Sessions.fyi

Privacy

Non-custodial, spelled out.

The short version

Sessions watches which devices are logged into your Telegram and removes the ones that aren’t yours. To do that, the guard holds a login for your account, encrypted so only a sealed, fixed program running in a hardware enclave can unlock it. We don’t read your chats for our own purposes and we don’t store them. We’re not going to pretend we’re invisible, so here is exactly what we hold and how it’s protected.

What we hold to run the guard

Your phone number and Telegram identity. A login for your account, the thing that lets the guard see and remove sessions. Once you arm the guard, that login is encrypted with a key only the attested enclave can use; during setup, before you arm, it is held under our server key and cleared the moment you arm. The device, rough location, and time of each session on your account, the same information Telegram shows you in Settings. The public identifiers of the keys you set up (passkey, wallet, Google). Snapshots of your session list and a record of what the guard removed. The email you give us for alerts.

How that login is protected

Once you arm the guard, that login is encrypted with AWS KMS and can only be decrypted inside a hardware enclave running a fixed, attested image; the machine that hosts the enclave can’t read it, and we can’t read it in normal operation. Before you arm, during setup, the login is held under our server key (so we can complete the connection) and is cleared the moment you arm. You can revoke it any time, which logs the guard out of your account for good. We don’t claim it’s mathematically impossible for us to ever reach it. We claim we’ve built it so we don’t and can’t in operation once armed, we intend to publish the image so it can be independently verified, and you stay in control.

What passes through, honestly

To do its job, the guard keeps a live connection to your Telegram, the same as any logged-in device. So Telegram updates, which can include messages, pass through the enclave’s memory in real time. We don’t store them, log them, or use them for anything but the guard. We can’t honestly say your conversations never touch us, because the guard is itself a logged-in session. We can say we don’t keep them.

Your 2FA password

If your account has a 2FA password, your browser turns it into a proof and never sends the password to our servers. It lives only in your browser’s memory while you sign in, in code we serve, and is cleared right after.

A note on Telegram’s terms

Sessions logs into your Telegram, with your permission, to guard it. Automated access carries some risk to your account under Telegram’s terms. Please understand and accept that before you arm the guard.

Your data, your call

Disconnect the guard any time and we revoke the login and delete your data. If you only reserved a waitlist spot, the only thing we hold is your email, and you can have it removed any time.

Contact

Questions about any of this go to privacy@sessions.fyi.