Privacy Policy
Last updated: June 2, 2026
1. Who we are
Mindora is a Telegram-based AI assistant that helps you manage personal information through five informational areas: Health, Legal info, Finance, Designer, and Assistant. This policy describes what data Mindora collects, how it is used, how it is stored, and what choices you have.
2. Data we collect
- Telegram profile data. When you start the bot or log in via the web dashboard, we receive your Telegram user ID, first name, and username if public. We do not receive your phone number.
- Messages. The text of messages you send to the bot is processed by our AI pipeline and stored in your personal conversation history.
- Documents. Files you upload, such as PDFs, images, and text files, are stored for the purpose of analysis, retrieval, and answering your future questions.
- Memory chunks. Structured facts extracted from your conversations and documents are stored as vectorised memory fragments to enable context-aware replies.
- Usage metadata. We log non-content metadata such as agent type, token counts, response latency, and error events. Message text, document content, Google OAuth tokens, and Google Calendar event content are not written to application logs.
3. Google Calendar data
Google Calendar integration is optional. If you choose to connect your Google Calendar, Mindora requests access through Google's OAuth consent screen and uses only the scopes needed for the calendar features you enable.
Mindora's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy , including the Limited Use requirements.
When you connect Google Calendar, Mindora may collect and use:
- OAuth credentials. Access tokens, refresh tokens, granted scopes, token expiry, and related OAuth metadata required to keep the integration working.
- Calendar event data. Upcoming event metadata such as title, start time, end time, location, and description when needed to answer your request.
- Event creation details. Event title, time, duration, description, and location that you ask Mindora to create in your calendar.
Mindora uses Google Calendar data only to:
- show your calendar connection status;
- answer your questions about upcoming events and schedule conflicts;
- create calendar events or reminders when you explicitly ask Mindora to do so;
- maintain and secure the calendar integration.
Mindora does not sell Google user data, does not use it for advertising, and does not use it to build, train, or improve generalised AI or machine learning models.
4. Where data is stored
- Database. Structured data such as users, conversations, messages, documents, memory, and integration status is stored in a PostgreSQL database hosted on our infrastructure.
- Encrypted credentials. Google OAuth credentials are encrypted before being stored and are associated with your Mindora user account.
- File storage. Uploaded files are stored either on the server's local disk or in an S3-compatible object store, depending on our deployment configuration.
- Cache. Short-lived rate-limit counters and session metadata are kept in Redis and expire automatically.
5. Third-party processing and sharing
We do not sell personal data and do not use personal data for advertising.
We share or process data with third parties only as needed to provide Mindora:
- Google. If you connect Google Calendar, Mindora exchanges OAuth tokens with Google and calls the Google Calendar API to read upcoming events or create events according to your requests.
- OpenAI. Your messages, document excerpts, and relevant calendar details may be sent to OpenAI's API when necessary to generate an AI response or perform a requested calendar action. OpenAI processes this data under its Privacy Policy.
- Infrastructure providers. Hosting, database, cache, and storage providers process data only to operate the service.
6. Data retention and deletion
Your Mindora data is retained until you delete it or disconnect an integration.
-
In Telegram: send
/forgetto the bot. A two-step confirmation is required. - In the web dashboard: use the "Delete all my data" button under the Danger Zone section.
- For Google Calendar: use the calendar integration controls in the Telegram Mini App, dashboard, or bot to disconnect your calendar. You can also revoke Mindora's access in your Google Account security settings.
Hard deletion removes your user record, conversations, messages, documents, memory chunks, and stored integration credentials from Mindora's database. This is irreversible.
7. Your rights and choices
-
Export. Send
/exportto the bot to receive a JSON archive of your Mindora data. -
Deletion. Use
/forgetin Telegram or the dashboard button to delete your Mindora data permanently. - Access. Your dashboard at /dashboard shows your profile, memory statistics, recent conversations, documents, and integration status.
- Calendar control. You decide whether to connect Google Calendar and can disconnect it at any time.
8. Security
- Database access is filtered by your user ID to prevent cross-user data access.
- Session cookies are signed and configured as HttpOnly and SameSite=Lax.
- Uploaded files have restrictive server-side permissions.
- Critical operations are written to an audit log without secrets or message content.
- OAuth credentials are encrypted at rest and are not exposed in logs.
9. Important disclaimer
Mindora is not a medical, legal, or financial service provider. The Health area does not provide medical diagnoses. The Legal info area does not provide legal advice. The Finance area does not provide investment recommendations. Always consult a licensed professional for serious decisions.
10. Contact
Questions about this policy? Contact us via Telegram: @Mindoraapp_bot or support: @mindora01.