Privacy Policy

Last updated: 2026-07-08

This Privacy Policy explains how mxsender ("mxsender", "we", "us", "our") collects, uses, shares and protects your personal data when you use our Telegram bot, our website at mxsender.com and our mobile application (together, the "Service").

We act as the data controller for the personal data described here. We process your data lawfully, fairly and transparently, in line with applicable privacy and data-protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the Law of Ukraine "On Personal Data Protection", California/US state privacy laws where they apply, Brazil's LGPD, Canada's PIPEDA, Turkey's KVKK and similar laws.

1. Who we are

mxsender is a listing-monitoring service: you submit marketplace search links and we notify you when a new listing appears. The operator identified above is responsible for your personal data. You can reach us about any privacy matter at [email protected].

By using the Service you acknowledge the practices described in this policy. If you do not agree with it, please do not use the Service.

2. Data we collect

We collect only what we need to run the Service:

  • Telegram account data — your Telegram user ID, username, first name and language, provided by Telegram when you interact with the bot.
  • Website / app account data — if you register on the web, your email address, a hashed password and an optional display name; in the mobile app, an anonymous device identifier.
  • Monitoring data — the marketplace search URLs you submit and your monitor settings (name, schedule, filters), plus the listings we detect for them.
  • Payment data — your chosen plan, amount, currency and transaction identifiers from our payment providers. We never receive or store your full card number, banking credentials or crypto-wallet private keys.
  • Usage and activity data — actions you take in the bot or on the site, notifications we send you, and audit/event logs used for security and support.
  • Technical data — your IP address and approximate country, browser/device information and similar metadata provided automatically when you connect.
  • Support data — the message, optional email and context you provide when you contact support.
  • Cookies and similar technologies — see the Cookies section below.

3. How we use your data and our legal bases

We use your personal data for the following purposes, each with a legal basis under the GDPR:

  • Provide and operate the Service — create your account, run your monitors and manage your settings (performance of a contract).
  • Deliver alerts and notifications — send you new-listing alerts and service messages (performance of a contract).
  • Process payments and subscriptions — take payment, manage renewals and keep required records (performance of a contract; legal obligation).
  • Support and communication — respond to your requests and send important service notices (legitimate interests; performance of a contract).
  • Security and abuse prevention — detect, prevent and investigate fraud, abuse and technical issues (legitimate interests; legal obligation).
  • Analytics and improvement — understand how the Service is used and improve it (consent, where required, otherwise legitimate interests).
  • Legal compliance — comply with laws and respond to lawful requests (legal obligation).

4. Cookies and analytics

Our website uses a strictly necessary session cookie and a cookie that remembers your language preference; these are required for the site to work and do not need consent.

We use Google reCAPTCHA on forms to protect the Service from spam and abuse. With your consent, we use Google Analytics 4 (with Consent Mode v2) to measure usage. Analytics cookies are set only after you agree, and you can withdraw consent at any time through the cookie settings link in the footer or your browser settings.

5. How we share your data

We do not sell your personal data and do not share it for cross-context behavioral advertising. We share it only with service providers who process it on our behalf under contract, and only as needed to run the Service or comply with law:

  • Telegram — to deliver bot messages and notifications.
  • Payment providers — NOWPayments (crypto/USDT) and Telegram Stars, to process your payments.
  • Cloudflare — for content delivery, security and approximate geolocation.
  • Google — for analytics and reCAPTCHA, subject to your consent where required.
  • Hosting and infrastructure providers — to host and operate our servers and email.
  • Authorities and advisers — where required by law, or to protect our rights, users and the Service.

6. International data transfers

Your data may be processed in countries outside your own, including outside the European Economic Area. Where we transfer personal data internationally, we rely on an adequacy decision or appropriate safeguards such as the European Commission's Standard Contractual Clauses, so your data keeps an equivalent level of protection.

7. How long we keep your data

We keep your personal data for as long as your account is active and as long as needed for the purposes in this policy. Payment and tax records are kept for the periods required by law. When data is no longer needed we delete or anonymize it. You can ask us to delete your account and associated data at any time (see Your rights).

8. Your rights

Subject to applicable law, you have the following rights over your personal data:

  • Access — obtain a copy of the data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data ("right to be forgotten").
  • Restriction — ask us to limit how we use your data.
  • Portability — receive your data in a portable, machine-readable format.
  • Objection — object to processing based on our legitimate interests.
  • Withdraw consent — withdraw consent at any time, without affecting prior processing.
  • Complain — lodge a complaint with your local data-protection or consumer-privacy authority.

9. Regional privacy rights

Depending on where you live, additional rules may apply. We extend the core rights above to all users where reasonably possible, even when a local law does not require every right.

  • EEA, UK, Switzerland and Ukraine — you may contact us to exercise GDPR/UK GDPR, Swiss FADP or Ukrainian privacy rights and may complain to your local supervisory authority (for example the ICO in the UK or the Ombudsman in Ukraine).
  • California and other US privacy-law states — you may request to know, access, correct, delete or receive a copy of personal information, and you have the right not to be discriminated against for exercising privacy rights. We do not sell personal information or share it for cross-context behavioral advertising, and we do not use sensitive personal information for purposes that require a separate limit-use choice.
  • Brazil, Canada and Turkey — where the LGPD, PIPEDA, KVKK or similar laws apply, you may request confirmation of processing, access, correction, deletion/anonymization where available, portability where applicable, and withdrawal of consent.
  • How to exercise rights — email [email protected]. We may need to verify your identity before fulfilling a request and may keep information when required for payments, security, legal obligations or legal claims.

10. Data security

We protect your data with technical and organizational measures, including encryption in transit (HTTPS), hashed passwords, access controls and least-privilege practices. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the authorities of a breach where the law requires.

11. Children

The Service is not directed to children under 16 (or the age of digital consent where you live). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us at [email protected] and we will delete it.

12. Automated decision-making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. Our automated systems monitor marketplace pages, not you, and do not profile you.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we change the "Last updated" date above, and we will notify you of material changes through the Service. Please review this page periodically.

14. Contact us

For any privacy question or to exercise your rights, contact us at [email protected]. We respond to requests within the timeframes required by law.