Security | BotBroad

BotBroad Security Measures

At BotBroad, we are deeply committed to protecting your data and maintaining the security of our platform. This document outlines the technical and procedural measures we have in place to ensure a safe environment for developers and users alike

Last updated: November 30, 2025

1. Data Security and Encryption

We use a multi-layered approach to secure your data, both in transit and at rest.

  • Data in Transit: All communication between your browser and our servers is secured with HTTPS (TLS 1.2+). This encrypts all data sent, including login credentials and API requests, preventing man-in-the-middle attacks.
  • Password Storage: We never store passwords in plain text. All passwords are hashed and salted using strong, one-way cryptographic functions.
  • Sensitive Data Encryption: Highly sensitive data including API keys and bot tokens are encrypted using industry-standard strong encryption algorithms with randomly generated initialization vectors.
  • Decryption Process: Encrypted data is temporarily decrypted in isolated, secure processes only when needed for system operations, then immediately cleared from memory.
  • Telegram Authentication: We use Telegram's secure OAuth authentication widget for Telegram-based login.
  • Session Management: Our user sessions are secure. Session data is stored on the server-side, not in client-side cookies. Session identifiers are random and non-predictable.

2. Access Control and Roles

Access to our systems and data is strictly controlled based on the principle of least privilege. We have distinct roles to manage access to different types of information.

The information we have access to is categorized by role as follows:

  • Users: We have access to the user data collected from Telegram as outlined in our Privacy Policies. This includes Telegram ID, username, and language code. This information is necessary for the core function of the service—broadcasting messages.
  • Bots: We have access to the bot information provided by developers, including the bot name, username, and encrypted token. This information is essential for sending messages on behalf of the developer.
  • Admins: Our internal administrators have access to a broader range of data for system maintenance, security monitoring, and support purposes. This access is highly restricted, logged, and reviewed regularly to ensure no misuse.

All access to sensitive data is audited and monitored to detect and prevent unauthorized activity.

3. System and Infrastructure Security

Our infrastructure is designed for resilience and security. While we make every effort to ensure the security of your data and our services, please note that we cannot be held responsible for any incidents or breaches that may occur despite our best efforts.

  • Regular Audits & Updates: We regularly audit our systems for vulnerabilities and apply security patches and updates as soon as they become available.
  • Network Security: Our servers are protected by secure configurations to ensure your data is kept safe. We use a variety of techniques to block unauthorized access and attacks, including configuring headers to enforce security best practices.
  • Third-Party Services: We use third-party hosting services to store and process your data. While we take extensive measures to protect your data, please note that our hosting provider may have administrative access to the servers where your data is stored. In some cases, the hosting provider may access or use the data for maintenance, security, and support purposes. However, we cannot be held responsible for any unauthorized or illegal access to or use of your data by the hosting provider. We carefully select and vet our third-party service providers to ensure they meet high security standards and comply with their privacy policies to maintain the security and confidentiality of your data. If you believe your data has been accessed or used inappropriately or illegally, we encourage you to report it immediately so we can investigate further.

Despite these measures, we cannot guarantee complete security, and we are not responsible for any breaches or issues that may arise. We strive to keep our systems as secure as possible, but security is always a shared responsibility.

4. Your Role in Security

While we do our best to protect your data, security is a shared responsibility. We strongly recommend that you:

  • Use a unique and strong password for your BotBroad account.
  • Keep your Telegram account secure.
  • Do not share your API keys or bot tokens with anyone.
  • Report any security vulnerabilities you find through our official channels.

5. Limitations of Our Security Measures

While we take all necessary precautions to ensure the security of our platform, no system can be entirely immune to attacks. We do our best to secure your data, but we cannot be held responsible for any damage or breach that may occur despite our efforts. Always practice good security hygiene and take steps to protect your own account.