Privacy Policy

RCS OFFICIAL ("we", "us") operates MyBot (the "Service"). This Privacy Policy explains what data we collect, how we use it, and the rights you have over it. We are committed to protecting your privacy and complying with applicable data protection laws including the Indian DPDP Act and GDPR where relevant.

• Account data: name, email, password (hashed), country.
• Billing data: billing name, address, GSTIN (if applicable). Card / UPI details are collected and stored directly by Razorpay — we never see your full card number.
• Integration credentials: Smile.one API email/key and Telegram bot tokens, stored encrypted at rest.
• Usage data: orders, transaction logs, IP address, device/browser metadata, dashboard activity.
• End-customer data (processed on your behalf): Telegram user IDs, in-game UIDs/Zones, and order history of your bot's customers.

• To operate, maintain and improve the Service.
• To process payments and prevent fraud (via Razorpay and our risk systems).
• To verify IGNs with upstream providers (Smile.one) before fulfilment.
• To send transactional emails (receipts, security alerts) and — only with your consent — product updates.
• To comply with legal obligations and respond to lawful requests.

All payments are processed by Razorpay Software Pvt. Ltd., a PCI-DSS compliant payment gateway. When you pay, your sensitive payment details are submitted directly to Razorpay over an encrypted channel. We only receive a transaction reference, status, and the last 4 digits of your instrument for reconciliation.

We do not sell your personal data. We share data only with:

• Payment processors (Razorpay) to complete transactions.
• Upstream providers (Smile.one, Telegram) to fulfil orders you initiate.
• Infrastructure providers (hosting, database, email delivery) under strict data-processing agreements.
• Law enforcement, when legally compelled.

Account and transaction data is retained for as long as your account is active, and for up to 7 years thereafter to comply with tax and accounting obligations. You may request earlier deletion subject to those legal requirements.

We use industry-standard safeguards — TLS in transit, AES-256 encryption at rest for secrets, role-based access control, RLS on our database, and regular security audits. No system is 100% secure; please use a strong, unique password and enable 2FA when available.

• Access, correct or export your personal data.
• Request deletion of your account.
• Withdraw consent for marketing communications at any time.
• Lodge a complaint with your local data protection authority.

Email privacy@rcsofficial.com to exercise any of these rights.

We use essential cookies for authentication and session management, and (with your consent) analytics cookies to understand product usage. You can control cookies through your browser settings.

The Service is not intended for users under 18. We do not knowingly collect data from minors.

We will notify you of material changes by email or in-app notice. The "Last updated" date at the top of this page indicates the most recent revision.

Questions? Email privacy@rcsofficial.com.