Last updated: March 20, 2026
StarsPay ("we", "us", "our") operates the StarsPay platform, including the website at starspay.dev, the dashboard at app.starspay.dev, the @starspay/sdk npm package, and associated Supabase backend services (collectively, the "Service"). This Privacy Policy describes how we collect, use, and protect your information.
Account Information. When you sign in via the Telegram Login Widget, we receive your Telegram user ID, first name, last name, username, and profile photo URL. We do not receive your phone number or Telegram messages.
Payment Data. We process payment events from Telegram Stars (via Telegram Bot API webhooks). This includes transaction IDs, amounts, invoice payloads, and subscription status. We do not store credit card numbers or bank account details — Telegram Stars payments are handled entirely by Telegram.
Dashboard Billing. If you subscribe to a paid StarsPay plan, payment is processed by Stripe. We store your Stripe customer ID and subscription status. Stripe handles all card and billing details under their own privacy policy.
Usage Data. We collect aggregated analytics (revenue totals, subscription counts, transaction volumes) scoped to your app. We do not track individual end-user behavior across apps.
Lawful Basis for Processing. We process your personal data on the following legal bases: (a) Contract performance (Article 6(1)(b) GDPR) — to provide the Service, process payments, and manage your account; (b) Legitimate interests (Article 6(1)(f) GDPR) — for security monitoring, analytics, fraud prevention, and service improvement.
We use essential cookies and browser local storage for authentication and session management. These are strictly necessary for the Service to function and do not require consent. We do not use advertising or tracking cookies.
We do not sell your personal information. We share data only with:
We have Data Processing Agreements in place with our infrastructure providers, including Supabase and Stripe.
Your data is stored on Supabase cloud infrastructure. Where data is transferred outside the European Economic Area (EEA), appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.
We may disclose information if required by law or to protect the rights and safety of our users.
We use industry-standard security measures including HTTPS encryption, hashed API keys, row-level security policies, and constant-time cryptographic verification. Bot tokens are encrypted at rest in our database.
We retain your account and payment data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., financial records).
You may request access to, correction of, or deletion of your personal data by contacting us at support@starspay.dev. If you are located in the EU/EEA, you have additional rights under GDPR, including the right to data portability, the right to withdraw consent at any time (where processing is based on consent), the right to object to processing based on legitimate interests, and the right to lodge a complaint with a supervisory authority.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.
For questions about this Privacy Policy, contact us at support@starspay.dev.