Privacy Policy

1.1 Telegram User Data

When you interact with our Telegram bot, we automatically collect and store:

• Telegram User ID: Your unique Telegram identifier
• Telegram Username: Your public Telegram username (if set)
• Message History: All messages exchanged between you and our bot, including commands, responses, and general communications
• Timestamps: When you created your account and when you were last active
• Registration Status: Whether you have completed registration

1.2 Payment Information

When you subscribe to our services, we collect:

• Stripe Customer ID: A unique identifier linking you to our payment processor
• Subscription Details: Your billing type (weekly/monthly), plan tier, and subscription status
• Payment History: Records of successful and failed payments processed through Stripe

We do not store your credit card numbers, CVV codes, or complete payment card details. All payment processing is handled securely by Stripe.

1.3 Server Instance Data

For each server instance we provision for you, we store:

• Instance ID and Name: Unique identifiers for your server
• Subdomain: Your unique subdomain (e.g., username.openhill.ai)
• Cloud Server ID: The identifier of your server on cloud infrastructure
• IPv4 Address: Your server's public IP address
• Tunnel ID: Identifier for your secure tunnel connection
• Server Status: Current state (pending, provisioning, active, deleted)
• Tier Information: Your selected plan (Basic, Standard, Pro)
• Creation and Update Timestamps

1.4 Authentication Tokens and Credentials

We generate and store various tokens for your service:

• Settings Tokens: Temporary tokens (30-minute validity) for accessing your settings panel
• Agent Tokens: Authentication tokens for your AI agent instance
• Keyring Passwords: Encrypted passwords for secure credential storage on your server
• Tunnel Tokens: Tokens for secure tunnel authentication

1.5 Technical Data

We may collect:

• Webhook Event IDs: For preventing duplicate payment processing
• Health Status: Server health monitoring data
• Provisioning Timestamps: When server setup began and completed

We use the information we collect for the following purposes:

• Providing our services: Telegram ID, server instance data, authentication tokens
• Processing payments: Stripe customer ID, subscription details
• Provisioning servers: Instance configuration, cloud server details, tunnel data
• Customer support: Message history, account information
• Service notifications: Telegram ID, username
• Fraud prevention: Payment data, webhook events

By using OpenHill, you consent to receiving marketing and promotional messages from us via Telegram. We may send you:

• Information about new features, services, and updates
• Promotional offers and discounts
• Tips, guides, and educational content related to our services
• Surveys and feedback requests

You may request to reduce the frequency of promotional messages by contacting us. Complete opt-out of all communications may not be possible while maintaining an active account, as some messages are essential for service delivery.

4.1 We Will NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Third-Party Service Providers

We share necessary data with the following third-party services to operate our platform:

• Telegram: Bot platform and messaging (messages, user ID, username)
• Stripe: Payment processing (customer ID, payment amounts, billing metadata)
• Cloud Infrastructure: Server hosting (server configuration, instance labels)
• Cloudflare: DNS, tunnels, and security (subdomain, tunnel configuration)

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to comply with legal obligations, protect our rights, or respond to lawful requests from public authorities.

We retain your data according to the following schedule:

• User account data: Retained while account is active; may be retained after deletion for legal/business purposes
• Message history: Retained for customer support and service improvement
• Payment records: As required by financial regulations (typically 7+ years)
• Settings tokens: 30 minutes (automatically deleted after expiry)
• Webhook events: 7 days
• Server logs: Variable based on operational needs

We reserve the right to retain any data for longer periods if required for legal compliance, dispute resolution, or enforcement of our agreements.

Our web interfaces may use session cookies required for authentication and maintaining your login state. We do not currently use third-party analytics or advertising cookies on our web interfaces.

We implement various security measures to protect your data, including:

• Database encryption and access controls
• HTTPS/TLS encryption for data in transit
• JWT-based authentication with secure signatures
• Secure token generation using cryptographic methods
• Secure tunnels for server access (no open ports)
• Firewall rules blocking all direct inbound traffic to provisioned servers

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (subject to retention requirements)
• Object to processing of your data
• Data portability

To exercise any of these rights, contact us via our Telegram bot.

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy, contact us at hello@openhill.ai.