Clubox.io Privacy Policy

Introduction

Clubox.io is a service for automating the management of communities based on Telegram. We provide convenient tools for collecting membership fees, analytics, organizing events, selling services, and facilitating community member acquaintances using artificial intelligence algorithms. Our goal is to simplify community management by offering effective and intuitive solutions. We are committed to transparency and honesty regarding the collection and use of our users' information. This privacy policy describes how we collect, use, process, and protect information related to your use of the Clubox.io service.

General Provisions

Information Collection

  1. Information from Telegram: We collect basic user data provided through Telegram, including first name, last name, and Telegram ID. We also store all data sent by Telegram through the webhook, as part of our bot's operation based on the Telegram Bot API. This includes all messages, button presses, and other user actions.
  2. Additional User Information: We collect, store, and share all information provided to us by users, including survey data, avatars, and phone numbers provided upon registration on the platform.
  3. Web App Visit Data: We collect IP addresses and browser information of users who visit our web applications, including Telegram Mini Apps. We also collect user telemetry when using web applications, such as mouse clicks, cursor hover over site elements, scrolling, screen size changes, key presses, page URL changes, and page visit data.
  4. API Usage Logging: All actions related to the use of our API are fully logged to ensure security and improve the service.
  5. Use of Cookies: We use cookies exclusively to store the JWT token required for user authentication in our service

Information Use
Clubox.io uses collected data for the following
 purposes:
  1. Service Improvement: To continuously improve functionality and ease of use of the service.
  2. Operational Maintenance: To maintain the core functionality and stability of the service.
  3. Error Correction: To quickly identify and fix technical issues.
  4. Analytics and Metrics: To provide community administrators with detailed analytics and metrics about their communities.
  5. Response to Violations: To respond to violations of service rules or laws.
  6. User Experience Personalization: To tailor the service to user preferences and interests.
Disclosure of Information
  1. Data Access through API: We provide access to user data through an API, which is available exclusively to community administrators. Community administrators can access all user data, except for telemetry, within their managerial functions.
  2. Sharing Data with Other Users: As part of the service operation, we may share some user data with other users, for example, profiles or contacts for acquaintance within the corresponding service functions.
  3. Compliance with Legislation: We recognize the importance of complying with current legislation and may be required to disclose certain user information upon official request from government authorities under the existing laws of the Russian Federation. Such actions will be taken in compliance with all necessary legal procedures and requirements.
Data Security
  1. Strict Data Isolation: Users have access only to the data intended for them. We ensure data security by providing access to it only through authorized interfaces (such as the bot in Telegram and our service's web applications) and API methods.
  2. Authentication and Authorization: User authorization is performed through a JWT token. For authentication, we use the Telegram Login Widget and Telegram Mini Apps. Additional authentication or authorization is not required when communicating with the bot in Telegram, as the user is already authenticated in Telegram.
  3. SSL Certificate Management: We use SSL certificates to encrypt data transmitted between the client and the server, ensuring data security during transmission and protecting against interception by unauthorized parties.
Third-party services
We use Telegram to operate the chatbot and authenticate on the platform, so Telegram may gather supplemental data. Also we utilize Cloudflare for protection against DDoS attacks, and Cloudflare may accordingly collect supplemental data.
User Rights
  1. Personal Data Modification: Users can change most of their personal data, except for those that are strictly fixed or reflect objective reality, such as Telegram ID, message history, presence in chats, and action logs.
  2. Data Deletion Request: If necessary, users can request the deletion of their data. We will consider and comply with such requests in accordance with applicable law and our internal procedures.
Changes to the Privacy Policy
We reserve the right to make changes to this privacy policy. In the event of changes, we will inform our users of any changes to the privacy policy through our official Telegram channel: {updates_tg}
Contact Information
If you have any questions, comments, or suggestions regarding our privacy policy, please contact us via:
  • Email: {support_gmail}
  • Our support service in Telegram: {support_tg}
Privacy Policy for Community Administrators
In addition to the above, we adhere to the following policy with respect to community administrators:
Information Collection
  • Information from Google Drive: We collect information from the Google Drive of community administrators when they use Google Picker to select files they want to provide to community residents. We have access only to those files selected by the administrator himself.
Information Use
  • Access to Google Drive files: We use collected information from Google Drive to provide access to community members to the files selected by administrators through Google Picker, and to download their content for further provision within the "Knowledge Base".
Disclosure of Information
  • Sharing Google Drive files: We disclose access to selected Google Drive files to community members at the discretion of the administrator. Control over access to these files is managed by the community administrator.
User Rights
  • Moderation of Access to Google Drive Files: Community administrators have the right to moderate access to Google Drive files they have chosen to share with community members. They can change access rights, close access to files, or delete them.
Third-party services
Google OAuth is used for Google Picker, which means Google may gather supplemental data.