Privacy Policy

Last updated: April 11, 2026

1. Who We Are

Qupport is a SaaS platform for creating AI-powered support bots on Telegram. This policy explains what data we collect, why, and how we protect it.

2. Data We Collect

When you join the waitlist, we collect:

  • Email address (required) — to notify you when early access opens
  • Name (optional) — to personalize communication
  • Company name (optional) — to understand our audience
  • Use case selection (optional) — to prioritize features
  • IP address — for abuse prevention
  • Browser language — to display the site in your preferred language

3. How We Use Your Data

Your data is used solely for waitlist management, product launch notifications, and aggregated analytics to improve the product. We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Cookies & Analytics

We use the following cookies and tracking:

  • Language preference cookie (landing_lang) — a first-party cookie that remembers your selected language. It contains no personal data and expires after 1 year.
  • Yandex Metrica — we use Yandex Metrica to understand how visitors interact with the site (pages viewed, scroll depth, button clicks). Metrica is loaded only after you accept cookies via the consent banner. You can opt out at any time by rejecting cookies or using a browser ad blocker.

5. Data Retention

Waitlist data is retained until the product launches and you create an account, or until you request deletion — whichever comes first. Analytics data is retained for 12 months.

6. Your Rights

You have the right to:

  • Access — request a copy of the data we hold about you
  • Deletion — request that we delete your data at any time
  • Portability — receive your data in a machine-readable format

7. Data Security

We implement a multi-layered security architecture:

  • Encryption at rest — all data is stored in encrypted PostgreSQL databases. Sensitive credentials (such as bot API tokens) are additionally protected with Fernet (AES-128-CBC) symmetric encryption and rotatable keys.
  • Encryption in transit — all communications between clients, internal services, and third-party APIs are encrypted with TLS 1.2+. Unencrypted connections are rejected.
  • Access control — production systems require SSH key authentication. Administrative APIs are protected with dedicated API keys. Telegram webhooks use secret-token verification to prevent unauthorized requests.
  • Infrastructure hardening — servers run behind a strict firewall (ports 22, 80, 443 only) with automated brute-force protection (fail2ban). Container images are rebuilt with updated dependencies on every release.
  • Data isolation — each customer’s knowledge base is logically isolated at the database level. Queries and vector searches are scoped to the owning bot and cannot access other customers’ data.

8. Contact

For any privacy-related questions or data requests, email us at privacy@qupport.io.