Unvory mark

Unvory

Recovery, calm and controlled

Open app

Legal documentation

Privacy Policy

This page explains what personal data Unvory uses, why we use it, how long we keep it, and what rights you may have.

Effective date

[EFFECTIVE_DATE]

Controller

[LEGAL_ENTITY_NAME]

Privacy contact

[CONTACT_EMAIL]

On this page

Who controls your dataScope of this policyData we collectWhere data comes fromProcessing purposes and legal basesCookies and sessionsSharing and third partiesInternational transfersData retentionYour rightsSecurity measuresChildren privacyPolicy changesContact detailsOwner checklist

1. Who Controls Your Data

Data controller: [LEGAL_ENTITY_NAME]

Address: [ADDRESS]

Contact: [CONTACT_EMAIL]

Governing jurisdiction: [JURISDICTION]

2. Scope of This Policy

This policy applies to Unvory, a service that helps restore deleted Telegram messages in eligible channels and supergroups.

3. Data We Collect

  • Telegram account profile data: Telegram ID, username, first name, last name, photo URL.
  • Optional email address you provide.
  • Sign-in session data (session ID, user ID, expiry time).
  • Telegram login data needed to authorize your account (phone, login state, session bytes).
  • Recovery job data: selected chats, status, progress, restored item counters, estimated and charged work units, and error messages.
  • Payment and billing data: package, amount, currency, payment provider references, payment status, checkout link, and network details.
  • Ledger records used to account for purchases and charges.
  • Technical service logs needed for security, troubleshooting, and abuse prevention.

4. Where Data Comes From

  • Telegram Widget sign-in payload.
  • Your direct input (for example phone number, code, password when requested, and optional email).
  • Telegram service responses used to list chats and run recovery.
  • Payment provider events (Cryptomus checkout and webhook updates).
  • Our service infrastructure and operational logs.

5. Why We Process Data and Legal Bases

PurposeLegal basis (typical)
Account sign-in and session managementContract performance / pre-contract steps
Telegram authorization and message recovery operationsContract performance
Payments, billing records, and fraud preventionContract performance and legitimate interests
Service security, abuse prevention, and incident responseLegitimate interests
Compliance and mandatory recordkeepingLegal obligation (where applicable)

6. Cookies and Sessions

We use one strictly necessary session cookie named tg_session. It is used only to keep you signed in and protect account access.

Technical attributes: HttpOnly, Secure, SameSite=None, Path=/.

Session duration is controlled by server configuration (commonly 24 hours in local setup).

7. Sharing and Third Parties

  • Telegram (authentication, chat listing, recovery processing).
  • Cryptomus (payment checkout and payment status updates).
  • Infrastructure providers: [INFRA_PROCESSORS].

We do not sell personal data.

8. International Data Transfers

Depending on your location and provider locations, data may be processed in other countries. Transfer safeguards must be documented in [DPA_TRANSFER_MECHANISM].

9. Data Retention

  • Sign-in sessions expire automatically based on session TTL configuration.
  • Recovery jobs are regularly cleaned up and can be removed after about 90 days.
  • User, payment, and ledger records are kept as needed for service operation, legal compliance, and dispute handling.
  • Detailed retention schedule: [RETENTION_SCHEDULE_DETAILS].

10. Your Rights

Depending on applicable law, you may have rights to access, correct, delete, restrict, object to processing, or request data portability.

To make a request, contact [CONTACT_EMAIL]. Include enough information to verify your identity (for example Telegram user ID and, if relevant, job or payment ID).

You may also have the right to file a complaint with a data protection authority in your jurisdiction.

11. Security Measures

  • Secure session cookie settings and session expiry checks.
  • Server-side access checks for protected operations.
  • Payment webhook signature verification.
  • Temporary media files are deleted after processing.

No unverified certifications are claimed in this policy.

12. Children's Privacy

This service is not directed to children. If you believe a child submitted data, contact [CONTACT_EMAIL].

13. Changes to This Policy

We may update this policy when the service or legal requirements change. The latest version is published on this page with a new effective date.

14. Contact

Privacy contact: [CONTACT_EMAIL]

Controller address: [ADDRESS]

15. Owner Must Fill Before Publishing

  • [LEGAL_ENTITY_NAME]
  • [CONTACT_EMAIL]
  • [ADDRESS]
  • [EFFECTIVE_DATE]
  • [JURISDICTION]
  • [INFRA_PROCESSORS]
  • [DPA_TRANSFER_MECHANISM]
  • [RETENTION_SCHEDULE_DETAILS]

Related document: Cookie Policy