Privacy Policy

Effective as of Jan 1, 2025

1. INTRODUCTION

Welcome to Dise, a CRM platform provided by Minders Studio Ltd. (“Minders”, “Dise”, “we”, “us”, or “our”). We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CRM platform and its integrated Telegram client ("Service").

2. KEY INFORMATION ABOUT YOUR TELEGRAM DATA

Privacy-focused Design of Telegram Integration

Dise implements a CRM platform with a native integration to Telegram through an official open-source Telegram client embedded in an iframe. The following constitutes the definitive description of our integration architecture:

  • Direct Telegram Authentication - Users authenticate directly with Telegram through our embedded client. The client utilizes identical message serving protocols and security measures as official Telegram applications, with no intermediary connection through Dise.
  • Absence of Authentication Token Exchange - Dise does not participate in or intercept authentication token exchanges with Telegram. All authentication processes occur exclusively between the user and Telegram's servers.
  • Data Isolation Framework - All Telegram data remains exclusively within the Telegram client environment and is completely removed from our application upon session termination. Telegram data is technically and functionally isolated from Dise systems.
  • Technical Inability to Access Telegram Content - By design, Dise has no technical capability to access users' Telegram accounts, passwords, chat histories, or media from Telegram servers. Dise cannot perform actions on behalf of users or operate within the Telegram environment when users are not actively using the client.
  • Strictly Limited Data Collection - Dise retains only limited information such as Telegram user IDs and chat IDs necessary for CRM functionality implementation (see Sec.3 for the full list). Message content is displayed directly from local storage and is never transmitted to, processed by, or stored on Dise servers.
  • Transparent Implementation - The Telegram client implementation is open-source, thereby enabling independent verification and validation of all privacy and security assertions contained herein.

This architectural framework is purposefully engineered to establish definitive technical boundaries that enhance user privacy and security while limiting Dise's access capabilities. In the event of a security incident affecting Dise systems, no mechanism exists through which Telegram accounts or conversation content could be compromised via Dise.

2.1 Technical Implementation of Iframe Integration

The technical implementation of our Telegram integration employs specific security measures to maintain strict data isolation:

  • Sandboxed Iframe Implementation - The Telegram client is encapsulated within a sandboxed iframe with controlled cross-origin permissions. This creates a technical boundary that prevents Dise from accessing data within the Telegram client context.
  • Content Security Policy (CSP) - We implement strict CSP directives that prevent unauthorized data exchange between the Telegram client iframe and our CRM application. These policies enforce domain-level isolation and prohibit script interference.
  • Local Storage Isolation - The Telegram client operates within its own isolated local storage context. Message data, authentication tokens, and session information remain exclusively within this context and are inaccessible to the parent Dise application.
  • Cross-Origin Resource Sharing (CORS) Restrictions - Our implementation enforces strict CORS policies that prevent unauthorized cross-origin requests, ensuring that Telegram API communications cannot be intercepted or monitored by Dise.
  • No JavaScript Bridge - Unlike many iframe integrations, we deliberately do not implement any JavaScript bridge or postMessage communication channel that could potentially access Telegram data. The only data transferred between contexts are the minimal user IDs and chat IDs needed for CRM functionality.
  • Session Termination Protocol - When a user closes the Telegram client or logs out, all session data is immediately purged from the local environment. No persistent storage of Telegram session data occurs within the Dise application context.

These technical measures collectively ensure that the Telegram client operates as a functionally separate application within the Dise interface, with clear technical boundaries preventing any unintended or unauthorized data access.

3. INFORMATION WE COLLECT

3.1 Information You Provide to Us

When you register for and use our Service, we may collect:

  • Account information (name, username, user ID, profile picture)
  • Workspace information (name, logo, usernames of the users you invite to workspace)
  • Billing and payment information
  • Feedback and support communications
  • Any other information you choose to provide directly to our CRM platform (deal info, notes, acitivities, tasks, templates, files you attach to deals, etc.)

