Privacy Policy
What we know about you, where it lives, and how you control it
Effective from 2026-05-23. GNOSIS VENTURES LLC, California, USA.
1. What data we collect
When you sign in through Telegram
- Telegram ID (numeric identifier)
- First and last name (if set in TG)
- Username (if any)
- Profile photo (URL)
- Sign-in timestamp
When you pay
- Email (passed to Stripe for the receipt)
- Payment details are processed by Stripe – we never see or store them
- Billing country (for tax calculation)
While you use the service
- Which practices were completed and when
- Your state before/after a practice (if you voluntarily record it)
- Streak, progression
- Anonymous behavioural events via PostHog (with your Telegram ID after sign-in)
We do not collect: biometrics, voice recordings from your device, contacts, geolocation, or messages from your other Telegram chats.
2. Sub-processors
We use the following services to process data. All of them have signed standard Data Processing Agreements.
| Service | What it processes | Location |
|---|---|---|
| Vercel (KV / hosting) | entitlements, sessions, content | USA (US-East) |
| Stripe | payments, taxes | USA |
| PostHog | behavioural analytics | USA (us.i.posthog.com) |
| Telegram (Bot API) | identification and delivery of bot messages | Globally |
| Plausible Analytics | anonymous traffic | EU |
3. Jurisdictions and legal basis
EU / EEA / UK (GDPR)
Legal basis: performance of a contract (Article 6(1)(b)) for the basic account, payment, and content delivery. Consent (6(1)(a)) – for PostHog analytics: a cookie consent banner is shown on your first visit; you can withdraw it at any time.
Data transfers to the USA: on the basis of Standard Contractual Clauses (SCC) with Vercel/Stripe/PostHog.
Russian Federation (Federal Law 152-FZ)
Important: data is processed on servers in the USA. Federal Law 152-FZ requires the initial processing of the personal data of Russian citizens on servers within Russia. If you are a resident of the Russian Federation, by registering you knowingly accept that processing takes place in the USA. If this is unacceptable to you – do not use the service.
California (CCPA/CPRA)
You have the right to know, delete and correct your data and to opt out of its sale. We do not sell your data. Requests – to support@gnosis.ventures.
4. Retention periods
- Active account – for as long as it is active
- Financial records (Stripe) – 7 years (a requirement of US tax law)
- PostHog analytics – 12 months, then aggregated
- After account deletion: personal data is erased within 30 days; financial records are retained as required by law
5. Your rights
- Access: request a copy of all your data
- Correction: fix incorrect data
- Erasure: request account deletion (the right to be forgotten)
- Portability: receive your data in a machine-readable format
- Withdrawal of consent: turn off analytics at any time
All requests – to support@gnosis.ventures or through the @gnosis_ventures_bot bot. Response time – 30 days.
6. Cookies and tracking
- Necessary: a session cookie (HttpOnly, Secure, SameSite=Lax, 30 days) – sign-in does not work without it
- Analytical: PostHog – only with your consent (cookie consent banner)
- We do not use third-party advertising cookies
7. Security
- TLS on all connections
- Standard industry practices for secret storage (Vercel env, encrypted)
- In the event of a breach – we will notify within 72 hours (a GDPR requirement)
8. Contact
Data controller: GNOSIS VENTURES LLC, California, USA
Email: support@gnosis.ventures