Privacy Policy

Last updated: April 22, 2026

Introduction

MyStars.tg ("we," "our," or "the Platform") operates at mystars.tg, a Telegram-native payment platform for purchasing Telegram Stars with cryptocurrency. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

By using MyStars.tg, you acknowledge and agree to the practices described in this Privacy Policy.

Information We Collect

We collect the following categories of information:

  • Telegram account information — your Telegram user ID, username, first name, and photo URL, obtained via the Telegram WebApp SDK when you access MyStars.tg through the Telegram Mini App.
  • TON wallet addresses — the public wallet address you connect via TON Connect for making payments or receiving referral payouts.
  • Transaction data — payment amounts, payment method (TON or USDT), blockchain transaction hashes, transaction status, and timestamps.
  • Referral tracking data — referral codes, attribution sources (cookie or Telegram start parameter), and referral relationship records.
  • Technical data — IP addresses (forwarded via proxy headers), browser user agent, and device type for security and rate limiting purposes.

We do not collect identity documents, government IDs, phone numbers, email addresses, or any personal data beyond what is listed above. No KYC (Know Your Customer) verification is required to use our services.

Cookies and Local Storage

We use a minimal set of cookies and browser storage:

  • ref_code — a referral tracking cookie with a 365-day expiration. Set when you visit the platform via a referral link. Used for first-touch attribution to credit referral commissions.
  • TON Connect session data — stored in local storage by the TON Connect SDK to maintain your wallet connection state.

We do not use advertising trackers or behavioural advertising pixels. The two privacy-respecting analytics tools we do operate — Plausible and Microsoft Clarity — are described in the next section.

Analytics and session recording

To understand how people use MyStars.tg and improve the checkout experience, we operate two analytics tools:

  • Plausible Analytics — self-hosted by us. Collects only aggregate page-view and event counters, does not set cookies, does not store IP addresses, and cannot identify you.
  • Microsoft Clarity — records product-improvement data about how users interact with our pages (mouse movement, scrolls, taps, rage-clicks) and aggregates it into heatmaps and anonymised session replays. The data processor is Microsoft Corporationand sessions are stored on Microsoft's servers. See Microsoft's Microsoft Privacy Statement and the Clarity Terms of Use.

Masked fields. Payment-sensitive elements are redacted before any recording leaves your browser: TON wallet addresses, payment amounts, payment comments or memos, payment IDs, referral codes, and the recipient @username. The masked values are replaced with *** in every replay.

Retention. Clarity session recordings are retained for 30 days(shorter than Clarity's 90-day default), then permanently deleted.

Legal basis. If you are in the EU, United Kingdom, EEA, or Switzerland, our legal basis is your freely given consent — Clarity only loads after you accept the banner. Elsewhere our basis is legitimate interestin improving the product. You can opt out at any time from this page (scroll to "Your Rights" below), and we honour Do Not Track and Global Privacy Control signals sent by your browser.

How We Use Your Information

  • Processing your Telegram Stars purchases and delivering Stars to your account.
  • Verifying blockchain payments and managing transaction status.
  • Calculating and distributing referral commissions.
  • Processing automatic reversals for failed, underpaid, or overpaid transactions.
  • Preventing fraud and enforcing rate limits.
  • Maintaining platform security and system integrity.

Blockchain Transactions

Payments made in TON or USDT are processed on the TON blockchain. Blockchain transactions are inherently public and immutable — transaction hashes, wallet addresses, and amounts are permanently recorded on the blockchain and are visible to anyone. We cannot delete, modify, or reverse blockchain records.

Third-Party Services

We interact with the following third-party services to operate our platform:

  • Telegram — Bot API and Mini App SDK for user verification and Stars delivery.
  • Fragment.com— Telegram's official marketplace, used to purchase Stars on your behalf.
  • TON Blockchain — for processing TON and USDT payments.
  • DeDust DEX — decentralized exchange used for USDT-to-TON swaps when you pay with USDT.
  • Plausible Analytics (self-hosted) — aggregate, cookie-less, IP-less analytics. No personal data leaves our infrastructure.
  • Microsoft Clarity — heatmaps and anonymised session replays for UX improvement. Data processor: Microsoft Corporation. Payment-sensitive fields are masked before transmission.

Each of these services has its own privacy policy. We encourage you to review them independently.

Data Retention

  • Transaction records — retained indefinitely for financial record-keeping and legal compliance.
  • Referral cookies — expire after 365 days from the date of first click.
  • Wallet session data — cleared when you disconnect your wallet or close the browser.
  • Clarity session recordings — retained for 30 days, then permanently deleted.
  • Technical logs — IP addresses and request logs are retained for a limited period for security monitoring.

Your Rights

You have the right to:

  • Request information about the data we hold about your account.
  • Request deletion of non-essential data associated with your account.
  • Clear referral cookies at any time by deleting cookies in your browser settings.
  • Disconnect your TON wallet at any time via the TON Connect interface.
  • Request deletion of your Microsoft Clarity session recordings — contact us and we will remove identified sessions within 30 days.

Please note that blockchain transaction records cannot be deleted or modified, as they are stored on a public, immutable ledger.

Security Measures

We implement the following security measures to protect your data:

  • HTTPS/TLS encryption for all communications.
  • Content Security Policy (CSP) headers to prevent cross-site scripting.
  • Per-endpoint rate limiting to prevent abuse.
  • Telegram WebApp initData signature verification for all authenticated requests.
  • No storage of sensitive credentials — wallet private keys never leave your device.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of MyStars.tg after changes constitutes acceptance of the revised policy.

Contact

If you have questions or concerns about this Privacy Policy, please contact us through our Telegram support group.