Telegram userId verified before processing
A stranger's message is dropped before any processing — no reply, no log entry. The userId cannot be forged via a regular message — it's signed by the Bot API.
security · proboi
Your data
Your data
under lock.
Every user runs in their own isolated secure container. No one else gets in — not a neighbor on the service, not an admin.
only you
how every pro user is protected
Four layers
Four layers
from the door to the kernel
Every paid user gets their own slice of the server. Each layer is independent: even if one is compromised, the rest hold.
01
Your own box
Every paid user gets a dedicated Docker container: an isolated mini-system inside the server. Their own disk slice, their own processes, their own permissions. No shared space between guests.
System files are read-only. Another user's process physically cannot reach your vault.
02
Double isolation at the kernel level
On top of the container — two more layers. User namespace remapping: inside the container you're a regular user, but on the host you're "nobody" — no rights outside your own vault. If a kernel CVE drops tomorrow, a container escape gains nothing. Plus a syscall interception layer between guest processes and the host kernel.
An attacker would have to break through several independent layers at once. Data-center grade.
03
Network, two firewalls
Guest containers cannot see each other on the network. A request from your address to a neighbor's address simply doesn't arrive. Internal service interfaces are closed at two independent firewall levels (INPUT and DOCKER-USER chains).
Firewall rules are restored automatically on restart. They cannot be accidentally opened.
04
Hard resource limits
One user cannot bring down the service — accidentally or otherwise. Each container has a cap on memory, processes, and disk (vault 2 GB). Request frequency is bounded by a token bucket. If you exceed the limit, the bot asks you to clean up — it doesn't crash and doesn't affect your neighbors.
A separate "credit window" protects against an accidental runaway task burning money.
on top of the layers
A few more technical measures
Not part of the onion, but they work along the entire request path.
Path and command allowlist
Filesystem operations are validated against an explicit allowlist. Bash commands are also checked before execution.
Encryption in transit
TLS 1.2+ on all connections: Telegram → bot, bot → model providers, bot → YooKassa.
What happens at each step
Step 1 — TLS in transit
Your message travels from your device to Telegram's servers over TLS 1.2+. The same applies on every hop from the bot to its providers.
Step 2 — Authentication by userId
The bot checks the Telegram userId against an explicit allowlist. Messages from unknown accounts are dropped before any processing — no reply, no log entry.
Step 3 — Context isolation
A separate session and a separate container are created for each user. One user's history, files, and settings are physically inaccessible to another.
Step 4 — Sending to the model
The request is forwarded to one of the providers. All providers, under the terms of API access, do not use requests to train their models.
payments
Your card details go directly to the processor.
Payments are handled by YooKassa — a Russian payment service licensed by the Central Bank of Russia. PCI DSS certified, the same standard banks use. We only see the fact of payment, not your card details.
we never see
card number, CVV, cardholder name
we see
payment id, status, amount, date
refunds
back to the same card, same route
cancel
one message to the bot
Third-party services that process your data
A list of sub-processors that receive data when you use the service.
- Language-model providers (DeepSeek, Anthropic Claude, Qwen, OpenAI, etc.) — request-text processing. Which model is used at any given moment depends on the task and load. Data transferred: request text.
- OpenAI — Whisper speech recognition and embeddings for the document library. Data transferred: audio file (on transcription), text fragments (on document search).
- OpenRouter — multimodal gateway: image and video analysis (Gemini), alternative top models on request (Claude, Qwen, GPT, etc.). Data transferred: media file + request text.
- Composio — managed OAuth for Gmail, Drive, Docs, Sheets, Calendar. Data transferred: Google account access tokens. Only when you explicitly connect via /google.
- YooKassa — subscription payment processing. Card data does not pass through our servers.
All providers, under the terms of API access, do not use requests to train their models.
Storage & deletion
deleted on command
/forget and /new
These commands delete the assistant's memory, your container, and your session. Vault data is removed immediately.
not auto-deleted
Payment history & audit logs
Payment history is retained for 5 years under Russian accounting law. Technical audit logs (without conversation content) — 30 day rolling window.
full removal
Account deletion request
To permanently leave the service, email abuse@proboi.site. We will delete your remaining data within 30 days.
Encryption
in transit
TLS 1.2+ everywhere
All connections — Telegram → bot, bot → providers, bot → YooKassa — are protected by TLS.
at rest
Hosting-provider disk encryption
Timeweb Cloud disk encryption is used. There is no additional application-level encryption — all protections are implemented at the OS and container level.
Incident response & security contact
breaches
Incident notification
In the event of a personal data breach we will notify Roskomnadzor within 24 hours and affected users within 72 hours in accordance with applicable law.
responsible disclosure
Report a vulnerability
Found a bug or vulnerability? Email abuse@proboi.site. We respond within 7 business days. The same address handles abuse and legal inquiries.
honest limits
What we don't promise.
These three points are stated deliberately — so you can make an informed decision.
No one offers end-to-end encryption
A language model needs plaintext. A channel where even the provider cannot see the content cannot exist by design. This is how all AI services work. It is an architectural property of all LLMs.
100% protection from unknown vulnerabilities does not exist
A layered architecture reduces the likelihood of an attack and limits its scope. But no one can promise protection against tomorrow's 0-days, including the largest clouds.
We don't have SOC 2 / ISO 27001
These certifications are needed for enterprise contracts. We invest in real technical measures, not audit paperwork. If a formal certificate is a hard requirement for your use case — that is a fair deal-breaker.
Architecture can't protect you from yourself.
No architecture protects against what the user voluntarily sends out. So:
- → don't send passport data, SSN, card details, medical records, passwords, or biometrics
- → a colleague's document you forward to the bot is your legal risk
- → sent something by accident? Use
/forgetor/new
rule → if you wouldn't send it to ChatGPT, don't send it to Proboi either
Have questions? Ask the bot directly.
If you need a formal document for a security team review, write to us — we'll send one.
Open in Telegram →