The policy states that third-party bot developers receive public account data including screen name, username, and profile picture when users interact with bots, and may also receive messages, IP addresses (via links), group membership status, and interface language. Third-party bot developers are described as independent from Telegram, and their data practices are governed by their own terms rather than Telegram's privacy policy.
This analysis describes what Telegram's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that user data transmitted to third-party bots is outside Telegram's data protection framework, and that Telegram does not govern how independent bot developers collect, store, or use that data. Users interacting with third-party bots should review those bots' separate privacy policies.
The agreement states that interacting with third-party bots transmits public account data and potentially messages, IP addresses, and language settings to independent developers who are not subject to Telegram's privacy policy. The policy states bots should request user permission before accessing data, but Telegram does not enforce or guarantee third-party bot data practices.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Telegram has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"The developers of an automated user (bot) can get your public account data (see section 3.1 above): your screen name, username and profile picture(s). Bots can also receive the following data when you interact with them... Bots added to groups can operate in two modes: with access to messages in the group or without access. If the bot has access to messages, it can see everything that happens in the group... The terms of use for certain bots are set by Telegram. No other bots or third-party bot developers are affiliated with Telegram. They are completely independent from us. They should ask you for your permission before they access your data or you make it available to them.— Excerpt from Telegram's Telegram Privacy Policy
1. REGULATORY LANDSCAPE: This provision engages GDPR controller and processor liability frameworks, as data transferred to independent third-party bot developers may constitute a separate data controller relationship outside Telegram's control. GDPR Article 13 notice requirements and Article 28 processor obligations may be relevant depending on the bot developer's role. National data protection authorities in the EEA have jurisdiction over EU-based bot developers. 2. GOVERNANCE EXPOSURE: High. The policy explicitly disclaims Telegram's responsibility for third-party bot developer data practices, creating a significant data governance gap for users who interact with bots. Telegram Business users who connect third-party bots to their accounts grant those bots access to all messages in assigned private chats, which may create additional organizational data protection exposure. 3. JURISDICTION FLAGS: EEA users interacting with bots operated by non-EEA developers may have limited recourse under GDPR, as enforcement against non-EEA bot developers may be constrained. Illinois BIPA or CCPA obligations may apply to bot developers operating in those jurisdictions if the data collected includes biometric or personal information. 4. CONTRACT AND VENDOR IMPLICATIONS: Organizations using Telegram Business with connected third-party chatbots should conduct due diligence on those chatbot operators as data processors or independent controllers. The policy states that bots connected via Telegram Business can access all messages in assigned private chats, which may constitute a significant data sharing arrangement requiring contractual documentation. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should map all third-party bot integrations and assess whether those developers have provided adequate privacy notices and obtained appropriate consent. Telegram Business deployments with connected chatbots may require Data Processing Agreements with the bot operators depending on the applicable legal framework.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that user data transmitted to third-party bots is outside Telegram's data protection framework, and that Telegram does not govern how independent bot developers collect, store, or use that data. Users interacting with third-party bots should review those bots' separate privacy policies.
The agreement states that interacting with third-party bots transmits public account data and potentially messages, IP addresses, and language settings to independent developers who are not subject to Telegram's privacy policy. The policy states bots should request user permission before accessing data, but Telegram does not enforce or guarantee third-party bot data practices.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Telegram.