Privacy Policy for Maigret Telegram Bot
Effective date: 1 May 2026
This Privacy Policy explains how the Maigret Telegram Bot (“Maigret Bot”, “the Bot”, “we”, “us”) processes data when you use the Bot on Telegram.
The Maigret Bot is an open-source digital footprint self-assessment tool. It helps users understand what publicly visible information may be associated with their usernames, so they can improve their privacy, review their online exposure, and take steps to update, secure, or remove information from external websites where possible.
This Policy applies only to the Maigret Telegram Bot. It does not replace or modify Telegram’s own Terms of Service or Privacy Policy.
1. Controller and contact
The Maigret Bot is provided and operated under the Maigret project.
For privacy, GDPR, abuse, safety, or data deletion requests, contact:
2. What the Bot does
Maigret Bot allows a Telegram user to submit a username and check where that identifier may appear on publicly available external websites.
The Bot is designed to help users review their own public digital footprint, understand which public profiles or account pages may be visible online, and identify where they may need to update, secure, or request removal of information from external services.
The Bot may show public profile links, public account references, public usernames, public aliases, public profile metadata, and generated privacy self-assessment reports based on the user’s request.
The Bot does not remove information from external websites. It helps users identify where information may be publicly visible, so they can take appropriate privacy-protection steps with the relevant external services.
The Bot is intended for lawful personal privacy review, digital footprint awareness, account discovery for self-assessment, security hygiene, and authorised research.
The Bot is not intended for building dossiers on other people, harassment, stalking, intimidation, doxing, threats, spam, phishing, fraud, impersonation, or any other unlawful or abusive activity.
Users should only submit identifiers that relate to themselves or that they are lawfully authorised to review.
3. Data we may process
When you use the Bot, we may process the following categories of data.
3.1 Telegram account and interaction data
We may receive and process data provided through Telegram, including:
your Telegram user ID;
your Telegram username, if available;
your display name, if available;
your language or interface metadata, if available;
commands and messages you send to the Bot;
timestamps of your interactions with the Bot.
3.2 Search and report data
When you use the Bot, we may process:
usernames, aliases, or identifiers submitted by you;
search options selected by you;
search history;
generated digital footprint or privacy self-assessment reports;
cached search results;
temporary files created for report generation;
internal task status and error logs related to your request.
This data is processed to provide the Bot’s functionality and to help you understand what may be publicly visible online in connection with the submitted identifier.
3.3 Publicly available external data
In response to a user-initiated request, the Bot may check publicly available external websites and process information that is visible on those websites, including:
public profile URLs;
public usernames or aliases;
public names or display names;
public avatars or profile images;
public biographies or descriptions;
public links;
public location strings;
public account metadata;
other information made publicly available on external websites.
This information comes from publicly accessible external sources. Maigret Bot does not control those external websites and cannot remove information from them.
The purpose of showing this information is to help users understand their public digital footprint and identify which external websites may need to be reviewed, updated, secured, or contacted for removal.
3.4 Technical and security data
We may process technical data necessary to operate, secure, debug, and improve the Bot, including:
server logs;
request timestamps;
error messages;
abuse-prevention signals;
rate-limit information;
IP addresses of our infrastructure or services where technically required by hosting providers.
3.5 Payment or subscription data
If paid features are enabled, we may process limited payment or subscription status information, such as:
whether your account has premium access;
payment status;
transaction reference or platform payment metadata.
We do not process full payment card numbers through the Bot.
4. Data we do not intentionally collect
Maigret Bot does not intentionally collect:
Telegram passwords;
Telegram login codes or OTP codes;
private Telegram messages outside your direct interaction with the Bot;
contents of Telegram private chats;
Telegram group or channel datasets for scraping, indexing, or resale;
precise device geolocation, unless you explicitly send location data to the Bot;
biometric data;
payment card numbers.
5. How we collect data
We may collect data in the following ways:
directly from you when you send commands, usernames, messages, or files to the Bot;
through Telegram Bot API when Telegram delivers your messages and metadata to the Bot;
from publicly accessible external websites when the Bot performs a user-initiated digital footprint check;
from hosting, infrastructure, database, logging, and security systems used to operate the Bot;
from payment or subscription platforms if paid features are enabled.
6. Why we process data
We process data for the following purposes:
to provide the Bot’s core digital footprint self-assessment functionality;
to help you identify publicly visible accounts, profiles, or references associated with a submitted identifier;
to generate search results and privacy self-assessment reports requested by you;
to help users understand where their information may be visible online and where they may need to update, secure, or request removal of information from external websites;
to maintain search state and deliver results;
to prevent spam, abuse, harassment, doxing, scraping abuse, and other misuse;
to secure, debug, and improve the Bot;
to provide support and respond to user requests;
to process subscriptions or payments, if applicable;
to comply with legal obligations;
to establish, exercise, or defend legal claims.
