// Legal

Privacy Policy

Application: VibeGram for Android · Operator / Data Controller: XLogics Smart Solutions LLC
Address: 30 N Gould St Ste R, Sheridan, Wyoming 82801, USA
Contact: support@vibegram.app
Last updated: 20 June 2026 · Effective date: 20 June 2026

01Introduction and Scope

VibeGram (the "App") is a messaging application built on the open-source Telegram for Android client, extended with additional features including a cryptocurrency wallet, market data, file scanning, spam protection, and a premium subscription.

This Privacy Policy explains what information the App collects, how it is used, with whom it is shared, how long it is kept, and the choices and rights you have. It applies to your use of the App and the related backend services we operate (collectively, the "Services").

Important relationship with Telegram. The App connects to Telegram's messaging network to provide core messaging functionality. Your messages, contacts, calls, and related communications are transmitted and processed through Telegram Messenger services, which are operated by third parties and are NOT controlled by us. Telegram's own collection and processing of your data is governed by Telegram's privacy policy, not by this policy. We are responsible only for the additional VibeGram features and Services described in this document. We are not affiliated with, endorsed by, or sponsored by Telegram FZ-LLC or Telegram Messenger Inc.

Please read this policy carefully. By downloading, installing, accessing, or using the App, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, do not use the App.

02Eligibility and Age Requirements

You must be at least 13 years old (or the minimum age of digital consent in your jurisdiction, if higher) to use the App.
The wallet and cryptocurrency features are self-custodial: you alone control your keys and funds, and we do not take custody of your assets or act as a money transmitter, broker, exchange, or financial advisor. Regardless of age, you may use the financial, wallet, cryptocurrency, trading, market-data, and premium-purchase features only if you have the legal capacity to do so in your jurisdiction and only where such use is lawful. These features involve real financial risk; if you are a minor, you must have the consent and supervision of a parent or legal guardian.
The App is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe a child under 13 has provided us personal information, contact us at support@vibegram.app and we will delete it.

If you do not meet these requirements, do not use the corresponding features of the App.

03Information We Collect

We collect the following categories of information. We collect only what is described here; categories not listed are not intentionally collected by the VibeGram features.

3.1 Information You Provide or That Comes From Your Telegram Account

When you register with our Services through Telegram, we receive and process:

Telegram user ID (a numeric, persistent account identifier);
Username (if you have set one on Telegram);
Display name (first and/or last name as set on your Telegram account);
Telegram Premium status (whether your Telegram account is a Premium account).

This information is synchronized to our backend to create and maintain your VibeGram account and to operate account-linked features such as premium entitlements and credits.

Note on phone numbers: Your phone number is used by Telegram to operate your messaging account and is processed by Telegram under Telegram's policy. The VibeGram backend features described here are keyed to your Telegram user ID and do not require us to separately store your phone number for VibeGram functionality.

3.2 Device and Technical Information

Device fingerprint. During registration we generate a device identifier by combining your device's Android ID, manufacturer, model, brand, internal device name, and Android API level, and storing a SHA-256 hash of that combination. This is used for security, session binding, and fraud/abuse prevention.
App and diagnostic data. App version, operating-system version, device model, language/region, network state, crash logs, stack traces, and performance data.
Push notification token. A Firebase Cloud Messaging (FCM) registration token used to deliver push notifications to your device.

3.3 Content You Submit to Optional Features

Some features transmit content off your device only when you use that feature:

Spam protection (AI classification). If you enable AI-assisted spam protection, message text from the chats being evaluated, together with your Telegram user ID and the spam topic categories, may be sent to our backend for automated classification. This means the content of those messages is transmitted to and processed by our servers. If you do not want message content analyzed by our servers, do not enable this feature.
File antivirus scanning. If you request an antivirus scan of a file or document, the complete file is forwarded to a Telegram bot for scanning, and the App polls our backend for the scan result. The file content, file name, and associated metadata leave your device and are processed by that scanning service. Do not submit files you are not authorized to share or that contain sensitive information you do not wish to transmit.

3.4 Financial, Wallet, and Transaction Information

If you use the wallet and crypto features:

Wallet address(es) you connect or create;
On-chain transaction data associated with your wallet address (such as transaction type, amount, token symbol, and transaction hash), which we read from and/or monitor via our cloud database in order to provide balance display and real-time transaction notifications;
Market and trading interactions, such as tokens you view and charts you open.

Private keys / seed phrases. Wallet private keys and recovery phrases are managed within the wallet module's secure local storage on your device. We do not transmit, request, or store your private keys or recovery phrases on our servers, and we will never ask you for them. You are solely responsible for safeguarding them. Loss of your keys or recovery phrase may result in permanent, irreversible loss of funds, for which we are not responsible.

3.5 Purchase and Subscription Information

If you purchase a premium subscription:

Google Play purchase token, product ID, and package name, which are sent to our backend to verify the purchase and activate premium;
Subscription status and expiry returned by our backend.

Payment card details are handled by Google Play (or your chosen payment provider) and are not collected or stored by us.

3.6 Analytics and Usage Information

We and our service providers may collect analytics and product-usage information, including feature usage events, screens viewed, session information, and automatically collected device/app properties, through analytics and crash-reporting tools (including Google Firebase Analytics and Crashlytics). This helps us understand how the App is used, fix bugs, and improve the Services.

3.7 Information Stored Only on Your Device

The following data is stored locally on your device and is not, by itself, transmitted to us (though it may relate to features that do transmit data as described above): your settings and preferences, spam/whitelist/keyword lists, notification history, cached emoji images, cached bot configuration, and cached wallet address. Authentication tokens and the device fingerprint are stored in encrypted local storage.

04Device Permissions

The App may request the following device permissions. Where a permission supports a core Telegram messaging function, the underlying processing is governed by Telegram's policy.

Camera – video calls, scanning QR codes (including wallet/address QR codes), and media capture.
Microphone (Record Audio) – voice messages and calls.
Location (approximate, precise, and/or background) – location sharing and related features, only when you choose to use them.
Contacts (read/write) – to find and sync contacts on Telegram, when you enable it.
Storage / Media (read/write) – to send, receive, and save media and files.
Biometric / Fingerprint – to unlock the wallet and/or app locally. Biometric authentication is performed on your device using the operating system's secure framework; biometric data is processed locally and is not transmitted to or stored by us.
Phone state, accounts, network state, notifications, vibration, wake lock, and similar – standard operational permissions.

You can grant or revoke permissions through your device settings. Revoking a permission may disable the related feature.

05How We Use Your Information

We use the information we collect to:

create, operate, secure, and maintain your VibeGram account and the Services;
authenticate you, manage sessions, and bind sessions to your device for security;
provide features you use, including wallet display and notifications, market data, spam protection, file scanning, premium entitlements, and credits;
verify purchases and manage subscriptions;
send transactional and service notifications, including wallet activity alerts;
detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms;
diagnose problems, monitor performance, and improve and develop the Services;
comply with legal obligations and enforce our agreements.

Legal bases (for users in the EEA, UK, and similar jurisdictions)

Where required, we process personal data on the following legal bases: performance of a contract (to provide the Services you request); legitimate interests (security, fraud prevention, analytics, and product improvement, balanced against your rights); consent (for optional features such as analytics or features that transmit content, where applicable); and compliance with legal obligations.

06How We Share Information

We do not sell your personal information for money. We do not share your personal information except as described below:

6.1 Service Providers and Sub-Processors

We share information with vendors that process data on our behalf, including:

Google / Firebase – cloud messaging (push), cloud database (wallet/transaction data), crash reporting, analytics, and related infrastructure;
Google Play / Google Billing – purchase processing and verification;
Our hosting and backend infrastructure.

These providers are authorized to use your information only to provide services to us.

6.2 Telegram and Third-Party Bot Services

Core messaging, contact sync, calls, and the file antivirus scanning feature operate through Telegram's network and Telegram bots. Data routed through Telegram, including files you submit for scanning, is subject to Telegram's handling and policies in addition to ours.

6.3 Market Data and Charting Providers

When you view market data or charts, the App may contact third-party data providers such as DexScreener and GeckoTerminal (and similar services). Your interaction with those third-party services is subject to their respective privacy policies.

6.4 Legal, Safety, and Business Transfers

We may disclose information if we believe in good faith that it is necessary to: comply with applicable law, regulation, legal process, or governmental request; enforce our terms; detect, prevent, or address fraud, security, or technical issues; or protect the rights, property, or safety of our users, the public, or us. In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction, subject to this policy.

6.5 "Sale" / "Sharing" under U.S. State Laws

We do not sell personal information for monetary consideration. Certain analytics or advertising-related data uses may be considered a "sale" or "sharing" under some U.S. state privacy laws (such as the California Consumer Privacy Act, as amended). Where this applies, you may exercise your opt-out rights as described in Section 10.

07Blockchain and Public Ledger Notice

Cryptocurrency transactions are recorded on public, decentralized blockchains that we do not control. Information written to a blockchain — including wallet addresses, transaction amounts, and timestamps — is public, permanent, and generally cannot be changed, deleted, or made private. Anyone may be able to view and correlate on-chain activity. This is an inherent characteristic of blockchain technology and is outside our control. Do not use the wallet features if you do not accept this.

08Data Retention

We retain personal information for as long as necessary to provide the Services and for the purposes described in this policy, and thereafter as required to comply with our legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements.

Account data (e.g., user ID, name, username, premium status) is retained while your account is active and for a reasonable period afterward.
Security data such as device fingerprints and session/refresh tokens is retained for the duration of the session lifecycle and as needed for security.
Message text submitted for spam classification and files submitted for scanning are processed to deliver the result; retention by the processing services is limited to what is necessary to operate and improve those features and to meet legal obligations.
On-device data is retained until you delete it, clear app data, or uninstall the App.
Data recorded on public blockchains cannot be deleted (see Section 7).

When information is no longer needed, we take reasonable steps to delete or de-identify it.

09Security

We implement technical and organizational measures designed to protect your information, including: encryption of sensitive local data in encrypted local storage (AES-256-GCM); bearer-token (JWT) authentication with short-lived sessions, refresh tokens, and per-account isolation; hashing of device fingerprints; and transport encryption (HTTPS/TLS) for communications with our backend.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security, and you provide information at your own risk. You are responsible for maintaining the security of your device, your Telegram account, your device unlock/biometric credentials, and your wallet keys and recovery phrases.

10Your Rights and Choices

Depending on where you live, you may have some or all of the following rights regarding your personal information:

Access – request a copy of the personal data we hold about you.
Correction – request that we correct inaccurate or incomplete data.
Deletion – request that we delete your personal data, subject to legal exceptions (and noting that on-chain data and certain Telegram-held data are outside our control).
Restriction / Objection – request that we restrict or object to certain processing.
Portability – request your data in a portable format.
Withdraw consent – where processing is based on consent, withdraw it at any time (this does not affect prior processing).
Opt out of "sale"/"sharing" and targeted analytics – where applicable under U.S. state laws.
Non-discrimination – we will not discriminate against you for exercising your rights.

EEA/UK users may also lodge a complaint with their local supervisory authority.

To exercise any of these rights, contact us at support@vibegram.app. We will respond within the timeframes required by applicable law. We may need to verify your identity before fulfilling your request. You can also control much of your data directly: disable optional features, revoke permissions in device settings, and clear app data or uninstall the App.

11International Data Transfers

We and our service providers may process and store your information in countries other than the one in which you reside, including countries that may have data-protection laws different from those in your jurisdiction. Where we transfer personal data internationally and are required to do so, we use appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms). By using the App, you understand that your information may be transferred to and processed in such countries.

12Third-Party Services and Links

The App integrates with and links to third-party services that we do not control, including Telegram, Google/Firebase, Google Play, market-data providers (e.g., DexScreener, GeckoTerminal), blockchain networks and explorers, and any websites or bots you choose to open. This policy does not cover those third parties. We encourage you to review their privacy policies. We are not responsible for the practices, content, or security of third-party services.

13"Do Not Track" Signals

Some browsers and devices offer "Do Not Track" or similar signals. There is currently no industry-standard mechanism for responding to such signals, and the App does not respond to them. Where required by law, we honor recognized opt-out preference signals as described in Section 10.

14Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate or required by law, provide additional notice (such as an in-app notice). Your continued use of the App after the updated policy takes effect constitutes your acceptance of the changes. If you do not agree, stop using the App.

15Disclaimers and Limitation Notice

To the maximum extent permitted by applicable law, the App and Services are provided "as is" and "as available" without warranties of any kind. Nothing in this Privacy Policy is intended to, and nothing herein shall, exclude or limit any rights you have under mandatory applicable data-protection law. To the extent permitted by law, we are not liable for: (a) the acts or omissions of Telegram or other third-party services; (b) loss of cryptocurrency, keys, or recovery phrases; (c) the public and permanent nature of blockchain data; or (d) unauthorized access resulting from your failure to secure your device, account credentials, or wallet keys. This Privacy Policy does not by itself create warranties or contractual liability beyond what is required by law and our Terms.

16Contact Us

If you have questions, requests, or complaints about this Privacy Policy or our handling of your information, contact:

XLogics Smart Solutions LLC
30 N Gould St Ste R, Sheridan, Wyoming 82801, USA
Email: support@vibegram.app

This Privacy Policy is provided for transparency about the App's data practices. It is not legal advice.