Privacy Policy

1. Introduction and Data Controller

This Privacy Policy describes how Osyrion ("the Platform", "we", "us", or "our") collects, processes, and protects personal data in relation to our Traffic Simulation as a Service (TSaaS) infrastructure. Osyrion operates as the Data Controller for the personal data processed through our Telegram-based interface and core orchestration engine.

Our operations are governed by the laws of the United Kingdom, and we are committed to maintaining data protection standards consistent with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Categories of Data Collected

We collect and process only the minimum data necessary to facilitate high-fidelity traffic simulation and platform security:

• User Identifiers: We process Telegram User IDs, usernames, and associated metadata provided by the Telegram API to authenticate sessions and manage account permissions.
• Campaign Configuration Data: Technical parameters including target URLs, request headers, geographic preferences, and behavior scripts provided for simulation orchestration.
• Session and Usage Telemetry: Real-time data generated during active simulations, including success rates, latency metrics, and infrastructure performance logs.
• System Logs and Diagnostic Data: Technical logs recording interactions with our bot API, command execution history, and error reports for system stability and forensic auditing.

3. Legal Bases for Processing

We process your data under the following legal bases as defined by applicable data protection law:

• Contractual Necessity: To provide the services requested, manage credit balances, and execute simulation commands according to the Terms of Service.
• Legitimate Interests: To maintain platform security, prevent fraudulent use of our infrastructure, optimize network performance, and perform internal diagnostic analysis.
• Legal Compliance: To comply with statutory obligations within the United Kingdom jurisdiction.

4. Data Retention and Security

Personal identifiers are retained for the duration of your active subscription and for a period of 24 months thereafter to facilitate account recovery and compliance auditing. Operational telemetry data is typically anonymized or deleted within 90 days following the completion of a campaign, unless required for ongoing forensic review.

We implement robust technical and organizational security measures, including AES-256 encryption for data at rest and TLS 1.3 for data in transit. Access to orchestration logs is strictly limited to authorized engineering personnel through multi-factor authentication.

5. Data Sharing and Cross-Border Transfers

Osyrion does not sell, rent, or trade personal data to third parties for commercial or marketing purposes. We may share data with service providers (such as infrastructure hosts) only to the extent necessary to deliver our services.

While our primary orchestration occurs in the United Kingdom, traffic simulation may involve nodes in various global jurisdictions. All such transfers are governed by standard contractual clauses or equivalent adequacy mechanisms to ensure consistent data protection.

6. User Rights

Under UK GDPR, you maintain the following rights regarding your data:

• The right to access your personal data held by us.
• The right to request correction of inaccurate data.
• The right to request erasure ("right to be forgotten") under specific conditions.
• The right to data portability for account-related information.
• The right to object to or restrict processing based on legitimate interests.

To exercise these rights, please submit a formal request to security@osyrion.app.

7. Contact and Regulatory Authority

For inquiries regarding this policy or our data handling practices, please contact our Data Protection Office at security@osyrion.app. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.