Privacy Policy

This Privacy Policy explains how the Masters of Trivia team ("we", "us") collects, uses, shares and protects information when you use the Masters of Trivia Telegram Mini App (the "Mini App"). It complements Telegram's Standard Bot Privacy Policy.

1. Who is the controller

The Masters of Trivia operating team is the data controller for personal data processed by the Mini App. Contact: privacy@mastersoftrivia.com.

2. Data we collect

2.1 From Telegram (initData)

When you open the Mini App, Telegram passes us a signed initData payload containing:

• Your Telegram user ID
• First name, last name (if you set them)
• Username (if public)
• Language code
• Whether you are a Telegram Premium user
• Photo URL (if available)
• Start parameter (referral / deep-link payload)

We verify Telegram's HMAC signature server-side before trusting any of this data. We do not receive your phone number, email, contacts, messages, or chat history from Telegram.

2.2 From your activity in the Mini App

• Tournaments registered, started, completed
• Quiz answers, scores, time-to-answer, anti-cheat signals
• Stars balance, rewards claimed, daily streak
• Leaderboard ranking
• Pages viewed and buttons clicked, for product analytics
• Referrals you sent or received

2.3 From your device

• IP address (used for security, abuse prevention, and rate limiting)
• User-agent / Telegram client platform (iOS, Android, Desktop, Web)
• Approximate region inferred from IP (country level)
• Crash and error logs

2.4 From TON Connect (only if you connect a wallet)

• Your public TON wallet address
• The wallet provider you chose (e.g. Tonkeeper, MyTonWallet)

We never receive your seed phrase, private keys, or wallet password. We do not initiate transfers without an explicit signed request from your wallet.

2.5 Telegram Stars purchases

When you spend Telegram Stars in the Mini App, Telegram processes the payment and notifies us of the result, including a transaction reference, the amount in Stars, and the item purchased. We do not receive your payment method or financial credentials.

3. How we use your data

• Service operation: authenticate you, run tournaments, calculate scores and prizes, deliver rewards.
• Anti-fraud and integrity: detect cheating, multi-account abuse, automation, and other policy violations.
• Product analytics: understand which features are used so we can improve the Mini App. Analytics is aggregated where possible.
• Communications: send service messages through the Telegram bot (e.g., tournament results). We do not send marketing email.
• Compliance: meet Telegram platform rules, TON Connect rules, applicable laws, and respond to lawful requests.

4. Legal bases (where applicable, e.g., EEA / UK)

• Contract: running the Mini App you requested.
• Legitimate interests: security, fraud prevention, product analytics, debugging.
• Consent: for optional features like wallet linking. You can withdraw consent at any time by disconnecting.
• Legal obligation: tax, accounting, lawful requests.

5. Sharing

We share data only with the parties below, for the purposes stated:

• Telegram: already holds your Telegram identity; we do not disclose anything new to it beyond standard bot interactions.
• TON Connect wallet providers: if you connect a wallet, standard TON Connect handshake messages are exchanged with the wallet you chose.
• Infrastructure vendors (hosting, database, error monitoring, analytics) acting as processors under contract.
• Authorities when required by valid legal process.

We do not sell personal data. We do not share your Telegram ID or wallet address with advertisers.

6. Advertising and affiliate offers

Sponsored quizzes or affiliate tiles inside the Mini App are resolved by our backend with a fixed surface key (mot_telegram_miniapp) and are subject to compliance filtering. We do not embed third-party ad SDKs that read your Telegram data, and we do not place cross-site tracking pixels.

7. Storage and retention

• A short-lived JWT issued by our API is stored in your device's browser localStorage so you stay signed in across sessions.
• Server-side, we retain account data while your account is active and for up to 24 months after your last interaction, then we anonymize or delete it, except where law requires longer retention.
• Tournament scores may be retained in aggregate / leaderboard form indefinitely for historical records.
• Logs (security, errors) are typically kept up to 90 days.

8. International transfers

We may process data on servers located outside your country. Where required by law (e.g. EEA / UK), we use appropriate safeguards such as Standard Contractual Clauses with our processors.

9. Security

We use TLS in transit, signed JWTs for session auth, server-side verification of Telegram initData, hashed/encrypted secrets, rate limiting, and access controls. No system is perfectly secure; please report suspected vulnerabilities to security@mastersoftrivia.com.

10. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to processing of your personal data, and to lodge a complaint with a data protection authority. To exercise these rights, email privacy@mastersoftrivia.com from the Telegram-linked account, or message our support bot.

You can also delete your account at any time from Profile → Settings → Delete account, which will remove your profile, scores, and stored preferences within 30 days subject to fraud and legal holds.

11. Children

The Mini App is not intended for children under 13 (or the higher minimum age of digital consent in your jurisdiction). If we discover that we have collected data from a child below that age, we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated in-app or via the bot. The "Effective date" below shows the latest version.

13. Contact

Privacy questions: privacy@mastersoftrivia.com
Security: security@mastersoftrivia.com
Legal: legal@mastersoftrivia.com

Effective date: 2025-01-01.