Privacy Policy — WhaleGram

1. Who We Are

WhaleGram ("we", "us", "our") is a Telegram-based advertising platform accessible at whalegram.li. We help advertisers grow their Telegram presence through targeted campaigns.

2. Data We Collect

Data	Source	Purpose
Telegram ID	Telegram Login Widget	Unique account identifier
First name, last name, username	Telegram	Display name in the platform
Language code	Telegram	Interface language
IP address	Your browser/device	Fraud prevention, geo-analytics
Country code (derived from IP)	ip-api.com lookup	Aggregate geo-statistics for advertisers
Session token (JWT, cookie)	Our server	Keep you logged in for 24 hours
Campaign data	You (advertiser)	Run and manage your campaigns
Transaction history	Platform	Audit trail of credit movements

We do not collect passwords, payment card numbers, or any biometric data. USDT transactions on the TON blockchain are handled externally and are not stored by us beyond the credit amount.

3. How We Use Your Data

Authenticate your identity via Telegram and maintain your session.
Create and manage advertising campaigns on your behalf.
Provide aggregate geo-statistics on campaign reach (country-level only — no individual tracking).
Detect and prevent fraud and abuse.
Comply with applicable legal obligations.

4. Legal Basis (GDPR)

Where the GDPR applies, we process your data on the following bases:

Contract performance — processing necessary to provide the WhaleGram service you signed up for.
Legitimate interests — fraud prevention and platform security.
Consent — for optional analytics cookies (see Cookie Policy).

5. Data Sharing

We do not sell your personal data. We share data only with:

Telegram — to verify your identity via their Login Widget and Bot API.
ip-api.com — your IP address is sent to resolve a country code. No personal data beyond the IP is transmitted. See their privacy policy.
Infrastructure providers — our VPS host processes data solely to operate the service.

You see only aggregate geo data on your campaigns (e.g. "42 completions from Italy") — never individual user data.

6. Data Retention

Account data is retained for as long as your account is active.
Transaction and completion records are retained for 3 years for audit purposes.
Session cookies expire after 24 hours.
IP addresses are overwritten on each new login (we store only the most recent IP).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Rectify inaccurate data.
Erase your account and all associated data.
Object to or restrict processing.
Data portability — receive your data in a structured format.

To exercise these rights, contact us on Telegram via the link in our Terms of Service. We will respond within 30 days.

8. Security

All data is transmitted over HTTPS (TLS 1.2+). Session tokens are stored in HTTP-only cookies, inaccessible to JavaScript. Passwords are never stored — authentication is handled entirely by Telegram. Our database is not publicly accessible; all connections are made through an encrypted SSH tunnel.

9. Children

WhaleGram is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us personal data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy. When we do, we will update the "Last updated" date above. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related enquiries, contact us via the Telegram link in our Terms of Service.