Privacy Policy — Auto Forward Messages

Summary: We store only what's needed to run your forwarding engine. We never sell your data, never access your messages beyond forwarding, and you can delete everything at any time.

1. Introduction

This Privacy Policy describes how Auto Forward Messages ("we", "our", or "the Service") collects, uses, and protects your information when you use the Telegram bot @Auto_ForwardMessagesBot. By using the Service, you agree to the practices described in this policy.

The Service is operated by Vinay Goyal. If you have questions, contact us at contact@autoforwardmessages.com.

2. Information We Collect

Account data

Your Telegram user ID (assigned by Telegram, not chosen by you)
Your phone number (used to initiate the Telegram login, stored for reference)
A session string (an encrypted authentication token that allows the bot to act on behalf of your account)
Your chosen language preference

Forwarding configuration

Redirection rules you create: names, source/destination channel IDs, and all filter/transform settings
Keyword lists (whitelist, blacklist) you define
Format templates and text replacement rules you configure

Operational data

Message IDs used to track edit/deletion mirroring (not message content)
Content hashes used for duplicate detection (hashes only, not the original content)
Forwarding statistics: daily counts of forwarded/filtered/errored messages per rule
Payment records (order ID, amount, plan, status) for subscription management
Configuration backups (JSON snapshots of your forwarding rules, not message content)

What we do NOT store

The text or content of any messages forwarded through the Service
Your Telegram password (a one-time OTP is used; your password is never transmitted to us)
Your contacts, profile photo, or any other Telegram account data beyond what is listed above

3. How We Use Your Information

Session string: Used exclusively to authenticate your Telegram account and forward messages according to your configured rules. The session is encrypted at rest using AES-128-CBC (Fernet).
Phone number: Displayed to you for reference. Not shared with third parties.
Redirection configuration: Used to execute your forwarding rules. Not analysed or used for any other purpose.
Statistics: Shown to you in the bot to help you understand your forwarding activity.
Payment records: Used for subscription verification and customer support.

4. Data Security

Your session string (Telegram authentication token) is encrypted at rest using Fernet symmetric encryption (AES-128-CBC). The encryption key is stored separately from the database and is never logged.

Access to our database is restricted to necessary operational processes only. We use PostgreSQL with SSL connections and secure credential management.

No security system is perfect. While we take reasonable precautions to protect your data, we cannot guarantee absolute security.

5. Third-Party Services

We use the following third-party services to operate the platform:

Telegram: The underlying messaging platform. Your use of Telegram is subject to Telegram's Privacy Policy.
Railway.app: Cloud hosting infrastructure where the bot runs. Subject to Railway's Privacy Policy.
Razorpay: Payment processing for Indian users. Subject to Razorpay's Privacy Policy.
PayPal: Payment processing for international users. Subject to PayPal's Privacy Policy.

We do not sell, rent, or share your personal information with any other third parties.

6. Your Rights & Data Deletion

You have full control over your data:

Disconnect your account: Use the Disconnect option in the bot settings. This clears your session string, stops your engine, and removes your authenticated access.
Delete all data: Contact us at contact@autoforwardmessages.com to request complete deletion of all your data from our systems. We will process deletion requests within 30 days.
Export your configuration: Use the Export Backup feature in the bot to download all your forwarding rule configuration at any time.
Revoke session from Telegram: You can revoke our access directly from Telegram → Settings → Devices at any time, independently of our service.

7. Data Retention

Message maps (used for edit/delete mirroring): automatically deleted after 30 days
Content hashes (duplicate detection): automatically deleted after 7 days
Forwarding statistics: automatically deleted after 90 days
Configuration backups: 6 most recent snapshots kept; older ones are automatically removed
Account data: retained until you disconnect and request deletion

8. Children's Privacy

The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at contact@autoforwardmessages.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by sending a message through the bot. The "Last updated" date at the top of this page will always reflect the most recent revision.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data: