Sessions.fyi

Privacy & Terms

What we hold, and the rules.

Last updated June 15, 2026

Privacy

What we hold

Your phone number and Telegram identity, an encrypted login for your account, your active-session details (device, rough location, time, the same list Telegram shows you), the public IDs of the keys you enroll, a record of what the guard removed, and the email you give us for alerts.

How your login is protected

Your login is sealed with AWS KMS and can only be unsealed inside a hardware enclave that proves, by attestation, that it is running our published open-source code. The machine hosting that enclave cannot read it. We hold the KMS key, so we are straight with you about the limit: we do not claim it is impossible for us to reach your session. What protects you is something better than a promise. The guard's powers are a short, fixed, hardware-checked list of actions, you can read the exact code that handles your session, and you can revoke our access at any moment with your own key.

What passes through, and your 2FA

Because Sessions watches your account from a live, logged-in session, Telegram updates pass through the enclave in real time, and those updates can include message content. The code running inside that enclave is published and attested, and its only powers are the fixed guard actions, so it has no path to store your messages or hand them to anyone, including us. You do not have to take our word for any of this. The gateway is open source, so you can read it yourself, or have an AI walk you through it if you are not technical, starting from our how it works page. And if you set a 2FA password, your browser turns it into a proof and never sends the password to us at all.

Terms

The service

Sessions monitors the active sessions on your Telegram account and removes ones that fall outside the policy you set. You stay in control of your account and can revoke the guard whenever you want.

What we promise, and don't

You stay in control of your account and your own keys at every step, and you can revoke the guard whenever you like. Sessions is built to a high standard and runs around the clock. Like any security tool it lowers your risk rather than erasing it, so it is offered as is, and we can't take on responsibility for losses caused by attackers or by events beyond the guard's control. If anything ever seems off, reach us any time and we'll help however we can.

Early access, and contact

Sessions is in early access and free for now, features and pricing may change. Reach us at danial@sessions.fyi.