Privacy at OQIM
Last updated: March 8, 2026
This page explains exactly what data OQIM accesses, stores, and shares. No legal fog — just the facts.
The Short Version
OQIM is a Telegram client. Your Telegram session lives on your device. Your messages stay on your device. The only time any message content leaves your device is when you explicitly ask Ziya to help — and even then, only the specific messages you're asking about. We make money from subscriptions. We will never sell your data. We will never show you ads.
Your Telegram Session
Your Telegram session never leaves your browser. We use MTProto via gram.js running entirely in your browser. Your authentication keys are stored in your browser's IndexedDB, not on our servers. OQIM never has access to your Telegram password or 2FA codes. We cannot log into your account, access it from another device, or impersonate you.
Your Messages
Your messages are stored on your device, synced from Telegram's servers using Telegram's standard protocol. OQIM does not bulk-upload, background-sync, or index your messages on our servers. They are yours.
When You Ask Ziya to Help
When you use Ziya to summarize, draft, rewrite, or search, the specific messages relevant to your request are sent from your device to our server via an encrypted connection (TLS). Our server forwards them to Google Gemini for AI processing, receives the response, and sends it back to you.
Message content is never written to disk on our servers. It is not logged or stored. It exists in server memory only for the duration of the request.
What About the AI Provider?
When Ziya processes your request, message content is sent to Google Gemini through their API. We use Gemini under API terms that prohibit using your data to train their models. Your messages are processed and discarded by Gemini — they are not stored, logged, or used for any purpose beyond generating Ziya's response.
Ziya's Memory
When Ziya remembers things about your conversations (names, preferences, key facts), this memory is stored on our servers, encrypted with a unique key derived for your account using AES-256-GCM. This includes conversation history, remembered facts, commitments, and memory summaries.
You can view, edit, or delete your Ziya memory at any time. If you delete your account, all memory data is permanently erased.
What We Store
Complete list. All items marked "encrypted" use per-account AES-256-GCM encryption.
- AI conversation history — encrypted. The back-and-forth between you and Ziya.
- Facts you ask Ziya to remember — encrypted. Things like "my flight is on Tuesday" that you explicitly tell Ziya to save.
- Commitments and tasks — encrypted. Action items Ziya extracts from your conversations when you ask.
- Communication style preferences — your tone and language settings for AI-assisted drafting.
- Usage analytics — metrics only: query count, response time, feature adoption. No message content, no query text.
What We Will Never Do
- Sell, rent, or share your data with third parties for advertising or marketing.
- Use your messages to train AI models. Your conversations are processed and discarded.
- Background-sync your messages to our servers. Data only moves when you ask Ziya to act.
- Store your Telegram credentials. Your session is yours.
- Show you ads or sell your attention. Our business model is subscriptions.
What About Group Chats?
When you ask Ziya to summarize a group chat, messages from other participants are included in the processing. This is the same as you reading those messages yourself — Ziya helps you understand conversations you are already part of. Other participants' messages are subject to the same zero-storage policy: processed in memory, never written to disk, never shared outside your session.
Third-Party Services
Services that process data on our behalf, and exactly what each one sees:
- Google Gemini — processes your AI queries. Not used for model training. Discarded after response.
- PostHog — receives usage metrics only. No message content, no query text, no personally identifiable information.
- Sentry — receives error reports with request bodies automatically redacted.
- DigitalOcean — hosts our infrastructure. All stored data is encrypted at rest.
Your Controls
- View your Ziya memory — see exactly what Ziya remembers about you and your conversations.
- Delete your Ziya memory — erase everything Ziya knows, instantly and permanently.
- Delete your account — all data associated with your OQIM account is permanently deleted. No retention period, no 30-day wait.
Legal Documents
This page is our honest explanation of how data works in OQIM. For the formal legal terms:
Questions?
Email mirzosharif@oqim.ai or message us on Telegram at @oqimai. We respond within 24 hours.
If you find a security vulnerability, please report it to mirzosharif@oqim.ai.