Privacy Policy

Last Updated: November 17, 2025

Welcome to Wysper ("we," "our," "us").

We are committed to protecting your privacy and ensuring that your personal information is handled securely and transparently. This Privacy Policy explains how we collect, use, share, and protect your information when you use our Customer Relationship Management (CRM) platform for Telegram Business (the "Service").

By using Wysper, you agree to the collection and use of your information in accordance with this policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Account Information

When you register and use our Service, we collect:

  • Name: Your first and last name for account identification.
  • Email Address: Used for account creation, authentication, service notifications, and support communication.
  • Password: Encrypted and stored securely for account access.
  • Payment Information: Billing details processed through third-party payment processors (we do not store full credit card numbers).

1.2 Telegram Integration Data

To provide CRM functionality for Telegram Business, we collect and process:

  • Telegram Account Information: Session data, authentication tokens, and account identifiers necessary to connect your Telegram account(s) to Wysper.
  • Messages and Conversations: Content of messages exchanged through the platform for CRM purposes (viewing, organizing, responding).
  • Contact Information: Names, usernames, and other identifiers of individuals you communicate with via Telegram.
  • Media Files: Images, videos, documents, and other files shared through conversations that you choose to store or process via Wysper.

1.3 Business Data

Data you create or upload while using our CRM features:

  • Tags and Labels: Custom categorizations you create for organizing contacts and conversations.
  • Notes: Personal or business notes you add to contacts or conversations.
  • Transaction Data: Payment processing information related to your business activities conducted through the platform.
  • Analytics Data: Metrics and statistics about your business performance generated by the Service.

1.4 Usage and Technical Data

We automatically collect information about how you use the Service:

  • Device Information: Device type, operating system, browser type, and version.
  • Log Data: IP address, access times, pages viewed, referral URLs, and feature usage patterns.
  • Cookies and Tracking: Session cookies, preference cookies, and analytics data collected through cookies and similar technologies.
  • Performance Data: Error logs, system diagnostics, and performance metrics to maintain service quality.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Provision and Operation

  • Enable Telegram account connection and CRM functionality
  • Display and synchronize your conversations and contacts
  • Process and facilitate payment transactions
  • Store and organize your business data (tags, notes, media)
  • Provide customer support and respond to inquiries

2.2 Service Improvement and Development

  • Analyze usage patterns to improve features and user experience
  • Identify and fix technical issues and bugs
  • Develop new features and functionality
  • Optimize system performance and reliability

2.3 Security and Compliance

  • Authenticate users and prevent unauthorized access
  • Detect and prevent fraud, abuse, or security threats
  • Comply with legal obligations and enforce our Terms of Service
  • Respond to legal requests from authorities

2.4 Communication

  • Send transactional emails (account verification, password resets, billing notifications)
  • Provide important service updates and security alerts
  • Send optional marketing communications (with your consent, opt-out available)

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

3.1 Service Providers

We work with trusted third-party service providers who assist in operating our Service:

  • Cloud Hosting: Infrastructure providers for data storage and server hosting
  • Payment Processors: Third-party payment gateways (Stripe, Unlimit, Smart Glocal, etc.)
  • Email Services: Email delivery and communication platforms
  • Analytics: Tools for understanding service usage and performance

These providers are contractually bound to protect your data and use it only for the specified purposes.

3.2 Telegram

Our Service integrates with Telegram's API. Data exchanged with Telegram is subject to Telegram's Privacy Policy and Terms of Service. We do not share your data with Telegram beyond what is necessary for API functionality.

3.3 Legal Obligations

We may disclose your information when required by law, including:

  • Compliance with court orders, subpoenas, or legal processes
  • Responding to government or regulatory requests
  • Protecting our rights, property, or safety, or those of our users or the public
  • Investigating fraud, security threats, or Terms of Service violations

3.4 Business Transfers

If Wysper is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and its impact on your data.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data in transit is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted.
  • Access Controls: Strict internal access controls and authentication requirements.
  • Regular Audits: Periodic security assessments and vulnerability testing.
  • Secure Infrastructure: Hosting with reputable cloud providers that maintain SOC 2 and ISO certifications.
  • Password Protection: Passwords are hashed and salted using strong cryptographic algorithms.