7. Legal bases for processing
Where the GDPR applies, we rely on one or more of the following legal bases:
performance of a contract or pre-contractual service request, when processing is necessary to provide the Bot functionality requested by you;
legitimate interests, including operating the Bot, preventing abuse, improving reliability, securing the service, and enabling users to review and improve their own online privacy;
compliance with legal obligations, where we are required to retain or disclose limited information;
consent, where we explicitly ask for consent for optional features.
You may object to processing based on legitimate interests by contacting us at:
8. Data retention
We keep data only for as long as reasonably necessary for the purposes described in this Policy.
Our default retention periods are:
search history, generated reports, cached results, and temporary files: up to 30 days, unless deleted earlier by request or by automated cleanup;
technical logs: up to 90 days;
abuse-prevention and security records: up to 12 months, or longer if necessary to prevent serious misuse or defend legal claims;
payment, subscription, or transaction records: for as long as necessary to provide paid access and comply with accounting, tax, legal, or platform obligations.
Some data may be deleted earlier. Some data may be retained longer where required by law, necessary for security, or necessary for legal claims.
9. User controls and deletion
You may request deletion of data associated with your Telegram user ID.
Use one of the following Bot commands:
- /privacy — view privacy information and data controls;
- /gdpr — view GDPR/data subject rights options;
- /delete — request deletion of data associated with your Telegram user ID.
You can also contact us directly:
A deletion request may cover:
your Telegram user ID stored by the Bot;
your Bot search history;
generated reports associated with your Telegram user ID;
cached results associated with your Telegram user ID;
temporary files associated with your Telegram user ID.
Deletion of Bot data does not remove public information from external websites. To remove, update, or restrict information on an external website, you must contact that website directly or use that website’s own privacy, account, deletion, or support tools.
We may retain limited data where necessary for legal obligations, abuse prevention, payment records, security, or legal claims.
10. Requests from people mentioned in results
If you believe that a Maigret Bot result or report contains personal data about you, you may contact us and request review, restriction, or deletion where applicable.
Please provide enough information for us to identify the relevant data, such as:
the username or identifier involved;
the result or report you are referring to;
why you believe the data relates to you;
what action you request.
We may ask for additional information if needed to verify that the request is legitimate and does not compromise the privacy or rights of another person.
Please note that Maigret Bot cannot remove information from external websites. If the information is hosted by an external service, you may also need to contact that service directly.
11. GDPR and data subject rights
Where the GDPR applies, you may have the right to:
access personal data we process about you;
request correction of inaccurate data;
request deletion of your data;
request restriction of processing;
object to processing based on legitimate interests;
request data portability where applicable;
withdraw consent where processing is based on consent;
lodge a complaint with a competent data protection authority.
To exercise these rights, contact:
We aim to respond to lawful requests within 30 days, unless a longer period is allowed by applicable law due to complexity or number of requests.
12. Sharing of data
We do not sell personal data.
We may share limited data only where necessary:
with hosting, infrastructure, database, logging, security, or payment providers used to operate the Bot;
with Telegram, as part of the normal operation of the Telegram Bot Platform;
with external websites, where technically necessary to perform a user-initiated digital footprint check;
with legal, regulatory, or law enforcement authorities where required by applicable law;
where necessary to prevent abuse, fraud, security incidents, doxing, harassment, or serious misuse;
where necessary to establish, exercise, or defend legal claims.
13. International transfers
The Bot may use infrastructure, hosting, cloud, security, analytics, or payment services located in different countries.
Where required by applicable data protection law, we rely on appropriate safeguards for international transfers, such as adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms.
14. Security
We use reasonable technical and organisational measures to protect data processed by the Bot, including access controls, logging, rate limits, and infrastructure security measures.
No online service can guarantee absolute security. If you believe you have found a security issue, please contact:
15. Abuse and prohibited use
You must not use Maigret Bot to:
harass, stalk, threaten, intimidate, or dox any person;
build dossiers on other people without a lawful basis or authorisation;
publish or distribute personal information for abusive purposes;
impersonate another person or organisation;
perform phishing, fraud, spam, or social engineering;
search for targets in a way that violates applicable law;
submit illegal, harmful, or abusive content;
attempt to bypass rate limits, access controls, or security measures.
You should only use the Bot to review your own digital footprint, to perform authorised checks, or for other lawful and legitimate purposes.
We may restrict, suspend, or delete access where we reasonably believe the Bot is being misused.
16. Automated processing
Maigret Bot may automatically process a submitted username or identifier and generate search results or reports.
The Bot does not make automated decisions that produce legal effects concerning you or similarly significantly affect you.
The Bot does not determine a person’s identity, legal status, financial status, reliability, risk level, or trustworthiness.
The Bot’s results may be incomplete, inaccurate, outdated, or false positive. Users are responsible for verifying results before relying on them.
17. Children
Maigret Bot is not intended for children. Do not use the Bot if you are not legally allowed to use Telegram or similar online services in your jurisdiction.
18. Changes to this Policy
We may update this Privacy Policy from time to time.
If we make material changes, we will update the effective date and, where appropriate, notify users through the Bot or another reasonable method.
19. Contact
For privacy, GDPR, data deletion, abuse, safety, or security requests, contact: