GDPR

[mnemotiv]

tl;dr - you should remove this disclaimer until this issue is resolved:

https://github.com/Telegram-Mini-Apps/analytics?tab=readme-ov-file#%EF%B8%8F-disclaimer

Problem:

My tests shown that you're sending at least a Telegram user ID to your backend.

Under GDPR and specifically in Telegram's case it's PII (personally identifiable information), because it doesn't prevent re-identification in specific cases.

Solution:

You should send a one-way-hashed user fingerprint to your backend, instead of using a plain PII data.

P.S.

TON is going to USA - don't forget to check local privacy laws in each state.

[danielytics]

@mnemotiv why did you close this? It seems like a rather important issue, especially since the README still makes claims about being GDPR complaint.