Back to login
Placeholder — pending legal review. This document is a good-faith draft describing current behaviour and is not a substitute for professionally reviewed legal terms.

Privacy Policy

Last updated: 2026-07-03 (version 1)

1. Who we are

Holos ("the Service") is a Telegram bot platform operated by an individual operator. This policy describes what personal data the Service processes and why. Contact: the /feedback command in the bot.

2. What we collect

Because the Service works as a Telegram bot, the primary identifier we store is your Telegram user ID, together with your Telegram username and first/last name as provided by Telegram. In addition the Service stores:

  • Messages you send to the bot — processed to fulfill your requests and retained as session history so conversations can continue;
  • Your workspace files — code and files you create or upload, stored in your isolated workspace on our server;
  • Resource-usage metrics — per-container memory/CPU samples and daily rollups for your deployed applications, used for fair-use enforcement and (in the future) usage billing;
  • Payment records — cryptocurrency invoice identifiers, amounts, and payment status from CryptoPay. We never receive or store card numbers or bank details.
  • Operational logs — structured logs that include your Telegram ID, used for debugging, security auditing, and abuse prevention.

3. Who else processes your data

To provide the Service, some data is shared with:

  • Telegram (the transport for all bot communication);
  • AI providers — your messages and relevant workspace content are sent to Anthropic (Claude) and/or OpenRouter and its downstream model providers to generate responses; where you connect your own provider account, your contract with that provider applies;
  • CryptoPay — for processing cryptocurrency payments;
  • Let's Encrypt — domain names of applications you deploy appear in public certificate transparency logs (this is inherent to HTTPS certificates).

We do not sell your data and do not share it with anyone else.

4. Where and how long

Data is stored on the operator's server. Raw resource-usage samples are kept for ~48 hours; hourly/daily usage rollups and payment records are retained long-term (usage rollups feed billing; payment records are kept for financial accountability). Messages, session history, and workspace files are retained until you delete them or your account.

5. Your rights

At any time you can:

  • Export your data with the /mydata command (a JSON file of everything stored about your account);
  • Delete your account with the /deleteme command. This stops your deployed applications and deletes your workspace files and personal records. We retain payment invoices, subscription history, and container-action audit logs (linked to your Telegram ID) for financial and security accountability;
  • Ask questions or raise concerns via /feedback.

6. Beta notice

The Service is in beta. Despite good-faith safeguards (per-user process isolation, access controls), bugs or leaks may occur. The operator actively works to prevent them and will inform affected users of any significant incident.

7. Administration panel

The admin panel at admin.slonix.dev stores only the administrator authentication token in the browser (localStorage and one strictly-necessary cookie — see the Cookie Policy). It sets no analytics or tracking cookies and communicates with the backend over HTTPS with the token in a request header, never in the URL.

8. Changes

When this policy changes materially you will be asked to accept the new version before continuing to use the Service.

This policy is drafted in good faith by the operator and has not yet been reviewed by legal counsel.