Data Security

Last updated: October 6, 2025

At InToIn Bot, we take your data security seriously. This page outlines the security measures implemented to protect your information.

Infrastructure

Our service is built on trusted, enterprise-grade infrastructure:

• AWS Cloud: Amazon Web Services provides the underlying infrastructure with industry-standard security measures
• AWS Lambda: Serverless computing for secure, isolated execution of service functions
• DynamoDB: AWS managed NoSQL database with built-in encryption and backup capabilities
• Telegram API: All bot communications are handled through Telegram's secure messaging platform

Data Encryption

• In Transit: All data transmitted between services uses HTTPS/TLS encryption
• At Rest: Data stored in DynamoDB benefits from AWS encryption at rest
• Telegram: Messages between you and the bot are protected by Telegram's security protocols

What We Collect and Store

We collect and store only what is necessary to provide our service:

• Your Telegram username for identification
• LinkedIn profile data you provide
• Resume documents you upload
• Generated resumes and analysis reports
• Service usage information

Data Retention

• Active Users: Your data is retained while you use the service
• Inactive Users: Automatically deleted after 12 months of inactivity
• On Request: You can request immediate deletion via the /feedback command

Third-Party Services

We rely on the following services, each with their own security measures:

• AWS: Cloud infrastructure and database services
• Telegram: Messaging and bot platform
• AI Providers: For resume analysis and generation (data is not permanently stored by AI providers)
• Payment Processors: For secure payment handling

Access Control

• Administrative access is restricted and monitored
• Each user's data is logically separated
• No cross-user data access is possible

Your Responsibilities

You can help protect your data by:

• Keeping your Telegram account secure
• Enabling two-factor authentication on Telegram
• Not sharing your account access with others
• Reviewing generated content before use

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR), which means you have rights to:

• Access your personal data
• Correct inaccurate information
• Delete your data
• Export your data in a structured format
• Object to data processing

Exercise these rights using the /feedback command in our bot.

Security Incidents

In the unlikely event of a security incident affecting your data:

• We will investigate and contain the issue promptly
• Affected users will be notified within 72 hours as required by GDPR
• We will take appropriate remedial actions

Reporting Security Issues

If you discover a security vulnerability or have concerns:

• Use the /feedback command in our bot
• We treat all security reports with high priority

Updates to Security Practices

We continuously monitor and improve our security measures. This page will be updated to reflect any significant changes to our security practices.

---

← Back to Home