Privacy Policy

Effective date: February 17, 2026

Welcome to Varta, a Telegram antispam bot service ("Service," "we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Telegram bot. By using our Service, you agree to the collection and use of information in accordance with this policy.

01 Data Controller

The data controller responsible for your personal data is:

Name: Daryna Fornalska
Email: [email protected]
Telegram: @Varta_moderator_bot

A Data Protection Officer (DPO) has not been appointed. For any data protection inquiries, please contact the Data Controller at the email address above.

02 Information We Collect

We collect limited information strictly necessary to provide and improve our antispam services:

• User IDs and Usernames: Telegram User IDs and usernames of members in groups where Varta is active, to identify message senders and manage spam flags.
• Group IDs: Telegram Group IDs of groups where the bot is installed.
• Message Content: Text and content of messages sent in groups, processed for spam detection purposes. Messages are analyzed in real time and are not stored after analysis unless flagged as spam.
• Flagged Content: Messages identified as potential spam are temporarily retained for administrator review.
• Admin Language Preference: Language preference set by group administrators.
• AI Chat Interactions: Questions submitted by administrators through the AI chat feature.
• Images and Screenshots: Photos shared in groups or forwarded by administrators for spam analysis.
• Billing Information: For paid subscriptions, billing details are collected and processed exclusively by Stripe. We do not store payment card information.

03 Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b) GDPR): Processing is necessary to provide the antispam service you or your group administrator have requested.
• Legitimate Interest (Art. 6(1)(f) GDPR): Processing message content for spam detection serves the legitimate interest of maintaining safe group environments. We have conducted a balancing test and concluded that the minimal data processed (message text analyzed in real time, not stored long-term) does not override users' rights.
• Consent (Art. 6(1)(a) GDPR): Where applicable, such as for optional AI chat interactions or image analysis initiated by administrators.

04 How We Use Your Information

• Spam Detection and Prevention: Analyzing group messages to identify potential spam using AI models.
• Service Operation: Operating, maintaining, and providing the core functionality of the bot.
• Administrator Review: Allowing group administrators to review flagged content.
• AI Chat Feature: Processing administrator questions to provide relevant responses.
• Image Analysis: Analyzing screenshots and photos for spam detection.
• Communication: Contacting administrators regarding service updates, support, or billing.
• Service Improvement: Understanding usage patterns to improve spam detection accuracy.

05 Sub-Processors and Third-Party Services

We use the following third-party services to process data:

• OpenAI API (OpenAI, L.L.C.) — Used for AI-powered spam analysis and admin chat feature. Data shared: message text content, admin chat questions, and image data (for vision analysis). OpenAI does not use data submitted via its API for training AI models (per OpenAI API Data Usage Policy). Data is processed in the United States.
• Stripe (Stripe, Inc.) — Used for payment processing. Stripe handles all payment card data directly.
• Telegram Bot API (Telegram FZ-LLC) — Used as the communication platform.

06 Data Storage and Retention

• Real-Time Processing: Messages are analyzed in real time for spam detection and are not stored after analysis unless flagged.
• Flagged Content: Content flagged as spam is retained for administrator review and is automatically deleted after 90 days.
• AI Chat Interactions: Administrator questions submitted through the AI chat feature are processed in real time and are not stored on our servers. They are transmitted to OpenAI API for processing and are subject to OpenAI's data retention policy.
• User Statistics: Aggregated usage statistics (message counts, trust scores) are retained for the duration of the group's use of the Service. Statistics are deleted within 12 months after the group removes the bot, or upon request by a group administrator, whichever comes first.
• Data Location: Primary data is stored on secure servers located in the European Union (Finland). Data may also be processed in the United States through our sub-processors (see Section 5).

07 Automated Decision-Making

Varta uses automated processing, including artificial intelligence, to analyze messages and determine whether they constitute spam. Based on this analysis, the bot may automatically take actions such as deleting messages, restricting users, or flagging content for administrator review.

You should be aware of the following regarding automated decisions:

• Automated spam detection decisions are made in real time to protect the group environment.
• No automated decision results in permanent consequences without the possibility of human review. Group administrators can review all flagged content and reverse any automated action taken by the bot.
• If you believe your message was incorrectly flagged or removed, you may contact the group administrator to request a review.
• Group administrators retain full control over the bot's behavior and can adjust sensitivity settings, whitelist users, or disable automated actions at any time.

Under GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. If you believe an automated decision by Varta has significantly affected your rights, you may contact us to request human review of that decision.

08 Your Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate personal data.
• Right to Erasure ("Right to Be Forgotten"): You have the right to request deletion of your personal data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You have the right to object to processing of your personal data based on legitimate interest.
• Right to Restrict Processing: You have the right to request restriction of processing in certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right Related to Automated Decision-Making: You have the right to request human review of automated decisions that significantly affect you (see Section 7).

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days as required by GDPR. If we need additional time, we will inform you of the reason and extension period (up to 60 additional days).

You also have the right to lodge a complaint with a supervisory authority in your country of residence.

09 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay.

10 International Data Transfers

Varta is available worldwide and supports 33 languages. Your data is primarily stored in the European Union (Finland). Some data may be processed in the United States by our sub-processors (OpenAI, Stripe). For transfers of personal data from the EEA, we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards as required by applicable law.

11 Cookies

Our website may use essential cookies necessary for the website to function properly (e.g., session management). We do not use advertising or tracking cookies. If we introduce non-essential cookies in the future, we will update this policy and request your consent where required by law.

12 Disclosure of Your Information

We do not sell, trade, rent, or otherwise transfer your personally identifiable information to outside parties. We may share information in the following limited circumstances:

• Sub-Processors: As described in Section 5, we share minimal data with third-party services necessary to operate the Service.
• Legal Requirements: We may disclose your information if required by law or in response to valid requests by public authorities.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information becomes subject to a different Privacy Policy.

13 Security

We use administrative, technical, and physical security measures to help protect your personal information, including encrypted connections, access controls, and regular security reviews. While we take reasonable steps to secure your data, no method of transmission or storage is 100% secure.

14 Data Processing Agreement

For Enterprise customers or organizations that require a Data Processing Agreement (DPA) for GDPR compliance purposes, please contact us at [email protected]. We will provide a DPA upon request.

15 Children's Privacy

Our Service is not intended for use by anyone under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we take steps to remove that information from our servers.

16 Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date." You are advised to review this Privacy Policy periodically.

17 Contact Us

If you have any questions or concerns about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: [email protected]
Telegram: @Varta_moderator_bot