← thebedrock.ai

Privacy Policy

Minimal version. The service is operated by TQDM Inc. in the USA.

Controller

  • TQDM Inc., 1111B S Governors Ave, STE 23256, Dover, DE 19904, USA
  • Email: [email protected]

Data processed

  • Your Telegram user id, first name, username, and (if public on Telegram) profile photo URL — all received via the Telegram Login Widget for authentication.
  • Bot questions and AI agent traces (system prompts, tool calls, tool results, model outputs) you generate via the bot.
  • Per-call usage counters and aggregate spend, recorded as immutable audit entries on the shardd ledger keyed by your Telegram user id.
  • Telegram chat messages in chats where the bot is a member, stored briefly so the agent can pull thread context (see Storage and deletion).
  • Server logs (IP address, timestamps, errors).
  • Anonymous page-view counts via Umami analytics — no cookies, no fingerprinting.

Purpose and legal basis

  • Provide the bot, the trace viewer, and the per-user dashboard.
  • Authenticate users via Telegram and maintain the session cookie.
  • Maintain technical functionality, security, and audit trails for billing.
  • Legal basis: Art. 6(1)(b) GDPR (providing the service); Art. 6(1)(f) GDPR for logs and security (legitimate interest).

Storage and deletion

  • Traces and chat messages are automatically pruned 30 days after creation.
  • You can delete every trace associated with your Telegram account at any time from the dashboard. Doing so does not delete shardd ledger entries (those are an immutable audit log keyed by user id).
  • Server logs are automatically deleted after a short retention period.

Sharing of data with AI providers

  • Your questions are forwarded to OpenRouter, which in turn routes to upstream model providers (currently including OpenAI, Moonshot AI, Qwen, xAI, and others). Each upstream provider's data-handling terms apply to those forwarded requests.
  • We do not sell, advertise against, or otherwise share your data outside this service-delivery chain.

Trace links

  • Trace pages at /t/<token> are accessible to anyone holding the URL — the secret token IS the access control. Do not share a trace URL you would not share publicly.

Your rights

  • Access, rectification, erasure, restriction, portability (Art. 15–20 GDPR).
  • Objection to certain processing (Art. 21 GDPR).
  • Withdraw consent with future effect.
  • Right to lodge a complaint with a data protection authority.
  • Contact to exercise rights: [email protected].

Cookies

  • We use one HTTP-only signed session cookie (rb_session) for authentication. No tracking cookies, no third-party cookies, no analytics scripts beyond Umami's cookie-less page-view counter.

Security

  • All traffic is encrypted via TLS. Authentication tokens are HTTP-only, signed, and cannot be accessed by client-side scripts.
  • Please secure your Telegram account, since access to it grants access to your dashboard here.

Changes

  • This privacy notice may be updated as needed. The current version is always published here.

Contact

  • TQDM Inc., 1111B S Governors Ave, STE 23256, Dover, DE 19904, USA
  • Email: [email protected]

Last updated: April 2026