3.2 Information We Collect Automatically

When you use our Service, we automatically collect the following data:

  • Telegram-related identifiers: Specifically limited to IDs necessary for enabling CRM functionality and data consistency between users
  • Profile information: user ID, name, username, profile picture
  • Chat information: chat ID, name, last activity timestamp
  • Folders information: folder ID, name
  • Service usage analytics: Information pertaining to your interactions with our CRM features and interface elements
  • Device specifications: IP address, browser type and version, operating system, and device identifiers
  • System log records: Access timestamps, navigational patterns, page views, and related system activities
  • Organizational structure data: Information regarding your folder organization and contact management structures
  • Activity timestamps: Records of when you most recently accessed or utilized the Service

3.3 Information We DO NOT Collect

We hereby expressly affirm that Dise does not collect, process, store, or have access to the following:

  • Telegram message content, chat histories, or conversation transcripts
  • Telegram authentication credentials, passwords, or security verification codes
  • Media files, documents, or other content shared within Telegram conversations
  • Telegram contacts that have not been explicitly designated for synchronization with our CRM
  • Any activity from Telegram accounts beyond the specific interactions with synced chats  necessary for CRM functionality implementation

4. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  • Providing and improving our Service
  • Processing and completing transactions
  • Managing your account and providing customer support
  • Communicating with you about your account, updates, and promotional offers
  • Analyzing usage patterns to enhance user experience
  • Protecting the security and integrity of our Service
  • Complying with legal obligations

5. HOW WE SHARE YOUR INFORMATION

5.1 Third-party Service Providers

We may share your information with third-party vendors, service providers, and partners who perform services on our behalf, including:

  • Analytics providers: PostHog, FullStory, and Google Analytics to help us understand how our Service is used
  • Payment processors: Stripe, to process and secure your payment transactions
  • Affiliate program providers: Tolt.io, which collects information about transactions by clients for our referral program
  • Customer support tools: Tawk.to, to provide assistance when needed
  • Cloud service providers: Couldflare, Neon, to host our platform and store data

These providers are authorized to use your personal information only as necessary to provide these services to us and are contractually obligated to keep your information confidential and secure.

5.2 Legal Requirements

We may disclose your information:

  • To comply with applicable laws, regulations, legal processes, or governmental requests
  • To enforce our Terms of Service, including investigation of potential violations
  • To detect, prevent, or address fraud, security, or technical issues
  • To protect against harm to the rights, property, or safety of Dise, our users, or the public

5.3 Business Transfers

If Dise is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

6. DATA RETENTION

We retain your information for as long as your account is active or as needed to provide you with our Service. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

For Telegram-related data, we only retain the minimal identifiers (user IDs and chat IDs) necessary for CRM functionality. We do not store Telegram messages, which remain exclusively within the Telegram application itself.

7. DATA SECURITY

Dise implements comprehensive technical and organizational security measures in accordance with industry standards to safeguard all information collected and maintained within our systems. It must be acknowledged, however, that no electronic transmission or storage technology can provide absolute security guarantees. While we employ rigorous measures to protect your personal information, we cannot provide an unconditional guarantee of complete infallibility.

The architectural separation between our systems and Telegram data, as described in Section 2, constitutes a significant security advantage. Due to the technical impossibility of Dise accessing Telegram credentials or message content, these elements remain protected by Telegram's own security protocols even in the unlikely event of a security incident affecting Dise systems. This architectural separation represents an intentional security-by-design approach that provides protection independent of Dise's own security measures.

8. YOUR RIGHTS AND CHOICES

Depending on your location, you may have certain rights regarding your personal information, including:

  • Access: Request access to your personal information
  • Correction: Request that we correct inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your information to another service
  • Restriction: Request restriction of processing of your information
  • Objection: Object to our processing of your information
  • Withdrawal of consent: Withdraw your consent at any time

To exercise these rights, please contact us at privacy@trydise.com.

9. CHILDREN'S PRIVACY

Our Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.

10. INTERNATIONAL DATA TRANSFERS

We may transfer, store, and process your information in countries other than your own. Our servers may be located outside your country of residence. By using our Service, you consent to the transfer of your information to countries that may have different data protection rules than your country.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we will ensure that transfers of your personal information are subject to appropriate safeguards as required by applicable data protection laws.

11. GDPR COMPLIANCE

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) and applicable national data protection laws.

Legal Basis for Processing:

  • Performance of Contract: Processing necessary to provide you with our Service
  • Legitimate Interests: Processing based on our legitimate interests, such as improving our Service
  • Consent: Processing based on your consent, such as for marketing communications
  • Legal Obligation: Processing necessary to comply with our legal obligations

12. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

  • Right to Know: You have the right to request disclosure of the personal information we collect, use, disclose, and sell
  • Right to Delete: You have the right to request deletion of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights

California residents can make requests by contacting us at privacy@trydise.com.

13. COOKIE POLICY

We and our third-party partners, such as PostHog, FullStory, and Google Analytics, use cookies and similar tracking technologies to analyze trends, administer the website, track users' movements around the website, and gather demographic information about our user base as a whole.

You can control cookies through your browser settings. However, if you reject cookies, you may still use our Service, but your ability to use some features may be limited.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. If we make material changes, we will provide more prominent notice as required by applicable law.

15. CONTACT US

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Minders Studio Ltd.

Email: privacy@dise.app

Mail: International house, 101 King’s Cross road, United Kingdom, WC1X9LP

We will respond to your inquiry promptly and do our best to resolve any concerns you may have.

Политика в отношении обработки персональных данных

Редакция от 1 января 2025 г

1. Общие положения

Настоящая Политика обработки персональных данных (далее — Политика) определяет порядок обработки и защиты персональных данных пользователей, предоставляемых при использовании сайта https://www.disecrm.com и сервисов DiseCRM, оператором которых является:

Индивидуальный предприниматель Жданов Дмитрий Евгеньевич
ОГРНИП: 317774600330731
ИНН: 773175001050
Юридический адрес: 121108, г. Москва, ул. Кастанаевская, д. 52, кв. 2

Оператор обеспечивает защиту персональных данных в соответствии с Конституцией РФ, Федеральным законом от 27.07.2006 № 152-ФЗ «О персональных данных», а также иными нормативными актами РФ.

2. Персональные данные, обрабатываемые оператором

К персональным данным пользователей относятся:

  • фамилия, имя, отчество;
  • контактные данные (адрес электронной почты, номер телефона);
  • сведения об организации и должности (при регистрации юридических лиц);
  • платежные реквизиты (для оплаты услуг);
  • данные аккаунтов в Telegram, необходимые для работы CRM (идентификаторы пользователя и чатов, но не содержимое переписки).

Оператор не обрабатывает и не хранит:

  • содержание сообщений, переписку и вложения из Telegram;
  • пароли, токены доступа и коды авторизации;
  • медиафайлы, передаваемые в мессенджере.

3. Цели обработки персональных данных

Персональные данные обрабатываются исключительно для:

  • предоставления доступа к сервисам DiseCRM;
  • заключения и исполнения договоров с пользователями;
  • выставления счетов и проведения платежей;
  • направления уведомлений, связанных с использованием сервиса;
  • обеспечения технической поддержки;
  • соблюдения требований законодательства РФ.

4. Правовые основания обработки

Обработка персональных данных осуществляется на основании:

  • согласия пользователя;
  • заключённого договора (оферты) между пользователем и оператором;
  • требований законодательства РФ.

5. Порядок и условия обработки

  • Обработка персональных данных ведётся с использованием средств автоматизации и без них.
  • Данные хранятся на серверах на территории РФ.
  • Оператор принимает необходимые организационные и технические меры для защиты персональных данных от неправомерного или случайного доступа, уничтожения, изменения, блокирования, копирования, распространения, а также от иных неправомерных действий.

6. Передача персональных данных третьим лицам

Персональные данные могут передаваться третьим лицам только в случаях:

  • выполнения обязательств перед пользователем (например, банку для проведения платежа);
  • на основании требований законодательства РФ;
  • при получении согласия пользователя.
  • Передача данных в государства, не обеспечивающие адекватную защиту прав субъектов персональных данных, не осуществляется.

7. Сроки хранения персональных данных

Персональные данные хранятся не дольше, чем этого требуют цели их обработки, либо в сроки, установленные законодательством РФ. По истечении срока хранения данные подлежат удалению или обезличиванию.

8. Права субъекта персональных данных

Пользователь имеет право:

  • получать информацию об обработке своих персональных данных;
  • требовать уточнения, блокирования или уничтожения персональных данных, если они являются неполными, устаревшими, неточными или незаконно полученными;
  • отозвать согласие на обработку персональных данных;
  • обжаловать действия оператора в Роскомнадзор или суд.

Для реализации прав достаточно направить письменное обращение на адрес электронной почты: privacy@disecrm.com.

9. Ответственность

Оператор несёт ответственность за соблюдение требований законодательства РФ в области персональных данных.

10. Изменения в Политике

Оператор вправе вносить изменения в настоящую Политику. Обновлённая редакция публикуется на сайте по адресу https://www.disecrm.com/privacy.