Privacy Policy

Last updated: March 28, 2026

Introduction

MyStars.tg ("we," "our," or "the Platform") operates at mystars.tg, a Telegram-native payment platform for purchasing Telegram Stars with cryptocurrency. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

By using MyStars.tg, you acknowledge and agree to the practices described in this Privacy Policy.

Information We Collect

We collect the following categories of information:

  • Telegram account information — your Telegram user ID, username, first name, and photo URL, obtained via the Telegram WebApp SDK when you access MyStars.tg through the Telegram Mini App.
  • TON wallet addresses — the public wallet address you connect via TON Connect for making payments or receiving referral payouts.
  • Transaction data — payment amounts, payment method (TON or USDT), blockchain transaction hashes, transaction status, and timestamps.
  • Referral tracking data — referral codes, attribution sources (cookie or Telegram start parameter), and referral relationship records.
  • Technical data — IP addresses (forwarded via proxy headers), browser user agent, and device type for security and rate limiting purposes.

We do not collect identity documents, government IDs, phone numbers, email addresses, or any personal data beyond what is listed above. No KYC (Know Your Customer) verification is required to use our services.

Cookies and Local Storage

We use a minimal set of cookies and browser storage:

  • ref_code — a referral tracking cookie with a 365-day expiration. Set when you visit the platform via a referral link. Used for first-touch attribution to credit referral commissions.
  • TON Connect session data — stored in local storage by the TON Connect SDK to maintain your wallet connection state.

We do not use analytics cookies, advertising trackers, or third-party tracking pixels.

How We Use Your Information

  • Processing your Telegram Stars purchases and delivering Stars to your account.
  • Verifying blockchain payments and managing transaction status.
  • Calculating and distributing referral commissions.
  • Processing automatic reversals for failed, underpaid, or overpaid transactions.
  • Preventing fraud and enforcing rate limits.
  • Maintaining platform security and system integrity.

Blockchain Transactions

Payments made in TON or USDT are processed on the TON blockchain. Blockchain transactions are inherently public and immutable — transaction hashes, wallet addresses, and amounts are permanently recorded on the blockchain and are visible to anyone. We cannot delete, modify, or reverse blockchain records.

Third-Party Services

We interact with the following third-party services to operate our platform:

  • Telegram — Bot API and Mini App SDK for user verification and Stars delivery.
  • Fragment.com — Telegram's official marketplace, used to purchase Stars on your behalf.
  • TON Blockchain — for processing TON and USDT payments.
  • DeDust DEX — decentralized exchange used for USDT-to-TON swaps when you pay with USDT.

Each of these services has its own privacy policy. We encourage you to review them independently.

Data Retention

  • Transaction records — retained indefinitely for financial record-keeping and legal compliance.
  • Referral cookies — expire after 365 days from the date of first click.
  • Wallet session data — cleared when you disconnect your wallet or close the browser.
  • Technical logs — IP addresses and request logs are retained for a limited period for security monitoring.

Your Rights

You have the right to:

  • Request information about the data we hold about your account.
  • Request deletion of non-essential data associated with your account.
  • Clear referral cookies at any time by deleting cookies in your browser settings.
  • Disconnect your TON wallet at any time via the TON Connect interface.

Please note that blockchain transaction records cannot be deleted or modified, as they are stored on a public, immutable ledger.

Security Measures

We implement the following security measures to protect your data:

  • HTTPS/TLS encryption for all communications.
  • Content Security Policy (CSP) headers to prevent cross-site scripting.
  • Per-endpoint rate limiting to prevent abuse.
  • Telegram WebApp initData signature verification for all authenticated requests.
  • No storage of sensitive credentials — wallet private keys never leave your device.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of MyStars.tg after changes constitutes acceptance of the revised policy.

Contact

If you have questions or concerns about this Privacy Policy, please contact us through our Telegram support group.