPR-style)
Operate the Agent you chose (deliver responses, maintain memory)	Performance of contract
Process Stars payments and subscriptions	Performance of contract
Maintain security, prevent fraud and abuse	Legitimate interest
Improve the safety, reliability, and quality of the Service (debugging, analytics, regression detection)	Legitimate interest
Communicate with you about service issues, refunds, or material changes	Performance of contract / Legitimate interest
Comply with applicable law and respond to lawful requests	Legal obligation

We will not use your User Content for purposes incompatible with the ones above without giving you notice and, where required, asking for consent.

5. Memory and AI model handling

Some Agents maintain a persistent memory store so they can recall preferences, prior decisions, and context across sessions. Memory is provisioned per Agent and per user.

Where it lives: persistent memory is stored in our AI sub-processor's managed-memory infrastructure (currently Anthropic, see Section 6), in a store scoped to your bot.
What goes in: preferences, project context, decisions, and content the Agent has determined is worth keeping. Conversation transcripts are not automatically dumped into memory; we operate guardrails (audit thresholds on large writes) to discourage that anti-pattern.
Your control: you may inspect and request deletion of memory at any time via the channels in Section 12.
Archival is one-way: when memory is archived (at your request, or on account deletion), it is permanently removed from active systems and cannot be restored.

Model training — what we do not do

We do not use your User Content to train or fine-tune any large language model, ours or a third party's.
Our use of the Anthropic Claude API is governed by Anthropic's commercial terms, which do not train models on customer prompts and outputs by default.
We do not sell User Content, and we do not share it with advertisers or data brokers.

6. Sub-processors and third parties

We rely on a small number of third parties to operate the Service. These are our sub-processors:

Sub-processor	Purpose	Data shared	Location
Telegram (Telegram FZ-LLC and affiliates)	Messaging transport, Stars payment facilitation	Bot conversation traffic; Stars purchase metadata	Global; primarily UAE / EU
Anthropic PBC	AI model inference and agent infrastructure	Your Inputs and resulting Outputs; persistent memory contents; any image, voice, or document files you submit	United States
Langfuse GmbH	AI observability and abuse detection	Conversation traces (prompts and responses) and operational metadata associated with Agent invocations	European Union (Germany)
Railway Corp.	Cloud hosting infrastructure	Operational data, billing ledger, audit logs, file artefacts	United States

Files you submit to an Agent (images, voice notes, documents, other attachments) may be processed by our AI sub-processor as part of the inference call and retained briefly for the session. The persistent memory store described in Section 5 is a separate store with the retention rules in Section 8.

We may add or change sub-processors. Material changes will be reflected in the version history below; significant changes (new categories of sub-processor or new data categories shared) will be announced in-bot or by email at least 30 days before they take effect.

We do not share your information with third parties other than (i) the sub-processors above, (ii) when required by law or lawful process, (iii) to protect the rights, safety, or property of MetaMind or others, or (iv) in connection with a merger, acquisition, or sale of substantially all assets, with notice to you.

7. International transfers

Your data is processed in the United States and in the locations of our sub-processors listed above. If you access the Service from outside the United States, you understand and consent to your information being transferred to and processed in the United States and other jurisdictions, which may have data-protection laws different from those in your country.

For users in the EEA, UK, and Switzerland, we rely on the relevant Standard Contractual Clauses (SCCs) and equivalent transfer mechanisms maintained by our sub-processors with respect to their handling of personal data on our behalf. We do not separately execute SCCs at the user level at this launch stage. See Section 14.

8. Retention

We keep different categories of data for different periods, balancing service quality, security, and legal obligations:

Category	Default retention
Active conversation history (last N turns kept hot for context)	Up to 30 days rolling
Persistent memory entries	Up to 12 months of inactivity, after which the entry is automatically scheduled for deletion unless you renew interaction with the Agent
Bot logs and webhook delivery records	Up to 30 days for general logs; 24 months for security-relevant audit logs
Payment and transaction metadata (Stars charges, refunds, ledger)	At least 7 years to meet accounting and tax-related obligations
Backup snapshots (database and object storage)	Up to 30 days rolling, after which snapshots are overwritten
Account record itself (Telegram ID, consent state, role memberships)	For the life of the account, and a short administrative period after deletion to confirm processing
Consent records (your ToS/Privacy/AUP acceptance, including which version, when, and how)	For the life of the account plus 6 years to support compliance with statutes of limitations on contract and consumer-protection claims.

These windows are defaults; specific Agents may apply tighter limits, which take precedence.

