Privacy

Privacy and data handling

What this service stores, for how long, who can access it, and how to remove it. See /security for the threat model.

ChatGPT Apps users

When you install mctl-telegram as a ChatGPT App, the following data flows apply:

User-authorized account access: this service operates only on the Telegram account you explicitly connect. It is an independent project and is not affiliated with, endorsed by, or operated by Telegram or OpenAI.
Through ChatGPT: your conversation prompts, MCP tool arguments (e.g. peer identifiers, draft message text), and tool results returned by this server. That traffic is processed by OpenAI under their privacy policy.
Stored by this server: an encrypted MTProto session blob, your Telegram user id and display name/username, and audit metadata (tool name, redacted peer reference, status). Message bodies returned by read tools are transient — fetched for the request and not written to disk.
Revoke access: call disconnect_telegram_account or delete_telegram_account via MCP, use the HTTP endpoints below, or remove the app from ChatGPT settings.

Data inventory

Where	Contents	Why	Retention
`users` table	Telegram user id (subject from your sign-in), Telegram display name and username	Resolves your identity for per-user storage isolation	Until you call `delete_telegram_account` — cascades to remove your row
`telegram_accounts` table	AES-256-GCM ciphertext of your MTProto session blob (per-user HKDF-derived key), plus non-sensitive display name / Telegram username if Telegram returned them	Required to make Telegram API calls on your behalf	Until you call `disconnect` (marked revoked) or `delete` (row removed)
`audit_logs` table	Tool name, redacted peer reference (truncated/hashed), status, and a redacted error string. No message text, no phone numbers, no session bytes.	Operational visibility, abuse detection, and to power the `get_my_audit_log` tool	Retained for 90 days, then removed by the audit-log sweeper (window configurable via `AUDIT_RETENTION_DAYS`; set to 0 to keep indefinitely).
Process memory	Plaintext MTProto messages for the duration of one tool call (the server must decrypt them to talk to Telegram)	Required to fulfil the request	Freed when the goroutine returns; never written to disk
Process stdout (Loki)	Structured JSON log lines from `slog`, with sensitive keys redacted by the audit handler	Operator debugging	Per the platform's Loki retention (typically 14–30 days)

What is NOT stored

The plaintext of any message you send or receive
Your phone number (only seen during interactive login, never persisted)
Your Telegram cloud password / 2FA digits
Raw MTProto session bytes (only the AES-GCM ciphertext lives in Postgres)
The contents of Authorization: Bearer headers
Your IP address beyond what the platform ingress logs at L4/L7 (not persisted by this service)

Self-service controls

You can remove your data and inspect what was recorded at any time without operator involvement:

POST   /api/account/disconnect   # mark session revoked (keeps row, no Telegram access)
DELETE /api/account              # remove the encrypted session blob and row entirely
GET    /api/account              # connection status + per-account send_enabled flag
GET    /api/account/audit        # newest-first audit rows (limit, before)
GET    /api/account/audit/verify # recompute the hash chain and prove audit was not tampered with

Equivalent MCP tools: disconnect_telegram_account, delete_telegram_account, get_my_audit_log. Disconnect and delete tear down the in-memory MTProto client atomically with the DB write so a concurrent request cannot piggyback on the doomed session.

Who can access your data

You, via the MCP tools and HTTP endpoints listed above.
The deployment operator, who has Kubernetes/database access to the running service. There is no in-service admin tool that exposes another user's session in plaintext, but an operator with SQL access could read the encrypted blob; without the ENCRYPTION_KEY they cannot decrypt it.
Anyone who compromises the running pod could read every session in memory while requests are in flight (this is true of any server-side MTProto host; mitigations are available via Local Bridge mode (beta, self-hosted), which keeps the session off the server entirely).

Third parties

Telegram (transport) — your MTProto session is, by definition, used to talk to Telegram. They see the same traffic any Telegram client would generate.
Telegram (identity) — your identity comes from a Telegram sign-in flow handled directly by this server.
No analytics, advertising, or third-party tracking is injected by this service. The OAuth-flow pages (connect, session management) serve inline CSS only under a strict Content-Security-Policy and contact no external hosts; the public content pages (home, docs, security, privacy) load the mctl design system stylesheet and web fonts from a CDN for presentation.

Contact

General support: [email protected]. Privacy inquiries: [email protected]. For security or vulnerability reports, see /security. Code is open source at github.com/mctlhq/mctl-telegram; audit it yourself.