Privacy Policy

Last updated: March 10, 2026

TAN (“Telegram AI Agent Network”, “we”, “us”, or “our”) operates the Telegram bot @tan_org_bot and the website tan.org. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

1. Information We Collect

1.1 Telegram Account Data

When you interact with our Telegram bot, we receive your Telegram user ID, first name, username, and language preference. This data is provided by Telegram and is necessary to operate the service.

1.2 Messages and Content

We process the messages you send to the bot to generate AI responses. Conversation history is stored to provide context-aware responses. You can clear your history at any time by contacting us.

1.3 Google Account Data

If you choose to connect your Google account, we request access to:

Google Calendar — to view and create calendar events on your behalf
Gmail — to read and send emails on your behalf

We store encrypted OAuth tokens (access and refresh tokens) to maintain your connection. We do not store your Google password. We do not store copies of your emails or calendar events — we access them only in real-time when you make a request.

1.4 Payment Information

Payments are processed through Telegram Stars (Telegram's built-in payment system). We do not collect or store credit card numbers or banking details. We only store transaction records (amount, date, description).

1.5 API Keys (BYOK)

If you provide your own API keys (Bring Your Own Key), they are encrypted using AES-256-GCM before storage and are never stored in plain text.

2. How We Use Your Information

We use your information to:

Provide and operate the AI assistant service
Process your requests (web search, media generation, reminders)
Access Google services on your behalf (Calendar, Gmail) when you explicitly request it
Maintain conversation context and long-term memory
Process payments and manage your subscription
Improve the service and fix issues

3. Google API Services — Limited Use Disclosure

TAN's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only access Google user data that is necessary to provide the features you request (viewing calendar events, creating events, reading emails, sending emails).
We do not use Google user data for advertising purposes.
We do not sell or share Google user data with third parties, except as necessary to provide the service (e.g., sending data to the AI provider to process your request).
We do not use Google user data to build user profiles for advertising or marketing.
Google data is accessed in real-time only and is not permanently stored on our servers. Only encrypted OAuth tokens are stored.

4. Data Sharing and Third Parties

TAN relies on external third-party services to operate. Your data may be shared with these providers as necessary to deliver the service, including but not limited to:

AI model providers — your messages are sent to third-party AI services to generate responses
Connected services — when you use integrations (Calendar, email, etc.), your data is transmitted to the respective service providers
Search and media providers — when you request web search or media generation
Infrastructure providers — for hosting, data storage, and message delivery

We do not sell your personal data. However, third-party providers process your data according to their own privacy policies, which are entirely beyond our control. By using TAN, you acknowledge and accept the following:

Your data will be transmitted to and processed by external services in various jurisdictions worldwide
TAN has no control over how third-party providers store, process, retain, or protect your data once it leaves our systems
TAN is not responsible for any data breach, loss, unauthorized access, or misuse of your data by third-party providers
You assume all risks associated with the transmission of your data to external services

5. Data Security

We take commercially reasonable measures to protect your data, including:

AES-256-GCM encryption for API keys and OAuth tokens at rest
TLS encryption for all data in transit
Isolated virtual machines for each user's AI agent execution
Regular security audits of our infrastructure

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. We are not liable for any unauthorized access, data breach, data loss, or other security incident resulting from factors beyond our reasonable control, including but not limited to attacks on third-party infrastructure, zero-day vulnerabilities, or force majeure events.

6. Data Retention and Deletion

We retain your data for as long as your account is active. You can request deletion of your data at any time by contacting us. Upon request, we will:

Delete your conversation history
Delete your stored memory
Revoke and delete your Google OAuth tokens
Delete your encrypted API keys
Remove your account data

Please note that residual copies of your data may persist in backup systems for a limited period after deletion. Data that has already been transmitted to third-party providers is subject to their own retention policies and cannot be deleted by us.

You can disconnect your Google account at any time using the /disconnect command in the Telegram bot, which immediately deletes your stored Google OAuth tokens.

7. Your Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Revoke Google account access at any time (via /disconnect or through your Google Account permissions)
Export your data upon request

8. International Data Transfers

Your data may be transferred to, stored in, and processed in countries other than your country of residence, including the United States and other jurisdictions where our third-party service providers operate. These countries may have data protection laws that differ from your jurisdiction. By using TAN, you consent to such transfers. We do not guarantee that data protection standards in recipient countries will be equivalent to those in your jurisdiction.

9. Automated Processing and AI

TAN uses automated AI systems to process your messages and generate responses. No human reviews your conversations unless you explicitly report an issue. You acknowledge that:

AI-generated responses may be inaccurate, incomplete, or inappropriate
Automated processing is inherent to the service and cannot be opted out of while using TAN
We are not liable for any decisions you make based on AI-generated content
AI model providers may use anonymized or aggregated interaction data to improve their models, subject to their own policies

10. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights, we will make reasonable efforts to notify affected users through the Telegram bot within 72 hours of becoming aware of the breach. However, we cannot guarantee that notification will be delivered if your Telegram account is inaccessible, and we bear no liability for delays caused by circumstances beyond our control.

11. Limitation of Liability

To the fullest extent permitted by applicable law:

TAN shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from data processing, data loss, unauthorized access, or any other privacy-related incident
Our total liability for any claim related to privacy or data protection shall not exceed the amount you paid to TAN in the twelve (12) months preceding the claim
TAN assumes no responsibility for the privacy practices or data security of any third-party services used in connection with the service
You agree to use the service at your own risk and accept full responsibility for any data you transmit through TAN

12. Cookies and Analytics

The tan.org website may use essential cookies for basic functionality. We use anonymous analytics to understand website usage. The Telegram bot does not use cookies. We do not use tracking cookies for advertising or cross-site tracking purposes.

13. Children's Privacy

Our service is not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes through the Telegram bot. Continued use of the service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: privacy@tan.org
Telegram: @tan_org_bot