# Telethryve Privacy Policy This policy covers customer use of Telethryve as a product. It is separate from the source-use restrictions in [USER_AGREEMENT.md](USER_AGREEMENT.md). ### 1. Product Posture Telethryve is a local-first, source-available product. Much of the work can run on the customer's own machine, but Telethryve can also route data through third-party services that the customer enables or configures. ### 2. Data Telethryve May Process Telethryve may process: - Telegram identifiers, messages, attachments, and chat metadata. - Local files, documents, images, and generated artifacts the user asks it to inspect, create, or return. - License and billing metadata such as plan slug, activation state, Stripe customer id, and billing email. - Optional phone, voice, email, or cloud-task content when those workflows are configured and used. - Logs and diagnostics needed to operate, debug, or secure the product. ### 3. How Processing Works Processing depends on the profile, tools, and services the customer enables. Depending on the workflow, data may be processed by: - the local Telethryve runtime on the customer's machine; - Telegram for message delivery; - Stripe for billing and subscription management; - SMTP or email infrastructure chosen by the operator; - optional cloud backends, phone providers, speech providers, or other tools the customer enables for a given environment. High-trust and networked modes are explicit product choices, not silent defaults. ### 4. Data Retention Telethryve stores runtime state locally by default. This can include files under `.telethryve/`, local logs, project memory, and generated artifacts that the user keeps on the host machine. Retention rules: - local runtime state remains until the customer deletes it or uninstalls the product; - licensing records remain as long as needed to operate subscriptions, revalidate activations, handle support, and maintain billing history; - Stripe keeps billing records under Stripe's own policies; - Telegram, SMTP, and other enabled providers retain data under their own policies; - customers are responsible for configuring local log rotation, backups, and deletion practices appropriate for their environment. ### 5. Security And Control Telethryve ships safe-first defaults and requires explicit configuration before broader local automation or networked workflows are enabled. Customers remain responsible for: - securing the machine that runs Telethryve; - protecting Telegram bot tokens, API keys, and billing credentials; - reviewing outputs before acting on high-impact decisions; - enabling only the skills, tools, and integrations they intend to trust. ### 6. Customer Choices Customers can reduce or remove retained data by: - disabling cloud or network-enabled modes; - deleting local runtime files such as `.telethryve/`; - removing generated artifacts they no longer want to keep; - cancelling the subscription in Stripe; - revoking or rotating the credentials they configured for the runtime. ### 7. Third-Party Services Telethryve depends on third-party services the operator chooses to enable. Those services may include Telegram, Stripe, Codex backends, speech tools, phone providers, SMTP providers, and machine-local tools. Their separate terms and privacy practices continue to apply. ### 8. Support Support and billing help are described in [SUPPORT.md](SUPPORT.md) and [BILLING.md](BILLING.md).