Heimdall Privacy Policy
This policy governs the collection, use, and processing of personal data by Heimdall — a Telegram group protection bot developed and operated by Odin Tools.
Heimdall makes automated decisions that may significantly affect individuals, including automatic banning and listing in a shared scammer database. EEA and UK users have the right to request human review. See Section 5 for full details.
About This Policy
This is the supplementary privacy policy for Heimdall, a Telegram bot developed and operated by Odin Tools. It describes data collection and processing specific to Heimdall.
Contact: [email protected] · Telegram
What Heimdall Does
Heimdall is a Telegram group protection bot that helps group administrators:
- Detect and remove scam, spam, and violation messages
- Automatically ban users identified as scammers or bad actors
- Clean and moderate group chats
- Maintain group safety through a shared scammer database
Who This Policy Applies To
Heimdall processes data relating to two distinct groups of individuals:
| Group | Description |
|---|---|
| Group Administrators | Telegram users who add Heimdall to their groups and configure its behaviour |
| Group Members | Telegram users present in groups where Heimdall operates — including those who may be flagged, warned, or banned |
If you are a group member in a group that uses Heimdall, your data may be processed even if you have never directly interacted with Heimdall.
Data Heimdall Collects
3.1 Group Administrator Data
| Data | Description |
|---|---|
| Telegram User ID | Your unique Telegram identifier |
| Telegram Username | Your @username if publicly set |
| Group / Chat IDs | Identifiers of groups you manage with Heimdall |
| Configuration Settings | Moderation rules and preferences you set |
3.2 Group Member Data
| Data | Description |
|---|---|
| Telegram User ID | Your unique Telegram identifier |
| Telegram Username | Your @username if publicly set |
| Message Content | Content of messages analyzed for violations (see Section 4) |
| Violation Records | Records of detected scam or violation behaviour |
| Ban / Action History | Record of moderation actions taken against your account |
3.3 Scammer Database
Heimdall maintains a shared database of Telegram User IDs and associated violation records. This database is used to:
- Identify users with a history of scam or violation behaviour across groups
- Enable group administrators to proactively ban known bad actors
- Prevent scammers from re-entering protected groups
Entries are based on detected behaviour, reports from group administrators, or cross-group pattern analysis.
Message Content Processing
Heimdall analyzes message content to detect violations, spam, or scam activity. This analysis:
- Is performed automatically in real-time as messages are sent in groups where Heimdall operates
- May involve pattern matching, keyword detection, and link analysis
- Does not involve storing the full content of all messages — only messages flagged as potential violations may be logged for review or audit purposes
- Does not involve reading direct (private) messages — Heimdall only operates within groups where it has been explicitly added by an administrator
Automated Decision-Making and Profiling
Heimdall makes automated decisions that may significantly affect you. EEA and UK users have the right under Art. 22 GDPR to request human review of any such decision.
Automated decisions made by Heimdall include:
- Automatic banning from a Telegram group based on scam or violation detection
- Database listing — classifying your Telegram User ID as a scammer in our shared database
- Cross-group enforcement — actions in one group may affect your access to other groups using Heimdall
These decisions may result in:
- Removal from one or more Telegram groups
- Inability to join new groups that use Heimdall
Your Right to Challenge Automated Decisions
If you believe you have been incorrectly flagged, banned, or listed in the Heimdall scammer database, you have the right to:
- Request human review of the decision by contacting [email protected] or Telegram
- Request information about why you were flagged or listed
- Request removal from the scammer database if the listing is inaccurate
We will respond to such requests within 30 days. We will review the decision and correct or remove the record if the classification is found to be inaccurate.
Legal Basis for Processing
| Processing Activity | GDPR Legal Basis |
|---|---|
| Providing moderation services to group administrators | Performance of contract (Art. 6(1)(b)) |
| Analyzing messages for violation detection | Legitimate interests — protecting group members from harm (Art. 6(1)(f)) |
| Maintaining the scammer database | Legitimate interests — preventing scam activity across Telegram (Art. 6(1)(f)) |
| Automated banning decisions | Legitimate interests, subject to Art. 22 safeguards |
The legitimate interest in preventing scam and fraud activity is balanced against individual privacy interests. Users listed in our database are those where there is a reasonable basis — based on detected behaviour or verified reports — to conclude that scam or violation activity occurred.
Third Parties Heimdall Uses
| Third Party | Data Shared | Purpose |
|---|---|---|
| Telegram | All bot interactions and group events | Platform for bot operation |
| Hosting / Infrastructure | Encrypted database contents | Running Heimdall's backend and scammer database |
We do not share the scammer database with any external commercial third parties.
Data Retention
| Data | Retention Period |
|---|---|
| Administrator configuration | Until the administrator removes Heimdall from their group |
| Violation / ban records in groups | Until the administrator clears them or removes Heimdall |
| Scammer database entries | Until successfully disputed and removed, or upon periodic review |
| Message content logs (flagged messages) | 90 days from detection |
Your Rights
Your rights are governed by the Odin Tools Master Privacy Policy. In particular for Heimdall:
- If you are listed in the scammer database: You have the right to request access to your record, challenge the accuracy of the classification, and request removal. Email [email protected] or contact us on Telegram.
- If you were banned from a group: Heimdall enforces bans on behalf of group administrators. For reinstatement to a specific group, you may also need to contact that group's administrator directly.
- If you are a group administrator: You may delete all data associated with your groups by removing Heimdall from your groups and submitting a deletion request to [email protected] or Telegram.
Note to Group Administrators
If you use Heimdall in your group, you are acting as a data controller for the personal data of your group members. Odin Tools acts as a data processor on your behalf.
By using Heimdall, you are responsible for:
- Informing your group members that Heimdall is active and monitoring messages
- Ensuring your use of Heimdall complies with applicable laws in your jurisdiction
- Providing your group members with a way to contact you regarding moderation decisions