9. Your rights

Subject to applicable law, you have the right to:

Access — request a copy of personal data we hold about you.
Rectify — ask us to correct inaccurate or incomplete data.
Erase — ask us to delete your account and associated data, subject to lawful retention obligations (see Section 8).
Restrict or object — ask us to pause or stop certain processing. Tell us specifically what processing you want paused or stopped (e.g., "pause my memory writes", "stop using my data for service improvement"). We will acknowledge within 5 business days and confirm action within 30 days. Some restrictions may require terminating Agent functionality that depends on the processing in question; we will tell you which features will become unavailable before acting.
Portability — ask for an export of your User Content in a common, machine-readable format.
Withdraw consent — where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Complain — lodge a complaint with a data-protection authority, including (for EEA/UK users) your local supervisory authority.

How to exercise these rights. Write to operator [at] metamind [dot] team from the email associated with your account, or send /paysupport from the Telegram account in question, and tell us which right you are exercising.

Access / portability request. Tell us you would like a copy of your User Content and account data. We will acknowledge within 5 business days and deliver a machine-readable export (JSON, plus any media files as a ZIP archive) within 30 days. The export includes: your account record, your consent state, your conversation transcripts retained at the time of request, your persistent memory entries, your subscription and wallet ledger entries, and your audit-event records. It does not include data we are required to redact (for example, references to third parties whose data is mixed with yours) or system data that is not "personal data" about you.
Rectification. Tell us what is inaccurate or incomplete. We will acknowledge within 5 business days and correct the record within 30 days where the correction is within our control.
Erasure / restriction / objection. See Section 12 for the deletion workflow and timeline.

We may ask for additional information to verify your identity before acting on a request, particularly where the request asks for sensitive data export or where the requester cannot demonstrate control of the associated Telegram account.

Disputes about how we handle your personal data — including refusal of a deletion or export request, alleged misuse, or alleged failure to meet a retention or security commitment — are subject to the dispute-resolution provisions in Section 14 of the Terms of Service, including the obligation to attempt informal resolution first, the binding individual arbitration agreement, and the class-action waiver. The 30-day opt-out described in Section 14.7 of the Terms of Service applies to those provisions.

10. Security

We use technical and organisational measures appropriate to the sensitivity of the data and to a small operator's resources, including:

transport encryption between Telegram, our infrastructure, and our sub-processors;
encryption at rest for managed databases and object storage on Railway;
secret management for API keys and tokens; periodic credential rotation;
access control limited to operators who need it; audit logging for memory writes above a configurable size threshold;
prompt-injection awareness in Agent design (e.g., distinguishing trusted preferences from user-supplied text in memory).

No system is perfectly secure. We will notify affected users and, where required, regulators, in the event of a personal-data breach likely to result in a risk to your rights and freedoms, in accordance with applicable law.

11. Data-breach notification

If we become aware of a personal-data breach — defined as an event involving accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data we process — we will:

Investigate and contain the breach as our first priority, with the support of our hosting and sub-processor partners as appropriate.
Notify affected users without undue delay where the breach is likely to result in a risk to your rights and freedoms (for example, exposure of message content, exposure of payment metadata in a way that could enable fraud, or exposure of memory contents). Notice will go to the email address you have provided and, where appropriate, by in-bot message.
Notify supervisory authorities where applicable law requires us to do so, within the timeline that law specifies. We do not commit to a fixed numerical timeline outside of applicable-law requirements.
Provide a post-incident summary to affected users once the investigation is sufficient to support one, including the nature of the breach, the categories of data involved, the steps we have taken in response, and the steps you can take to protect yourself.

A breach that is unlikely to result in a risk to your rights and freedoms (for example, a contained internal access-control incident with no exfiltration) may not trigger user notification but will be logged in our internal incident records.

As operational targets, we aim to notify supervisory authorities (where applicable) within 72 hours of becoming aware of a breach, and affected users within 7 days of confirmation that the breach is likely to result in a risk to their rights and freedoms. These targets may be extended where reasonable investigation requires.

12. Account deletion and data export — how to do it

Email: write to operator [at] metamind [dot] team from the email associated with your account, stating "delete my account" or "export my data". Include your Telegram username (and Telegram user ID if you know it) so we can identify the account.
In-bot: send /paysupport from the Telegram account you wish to delete and tell the operator the request is for account deletion.
Acknowledgment: within 30 days.
Erasure from active systems: within 90 days, subject to lawful retention obligations and backup-rotation timelines (see Section 8).
Backup retention. After erasure from active systems, copies of your data may remain in routine database and object-storage backup snapshots for up to 30 days, after which they are overwritten in the normal course of backup rotation. We do not restore deleted accounts from backup; backup data is used only for disaster recovery and is not accessible to operators in routine support.
Irreversibility: account deletion archives memory upstream with our AI sub-processor; the operation cannot be undone. We will warn you before completing it.