Important: While we take extensive precautions, no system is completely secure. We cannot guarantee absolute security and recommend using strong passwords and enabling two-factor authentication where available.

5. Data Retention

Active Accounts: We retain your data for as long as your account remains active and you continue using the Service.

Account Deletion: When you delete your account, we provide a 30-day grace period during which you can export your data. After 30 days, we permanently delete your personal information and business data.

Legal Requirements: We may retain certain information longer if required by law, for legal compliance, dispute resolution, or fraud prevention.

Backups: Deleted data may persist in backup systems for up to 90 days but will not be used for operational purposes.

6. Your Rights and Choices

Under GDPR and applicable data protection laws, you have the following rights:

6.1 Access and Portability

  • Access: Request a copy of the personal data we hold about you.
  • Data Export: Download your data in a machine-readable format (JSON/CSV) from your account settings.

6.2 Correction and Updating

  • Update your account information directly in your profile settings.
  • Contact us to correct inaccurate or outdated information we cannot change through the interface.

6.3 Deletion (Right to Be Forgotten)

  • Delete your account and associated data through account settings or by contacting us.
  • Note: Deletion may be delayed or restricted if required for legal compliance or ongoing investigations.

6.4 Restriction and Objection

  • Request restriction of processing in certain circumstances.
  • Object to processing based on legitimate interests.

6.5 Marketing Communications

  • Opt out of marketing emails using the unsubscribe link in any promotional email.
  • You will continue to receive essential transactional and account-related emails.

6.6 Cookies

  • Manage cookie preferences through your browser settings.
  • Note: Disabling essential cookies may impact Service functionality.

To exercise these rights, contact us at: contact@wysper.io

We will respond to requests within 30 days as required by GDPR.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

7.1 Essential Cookies

Required for basic Service functionality:

  • Session authentication and security
  • User preferences and settings
  • Load balancing and performance optimization

7.2 Analytics Cookies

Help us understand Service usage and improve user experience:

  • Page views and navigation patterns
  • Feature usage statistics
  • Error tracking and diagnostics

7.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may prevent proper Service operation.

8. Third-Party Services and Links

External Links: Wysper may contain links to third-party websites or services (including Telegram). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before sharing information.

Third-Party Integrations: Data shared with integrated services (payment processors, Telegram API) is subject to their respective privacy policies.

9. International Data Transfers

Wysper operates primarily within the European Union. However, our service providers may process data in other countries. When data is transferred outside the EU/EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Service providers certified under the EU-U.S. Data Privacy Framework (where applicable)
  • Other legally recognized transfer mechanisms

10. Children's Privacy

Wysper is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal data, we will delete it immediately. If you believe a child has provided information to us, please contact us at contact@wysper.io.

11. Your Responsibilities

As a User of Wysper, you are responsible for:

  • Your Clients' Privacy: Obtaining necessary consents from individuals you communicate with via the Service and complying with applicable privacy laws regarding your own business activities.
  • Data Security: Maintaining the confidentiality of your login credentials and taking appropriate measures to secure your account.
  • Lawful Use: Using the Service only for lawful purposes and in compliance with all applicable laws and regulations.

Important: Wysper provides infrastructure tools. You are solely responsible for your own privacy practices and compliance with laws governing your business activities.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification: We will notify you of material changes via email or by posting a prominent notice on our website at least 30 days before changes take effect.

Review: We encourage you to review this Privacy Policy periodically. The "Last Updated" date at the top indicates when the most recent changes were made.

Continued Use: Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Data Protection Officer and Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

📧 Email: contact@wysper.io

🌐 Website: https://wysper.io

EU Data Subject Rights: If you are located in the EU/EEA and wish to exercise your rights or file a complaint, you may also contact your local data protection authority.

14. Legal Basis for Processing (GDPR)

For users in the EU/EEA, we process personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service under our Terms and Conditions.
  • Legitimate Interests: Improving our Service, fraud prevention, and security measures.
  • Legal Compliance: Meeting legal and regulatory obligations.
  • Consent: For marketing communications and optional features (consent can be withdrawn at any time).