Privacy Policy
Last updated: May 2026
Verdikt (“we”, “us”, “our”) operates the Lena Telegram bot and the asklena.co website. This policy explains what data we collect, how we use it, and your rights.
What We Collect
- Telegram user ID — required to operate the bot. We use this to route messages and track your subscription tier. We do not collect your name, phone number, or any other Telegram profile data.
- Subscription tier — Free, BYOK, Managed, or Pro. Updated automatically when you subscribe or cancel via Paddle.
- Paddle customer ID — assigned by Paddle when you subscribe. We store this to manage your billing relationship. We never receive or store your payment card details.
- Encrypted API keys (BYOK users only) — if you use
/setkey, your API key is encrypted at rest using AES-256 before storage. The key is never stored in plaintext after the moment you submit it. - Analysis history — each
/analysecommand is logged with a hashed user identifier, ticker, timestamp, verdict, and conviction score. Raw Telegram user IDs and tickers are never stored in the same log line.
What We Do Not Collect
- Payment card details (handled exclusively by Paddle as Merchant of Record)
- Your name, email, or phone number
- Browsing history, IP address, or device fingerprint
- Any data from the asklena.co website (no cookies, no analytics)
Data Retention
- Analysis history is retained for 90 days from the date of the analysis, then automatically deleted.
- Subscription records are retained for as long as your account is active plus 12 months for audit purposes.
- Encrypted API keys are deleted immediately when you use
/deletekeyor when your BYOK subscription ends.
Your Rights
Delete your API key — send /deletekey in the bot at any time. The key is purged from our database immediately and you receive a confirmation message.
Account deletion — contact us at support@verdikt.co to request full account deletion. We will delete all data associated with your Telegram user ID within 14 business days.
Data export — contact us to request a copy of the data we hold about you.
Payments
All payment card data is processed and stored exclusively by Paddle (our Merchant of Record). Verdikt never sees, stores, or processes your card details. Paddle’s privacy policy governs the handling of payment data: paddle.com/legal/privacy.
Security
User API keys are encrypted using HKDF-derived per-user AES-256-GCM keys. The master encryption secret is stored in a separate environment variable and is never co-located with the encrypted data.
All communication between the Lena bot and third-party services (Telegram, Paddle, LLM providers) uses TLS 1.2 or higher.
Contact
Questions about this policy: support@verdikt.co