L Leam
en ru

Privacy Policy

Version 2.0 · Last updated: 2026-04-27 · Effective: 2026-04-27

Draft pending legal review. References to [LEGAL_ENTITY] and [ESTABLISHMENT_COUNTRY] are placeholders that will be filled in before public launch.

This Privacy Policy explains how Leam ("we", "us", "our"), operated by [LEGAL_ENTITY], established in [ESTABLISHMENT_COUNTRY], processes your personal data when you use the Leam Telegram bot, the Leam mini-app, and the website at leam.club ("the Service"). It is written to comply with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable national law.

For any privacy question, contact us at privacy@leam.club.

1. Who is the controller

  • [LEGAL_ENTITY]
  • Address: [REGISTERED_ADDRESS]
  • Email: privacy@leam.club
  • A Data Protection Officer is not mandatory for our scale; the privacy contact above is the responsible point for data subject requests.

2. What data we collect

2.1 Account and contact data

  • Telegram user ID; first name, last name, username (if set).
  • Language code (auto-detected from Telegram).
  • Time zone (you set it during onboarding).

2.2 Health and wellness data — special category data (GDPR Art. 9)

  • Age, gender (self-reported), height.
  • Body weight (current, target, history).
  • Activity level and individual activity entries (type, duration, intensity, calories burned).
  • Food and meal entries (descriptions, quantities, photos, voice notes, computed nutrition values).
  • Dietary preferences and allergies (if you provide them).
  • Goals (currently weight-loss only) and progress.

2.3 Conversational and content data

  • Text messages, photos and voice messages you send to the bot.

2.4 Technical data

  • Bot interaction timestamps, mini-app session data. No advertising trackers, no third-party analytics SDKs.
  • Application logs (errors, performance metrics) — pseudonymous where possible.

2.5 Billing data (only if you subscribe)

  • Subscription status, plan, transaction identifiers. Payments are processed by Stripe (EU/EEA) or T-Bank (Russia); we do not store full card details.

2.6 Consent records

  • Each consent (privacy, terms, health-data processing, AI processing) is logged with timestamp, version, language, the URL of the document you saw and a SHA-256 hash of the exact text shown.

3. Why we process your data, and on what legal basis

PurposeLegal basis
Provide the core service: log meals, weight, activity; calculate nutrition; answer questionsArt. 6(1)(b) contract + Art. 9(2)(a) explicit consent for health data
Personalised AI responses (transcribe voice, recognise food in photos, classify text)Art. 9(2)(a) explicit consent
Send reminders and tipsContract; opt-out per stream
Operate, debug and secure the ServiceArt. 6(1)(f) legitimate interest
Bill subscribers and meet tax obligationsArt. 6(1)(b) contract + Art. 6(1)(c) legal obligation
Respond to data-subject requestsArt. 6(1)(c) legal obligation

You can withdraw your health-data and AI-processing consents at any time. Use /consent_status in the bot or write to privacy@leam.club. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

AI processing is integral to the Service — every message, voice note and photo you send is parsed by our AI subprocessor. There is no AI-free mode. If you withdraw your AI-processing consent, your account is deactivated and we treat it the same as a /reset (see Section 6 for the 30-day grace window).

4. Who we share your data with

We do not sell your data and do not share it for advertising. Our sub-processors are:

ProcessorRoleLocation / safeguards
Telegram FZ-LLCMessage deliveryUAE / global · Telegram Privacy Policy
OpenAI Ireland Ltd.AI processing (text, voice via Whisper, vision via GPT-4 Vision, GPT-4 reasoning)EU (Ireland) with US transfers under SCCs / EU-US DPF · DPA in place · OpenAI does not retain inputs for training
Hetzner Online GmbHHosting and encrypted backupsEU (Germany — Falkenstein) · DPA in place
Stripe Payments Europe Ltd.Payments (EU subscribers)EU (Ireland) · Stripe DPA
Tinkoff Bank ("T-Bank")Payments (Russian subscribers)Russia · 152-FZ framework

A current and complete list of processors is maintained in our internal Record of Processing Activities and is available on request.

5. Where your data is stored

The primary database and application servers are at Hetzner Online in Falkenstein, Germany (EU). Encrypted backups are in Hetzner Object Storage in the same region. Some sub-processors (Telegram, OpenAI, T-Bank) involve cross-border transfers covered by the safeguards in Section 4.

6. How long we keep your data

  • Account, profile, meal/weight/activity entries — while the account is active.
  • Consent records — while active + 5 years after closure (to demonstrate lawful processing).
  • Billing records — 6 years (statutory bookkeeping period).
  • Application logs — 30 days.
  • REST audit log of health-data access — 90 days.
  • Voice and image inputs sent to OpenAI — not retained after AI returns.
  • Backups — 7 days locally, 30 days in Object Storage.

When you ask us to delete your account by sending /reset to the bot, we soft-delete it immediately (the account becomes inaccessible). After 30 days, all health, meal, weight, activity and conversation data is permanently and irreversibly purged. Within the 30-day window you can recover the account by sending /undelete.

7. How we protect your data

  • All traffic to the Service uses TLS.
  • Database servers are in a private network, accessible only from application services.
  • Identifier separation: Telegram ID is on the users table only; all health rows reference an internal numeric user ID.
  • Bucket-level access control on backups.
  • Server-side reads/writes of health data through REST APIs are logged in an internal audit table (90-day retention).
  • Roadmap: PostgreSQL TLS internal connections and encryption-at-rest beyond Hetzner disk encryption.
  • Security incidents that put your rights at risk are reported to you and to the supervisory authority within 72 hours, as required by GDPR Art. 33–34.

8. Your rights

  1. Access (Art. 15) — send /export to the bot to receive a JSON file with your full data.
  2. Rectification (Art. 16) — edit your profile and entries from the mini-app.
  3. Erasure (Art. 17) — send /reset (see Section 6).
  4. Restriction (Art. 18) — write to privacy@leam.club.
  5. Portability (Art. 20) — same /export, machine-readable JSON.
  6. Object to legitimate-interest processing (Art. 21) — write to us.
  7. Withdraw consent (Art. 7(3)) — through /consent_status.
  8. Not be subject to a solely automated decision with legal or significant effect (Art. 22) — our AI generates suggestions, not binding decisions.
  9. Lodge a complaint. If you reside in Finland: Office of the Data Protection Ombudsman. Other EU/EEA residents: your national authority.

We aim to respond to data-subject requests within 30 days.

9. Children

The Service is intended for users aged 18 and over. We do not knowingly process data of children under 18.

10. Cookies and tracking

The leam.club marketing website uses no third-party tracking or advertising cookies. The bot has no cookies. The mini-app stores a minimal session token provided by the Telegram WebApp; this is required for the app to function.

11. Changes to this policy

Material changes (new data categories, new processors, narrower lawful basis) increment the version, are announced in the bot, and require re-confirmation. Previous versions stay accessible at the URL recorded against your existing consent.

12. Contact

Privacy: privacy@leam.club · Support: support@leam.club

13. Security roadmap (informational)

  • Enable PostgreSQL TLS for all internal connections.
  • Enable column-level or full-disk encryption-at-rest beyond Hetzner's disk encryption.
  • Quarterly third-party penetration tests once the user base reaches the relevant threshold.

Updates to this section do not require re-consent.