Member Bot is a Telegram-based subscription platform that connects subscribers to premium Telegram channels and helps creators in Kenya monetise their audiences. This policy explains what data we collect, why we collect it, and how it is used.
1. Information We Collect
When you interact with Member Bot through Telegram, we may collect the following information:
- Telegram account data — your Telegram user ID, first name, last name (if set), and username (if set). This is provided automatically by Telegram when you start a conversation with the bot.
- Phone number — collected only when you initiate an M-Pesa payment. Used solely to send the STK Push request to Safaricom. We never store your M-Pesa PIN.
- Payment records — M-Pesa transaction details including amount, receipt number, checkout request ID, result code, and timestamp. Phone numbers associated with payments are stored for record-keeping and dispute resolution.
- Subscription data — the plans you are subscribed to, activation dates, expiry dates, and access code redemptions.
- Message activity — a short rolling buffer (last 10 messages) is kept in memory for moderation purposes and is not persisted to disk.
2. How We Use Your Information
- Subscription management — to grant, renew, or revoke access to Telegram channels and groups based on your active subscription.
- Payment processing — to initiate and track M-Pesa STK Push requests via Safaricom's Daraja API.
- Renewal reminders — to notify you before your subscription expires so you can renew without losing access.
- Support — to respond to queries raised through the bot or support channel.
- Fraud and abuse prevention — to detect and mitigate spam, flood attacks, and other misuse of the platform.
- Creator dashboards — creators can see their subscribers' Telegram names and subscription status within their own category only. Payment phone numbers are visible to platform administrators for payout reconciliation.
3. Information We Do Not Collect
- We do not collect your M-Pesa PIN at any point.
- We do not access messages you send in channels or groups — only messages sent directly to the Member Bot bot.
- We do not use your data for advertising or sell it to third parties.
4. Third Parties
We share data with third parties only to the extent necessary to operate the platform:
- Safaricom (M-Pesa / Daraja API) — your phone number and payment amount are transmitted to Safaricom when you initiate a payment. Safaricom's own privacy policy governs how they handle this data.
- Telegram — the platform through which the bot operates. Your Telegram data is subject to Telegram's Privacy Policy.
- OpenAI — if you interact with the AI support assistant, your message and limited subscription context (plan names, status) are sent to OpenAI to generate a response. No payment or personally identifying information is included in these requests.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide the service. Payment records are kept for a minimum of 12 months for financial reconciliation purposes. If you would like your data deleted, contact us via the support channel and we will process your request within 30 days, subject to any legal retention obligations.
6. Security
We take reasonable technical and organisational measures to protect your data, including:
- HTTPS encryption on all endpoints (TLS 1.2 and 1.3)
- Database row-level locking on payment processing to prevent duplicate charges
- Server-side authentication for all dashboard access
- Read-only container filesystem — the application cannot modify its own source files at runtime
No system is completely secure. If you believe your data has been compromised, please contact us immediately.
7. Your Rights
You have the right to:
- Request a copy of the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (subject to retention requirements)
- Withdraw consent for optional data uses at any time
To exercise these rights, message us via @BNNCREATORBOT on Telegram.
8. Children
Member Bot is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of Member Bot after changes are posted constitutes acceptance of the updated policy.
10. Contact
If you have any questions about this Privacy Policy, please contact us on Telegram: @BNNCREATORBOT