Integritetspolicy

TrackerSinocollects almost nothing. There’s no account, no email, no marketing tracker, no behavioural analytics. Your alerts configuration and demo balance live in localStorage on your own device. The only personal identifier we ever touch is your Telegram chat id, and only if you send /start to our bot.

TrackerSino is an independent project. The operator is registered in an offshore jurisdiction (British Virgin Islands / Seychelles) and is the data controller for the limited processing described below. For privacy questions you can reach us through @TrackerSinoBot with the keyword privacy.

a. Server logs

Standard web-server logs (HTTP method, path, status code, response time, user-agent string, originating IP via Cloudflare). Retention: 30 days, rotated automatically. Purpose: diagnose abuse, debug errors. We rely on this processing as a legitimate operational interest in keeping the service available and secure. We do not link logs to identifiable individuals and we do not sell or share logs with marketers.

b. Telegram chat id

When you send /start to @TrackerSinoBot, Telegram delivers your numeric chat id to our bot so it can DM you a private link. We embed that chat id in a signed token (HMAC, 24h TTL) that the link carries. We do not store the chat id in a database; we only see it when a tokenised request arrives, decode it from the signed token, and use it as the destination address for any alert message you have configured. We process this minimal identifier as part of providing the service you have explicitly requested.

c. Browser local storage

Your alert configuration, sidebar preferences, and play-money demo balance are saved in your browser’s localStorage. That data never leaves your device and we have no visibility into it. Clearing browser storage deletes all of it immediately.

d. What we don’t collect

• No name, email, postal address, phone number, or government id.
• No payment data — the service is free, and no real-money operator is connected.
• No advertising identifiers, no fingerprinting, no behavioural profile.
• No third-party trackers (Google Analytics, Facebook Pixel, etc.).
• No data on minors. The service is restricted to 18+.

TrackerSino does not set its own cookies. Cloudflare (our CDN and DDoS shield) may set technical cookies for security and bot detection — these are not used for advertising or profiling. See Cloudflare’s cookie policy for the full list.

We rely on these processors. Each is named so you can audit the privacy chain:

• Cloudflare, Inc. (USA / global edge) — CDN, DDoS protection, bot detection, optional Web Analytics (which is cookieless and aggregated; no per-user profile). Data: IP, request metadata. Cloudflare privacy policy.
• Telegram FZ-LLC (UAE / global) — Bot API. Data: your chat id, the messages you send the bot, the messages we send to you. Telegram privacy policy.

We do not use Google Analytics, Meta Pixel, TikTok Pixel, AdSense, or any equivalent tracker.

Cloudflare and Telegram operate global infrastructure; processing may occur outside the EU/EEA. Cloudflare relies on the EU–US Data Privacy Framework and Standard Contractual Clauses where applicable; Telegram operates from the UAE and applies its own contractual safeguards. We do not transfer your data anywhere else.

• Server logs: 30 days, rolling.
• Cloudflare metadata: per Cloudflare’s defaults.
• Telegram messages: per Telegram’s policy.
• Signed tokens (HMAC): 24 hours, then reject.
• localStorage on your device: until you clear it.

As a courtesy and irrespective of the operator’s jurisdiction, we extend the rights commonly granted under GDPR / UK GDPR / CCPA to every visitor:

• Access the personal data we hold about you. Practically: we hold almost none — just the chat id encoded in any tokens you currently have, which you can decode yourself by base64-decoding the first segment of any tokenised URL.
• Erasure: stop messaging the bot and clear your browser’s localStorage; nothing of yours remains.
• Object to processing at any time and we will stop.
• Complainto your national data protection authority if you believe we’ve mishandled your data. EU residents can use the authority listed for their member state at edpb.europa.eu; UK residents the ICO; California residents the CPPA.

To exercise these rights, message the bot with the keyword privacy — it’ll forward to a human.

The service is restricted to users 18 or over. We do not knowingly collect data from minors. If you believe a minor has interacted with our bot, contact us and we will delete any related token records.

All data in transit uses TLS 1.2+. Tokenised links are HMAC-SHA-256 signed with a server-side key; tampering produces an invalid signature and the request is rejected. We do not store passwords because we don’t have accounts. The play-money demo runs entirely in your browser; no balance or bet ever reaches our servers.

When this policy changes materially we update the “Last updated” date at the top and post a summary banner for 30 days. For non-material wording fixes we just edit in place.

See also our Terms of Service and our Methodology page (which describes data sources and the “no predictions” stance).