Granular memory deletion. You do not have to delete your entire account in order to remove specific information from an Agent's memory. You may also:

Inspect memory. Ask in conversation what the Agent currently remembers about a specific topic, person, or project (Agents support memory-inspection commands; behaviour varies by Agent — try asking).
Delete a memory entry. Ask the Agent to forget a specific item — for example, "Forget what I said about X." The Agent will remove the corresponding memory entry; the conversation transcript in which you originally said it may still be retained per Section 8 until the rolling retention window expires.
Reset all memory for one Agent. Send /paysupport and ask to reset memory for {agent_name}. We will archive the Agent's memory store for that Agent (one-way, irreversible) without deleting your account or your other Agents' memory.

Granular memory deletion does not affect operational logs, payment metadata, or audit records (see Section 8), which retain their own windows. If you want everything erased, use the full account deletion workflow above.

13. Children

The Service is not directed to children. The minimum age and parental-consent rules are set out in Section 2 of the Terms of Service, and in summary:

Global minimum: 13. You must be at least 13 to use the Service.
EEA, United Kingdom, and Switzerland: 16. If you reside in these regions, the minimum age is 16, and we do not currently operate a parental-consent verification flow for users under 16.
Adult-themed Agents: 18. Some Agents are flagged 18+ at the Agent level and require that age regardless of your jurisdiction.

We do not knowingly collect personal data from anyone below the applicable minimum age. If you believe a child under 13 has provided personal data to the Service, contact operator [at] metamind [dot] team and we will delete it promptly.

We do not currently operate active age-verification for our minimum-age requirements. We rely on the consent attestation in our in-bot consent screen (see Section 3 of the Terms of Service) and on user honesty. If you become aware that a user is below the applicable minimum age, please report it as above.

14. Region-specific notices

14.1 EEA, United Kingdom, and Switzerland

We do not currently maintain an Article 27 / UK GDPR representative. If you reside in these regions, you may still contact us directly at operator [at] metamind [dot] team to exercise your rights, and you retain the right to lodge a complaint with your local supervisory authority. We are evaluating appointing a representative as the Service grows; this Policy will be updated when that changes.

You also have the rights described in Section 9 under the GDPR / UK GDPR. The lawful bases on which we rely are summarised in Section 4. For users under 16 in this region, please see the age restriction in Section 2 of the Terms of Service.

14.2 California, USA

We do not currently meet the thresholds that would make us a "business" under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). If you are a California resident and want to exercise rights you may have under California law, write to operator [at] metamind [dot] team; we will treat such requests with the same process described in Section 12.

We do not "sell" or "share" personal information in the senses defined by the CCPA/CPRA.

14.3 Other jurisdictions

Where local privacy law gives you rights beyond those described in this Policy, those local rights apply to the extent required by law. Contact us at operator [at] metamind [dot] team.

15. Automated decisions and profiling

Agent responses are produced by AI models. The substance of an Agent's response is, by definition, automated. We do not use AI-driven profiling to make decisions that produce legal or similarly significant effects about you (for example, eligibility, credit, employment, or access to legal rights). Pricing and access to features are configured by humans through the same plan structure for all users.

16. Cookies and analytics

We do not place advertising cookies. The Service itself runs inside Telegram and does not expose website-style cookies for our use; where we run a thin web mini-app, we use only the Telegram WebApp init data Telegram provides. Our marketing website at metamind.team uses a small number of first-party cookies for site operation and aggregate visit measurement; the full disclosure, including categories, retention periods, and your choices, lives in our Cookie Policy. We do not deploy third-party analytics SDKs that build advertising profiles on either surface.

17. Marketing and operational messages

We distinguish between two categories of message we may send you:

Operational messages — service-related communications such as payment confirmations, refund updates, account-deletion confirmations, security alerts, and material changes to these documents (per Section 18). These are sent as part of the Service and cannot be unsubscribed from while the account is active; the right way to stop receiving them is to delete the account per Section 12.
Marketing or broadcast messages — non-operational communications such as feature announcements, promotional offers, or other content we think you might be interested in. If we ever send these by email, every email will include a clear unsubscribe link. If we ever send these in-bot, you may opt out by sending /paysupport and asking to be excluded from marketing messages. Opting out of marketing has no effect on your operational messages or your access to the Service.

We do not currently run an email-marketing programme. If we begin one in the future, the policies above will apply from the first message.

18. Changes to this Policy

We may update this Policy. The "Last updated" date at the top of the document reflects the most recent change. For material changes — for example, adding new sub-processors that handle materially different data, or expanding the purposes for which we use User Content — we will give at least 30 days' notice by in-bot message and, where available, email, before the change takes effect.

19. Contact

For privacy-related questions or requests:

Email: operator [at] metamind [dot] team
In-bot: /paysupport (for payment-related privacy questions)