← Повернутися до Deal

Privacy Policy — Deal

Last updated: March 15, 2026

Applicable to: Deal mobile application (“App”) for iOS and Android, operated in connection with Telegram.

1. Who we are

Deal (“we”, “our”) is a product that provides catalog and order management for sellers using Telegram. This Privacy Policy describes how we collect, use, and protect information when you use the Deal mobile application. The App is intended for use by sellers who manage their business via Telegram.

2. Information we collect

2.1 Information obtained through Telegram authentication

When you sign in to the App via Telegram (using the official Telegram authentication flow), we receive from our backend service the following data that Telegram provides in connection with your account:

  • Telegram user identifier (telegram_id) — required to associate your App account with your Telegram account and to provide the service (e.g. sending you notifications and linking your catalogs and orders).
  • Username (Telegram @username), if you have set one — used for display in the App (e.g. in settings) and for account management.

We do not receive your phone number or other contact details from Telegram through this authentication method. Authentication is performed by you confirming your identity in the Telegram app; we only receive the above identifiers from our backend after a successful link between the one-time login token and your Telegram account.

2.2 Information stored on your device (local storage)

The App stores the following data locally on your device (using the device’s standard storage mechanisms) to provide functionality:

  • Account and profile: internal account ID, Telegram ID, username, language and notification preferences, list of your shops/catalogs, subscription status and validity dates (e.g. trial/active/expired), and related subscription identifiers. This allows the App to work offline and to restore your session.
  • Shops and catalogs: names, settings, structure (categories and products), and catalog content you create (including images and product data) for each shop you manage.
  • Orders: order data for your shops (customer order information, products, status, comments). Seller comments you add to orders are stored locally and may be synced to our servers for backup and consistency.
  • Preferences: selected language, theme (e.g. light/dark), and last activity timestamp used for session handling.

This data is stored only on your device unless we explicitly describe below that it is also sent to our servers.

2.3 Information sent to our servers

We send to our backend (hosted on Amazon Web Services, eu-central-1 region) the following, as necessary to operate the service:

  • Authentication and account: The one-time login token (UUID) you use when logging in via Telegram, and after successful authentication we receive and store on our side your Telegram ID, username, account ID, role, subscription status, catalog IDs, and trial/subscription validity dates. This is required to verify your identity and subscription and to sync your shops and orders.
  • Push notifications: If you enable notifications in the App’s Settings and grant the required permission on your device, the App sends to our servers your Telegram ID and the push notification token (FCM for Android, APNs for iOS) so we can send you notifications (e.g. new orders). This data is used only for delivering push notifications. Notifications are off by default; we request permission only when you turn them on in Settings.
  • Subscription and payments: If you purchase a subscription inside the App (via Apple App Store or Google Play), we receive from the store a purchase receipt (or equivalent). We send this receipt to our servers together with your Telegram ID to validate the purchase and activate or extend your subscription. We do not store your payment card details; payment is handled entirely by Apple or Google.
  • Catalog and orders: When you create or update catalogs and orders, the App may send catalog content, order data, and seller comments to our servers so that your data can be synced across devices and so that the Telegram bot and WebApp (buyer-facing catalog) can function correctly.

2.4 Third-party services

  • Telegram: Authentication and linking your account are done through Telegram. Telegram’s use of your data is governed by Telegram’s privacy policy.
  • Firebase (Google): We use Firebase Cloud Messaging (FCM) to deliver push notifications. Google may process the device token and related data according to Google’s privacy policy. We use FCM only for sending notifications, not for advertising or cross-app tracking.
  • Apple / Google: In-app subscription purchases are processed by Apple (App Store) or Google (Play Store). Their respective privacy and payment terms apply to those transactions. We receive only the information necessary to verify the purchase (e.g. receipt or token) and to activate your subscription.

We do not sell your personal data to third parties. We do not use your data for advertising or for building user profiles for marketing.

3. How we use your information

We use the information described above to:

  • Provide and operate the Deal service (catalogs, orders, notifications).
  • Authenticate you and manage your account and subscription.
  • Send you push notifications (e.g. new orders) if you have allowed notifications.
  • Validate and activate in-app subscription purchases.
  • Sync your data across the App and our backend so that the Telegram bot and buyer-facing catalog work correctly.
  • Improve and maintain the App and our backend (e.g. fixing errors, ensuring security).

We do not use your data for targeted advertising.

4. Legal basis (where applicable)

If you are in the European Economic Area or the UK:

  • Contract: Processing is necessary to perform our contract with you (providing the Deal service).
  • Legitimate interests: We may process data for our legitimate interests in operating and securing the service, subject to your rights.
  • Consent: Where we rely on consent (e.g. for push notifications), you can withdraw it in your device settings or in the App.

5. Data retention

  • On your device: Data in the App’s local storage remains until you uninstall the App or clear the App’s data. You can also log out or use in-App options that clear or reset data where we provide them.
  • On our servers: We retain your account and subscription data, catalog and order data, and push notification identifiers for as long as your account is active and as needed to provide the service, comply with law, and resolve disputes. Receipt and subscription validation data may be kept for the period required for tax, legal, or accounting purposes.

6. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data (subject to legal exceptions).
  • Object or restrict certain processing.
  • Data portability (e.g. a copy of your data in a portable format).
  • Withdraw consent where we rely on it (e.g. notifications).
  • Complain to a supervisory authority.

To exercise these rights, contact us using the details in the “Contact” section below. We will respond within a reasonable time as required by applicable law.

For data deletion: If you want to delete your data from our systems (we do not create a separate account; your data is linked to your Telegram ID), you can use the “Delete my data” option in the App’s Settings. It opens an email to our support with your Telegram ID so we can process your deletion request. You can also contact us directly by email. We will process your request in line with our legal obligations. Note: some data may need to be retained for legal or accounting reasons.

7. Security

We use industry-standard measures to protect your data in transit and at rest (e.g. HTTPS, secure backend infrastructure on AWS). No method of transmission or storage is 100% secure; we encourage you to keep your device and Telegram account secure.

8. Children

The App is not directed at children under the age of 13 (or higher where required by local law). We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us so we can delete it.

9. International transfers

Our backend is hosted in the European Union (eu-central-1). If you are outside the EU, your data may be transferred to and processed in the EU or other countries where our or our providers’ servers are located. We ensure appropriate safeguards (e.g. standard contractual clauses or adequacy decisions) where required by law.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and, where required by law or for material changes, we will notify you (e.g. in the App or by email). Your continued use of the App after the effective date constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions, to exercise your rights, or to request account deletion:

Product / operator: Deal (by Moon AI)
Contact: admin@moon-ai.agency (or via the contact option in the App or on the Deal landing page).

If you are in the EU, you may also have the right to lodge a complaint with your local data protection authority.

This Privacy Policy applies to the Deal mobile application (iOS and Android) and the related backend services. It is provided in English; a Ukrainian or other language version may be made available for convenience, but in case of conflict the English version shall prevail unless otherwise required by law.