Privacy Policy
General Provisions
This Privacy Policy (hereinafter — "Policy") describes how the Tono.tax platform (hereinafter — "Platform", "we") collects, uses, stores and protects user data (hereinafter — "you", "User").
By using the Platform, you consent to the processing of data in accordance with this Policy. If you disagree — please stop using the Service.
Data Received from Telegram
When authorizing through Telegram Mini App, we receive the following data:
| Data | Purpose |
|---|---|
| Telegram ID | Account identification, structure linking |
| Username | Display in partner list |
| First / Last Name | Interface personalization |
| Interface Language | Localization |
| Profile Photo (URL) | Avatar display |
We do NOT receive and do NOT have access to:
- Phone number
- Messages and correspondence
- Contacts and groups
- Geolocation
- Device contents
Blockchain Data
When using the Platform, we process the following blockchain data:
- TON wallet address — linked to your account for receiving payouts
- Transaction history — subscription payment and payout data
- Subscription status — activity, start/end date, loyalty level
Important: all transactions on the TON blockchain are public by nature. Wallet addresses and transaction amounts are accessible to anyone through blockchain explorers. The Platform cannot ensure the confidentiality of data recorded on the blockchain.
Referral Structure Data
To operate the payout distribution system, we store:
- Inviter–invitee relationships (referral tree)
- Referral codes and links
- Number of invited users at each level
- Partner subscription activity status
Your username may be visible to your inviting partner in the "My Partners" list. Detailed financial information of partners is not disclosed to other users.
On-Device Data
On your device, the Platform stores:
- Authorization token (localStorage) — to maintain sessions without re-login
- User data cache (localStorage) — for faster interface loading
We do not use tracking cookies, advertising trackers, or analytics pixels. localStorage data is only accessible within the Telegram Mini App and is not shared with third parties.
Purposes of Data Processing
Collected data is used exclusively for:
- User identification and session maintenance
- Referral system operation and payout distribution
- Subscription and loyalty level management
- Displaying statistics (finances, team)
- Security and fraud prevention
- Multi-account detection and abuse prevention
- Technical support and dispute resolution
We do not use your data for advertising, profiling, selling to third parties, or any purposes unrelated to Platform operation.
Third-Party Data Sharing
We do not sell or share personal data with third parties, except in the following cases:
- TON Blockchain — wallet addresses and transactions are recorded on the public blockchain (required for smart contract operation)
- Hosting provider — servers hosting the Platform may have technical access to data
- Legal requirements — upon request from authorized government bodies under applicable law
In all other cases, data is not shared or disclosed.
Data Storage and Protection
Security measures:
- Data is stored on protected servers with restricted access
- Data transmission between client and server is encrypted (HTTPS/TLS)
- Database access is limited to authorized personnel
- Regular data backups
Retention period: data is stored for the entire period of Platform use and 12 months after the user's last activity, after which it may be deleted.
We take reasonable measures to protect data, however we cannot guarantee absolute security due to the nature of internet technologies.
International Data Transfer
Platform servers may be located outside your jurisdiction. By using the Service, you agree that your data may be processed and stored in another country where the level of personal data protection may differ from your jurisdiction.
Automated Decisions
The Platform may make automated decisions based on user data:
- Multi-account detection — automatic identification of linked accounts based on technical parameters
- Violation blocking — automatic access restriction upon detection of suspicious activity
- Payout calculation — automatic determination of amounts and recipients based on the referral structure
Automated blocking decisions may be appealed through official communication channels.
User Rights
You have the right to:
- Request information — find out what data is stored about you
- Correct data — update outdated information (wallet change)
- Request deletion — demand deletion of personal data
- Withdraw consent — stop data processing by ceasing to use the Service
To exercise these rights, contact us through the Platform's Telegram bot.
Limitations: we cannot delete data recorded on the TON blockchain (addresses, transactions), as the blockchain is immutable by nature. We may also retain a minimal set of data to prevent repeated abuse (e.g., Telegram ID of a blocked account).
Minor's Data
The Platform is intended only for persons aged 18 and over. We do not knowingly collect data from minors.
If we become aware that data has been provided by a person under 18, we will delete that data and block the corresponding account.
Analytics and Monitoring
The Platform may collect anonymized technical information:
- Device type and operating system
- Telegram client version
- Usage time and frequency
- Application errors and crashes
This data is used exclusively to improve Platform performance and is not linked to any specific user. We do not use third-party analytics systems (Google Analytics, Facebook Pixel, etc.).
Data Breach
In the event of a personal data breach, the Platform undertakes to:
- Immediately take measures to eliminate the vulnerability
- Notify affected users through the Telegram bot within 72 hours
- Report the nature of the breach and affected data
- Provide protection recommendations (wallet change, etc.)
Policy Changes
We reserve the right to update this Policy at any time. The current version is always available at this URL.
For significant changes, we will notify users through the Telegram bot. Continued use of the Platform after publication of changes constitutes acceptance of the updated Policy.
Contact
For all questions regarding personal data processing, you can contact us through the Platform's official Telegram bot.
We aim to respond to requests within 14 business days.