Source Get started

Why you can trust it

Every architectural decision was driven by one question: how do we keep your Telegram account safe, your data private, and your relationship with Telegram legitimate?

The four-line summary

Your data stays on your VPS.

Each customer runs on their own VPS. Your Telegram session, messages, AI keys — all on your server. We can't read them.

Every write action is user-initiated.

AI drafts and proposes. You click send. Never autonomous. Audit log of every action.

The source is AGPL on GitHub.

Audit exactly what the software does. No black boxes. No hidden telemetry.

Backups are zero-knowledge encrypted.

You set a passphrase during onboarding. We hold ciphertext only. We cannot decrypt.

Telegram TOS — the honest analysis

Telegram's Terms contain clauses that look hostile to a product like this. The defensibility comes from architecture choices, not loopholes.

Clause

"Scraping prohibited"

The carve-out allows access for "ordinary, legitimate use as a user." You ARE the user. Processing your own messages on your own VPS. CRgraM is a power-user client, not a scraper.

Clause

"Actions without consent"

Every send_message originates from your click. AI proposes. You dispose.

Clause

"Non-sublicensable"

We don't sublicense anything. Each customer is the Telegram user, on their own VPS. We sell software, not access.

Design

Group cap is hardcoded

Solo = DMs only. Pro = ≤50. Enterprise = ≤100. Channels always blocked. Cannot be raised via config. CRgraM is architecturally incapable of being a scraper.

Full analysis with primary-source citations in docs/TOSSAFETY.md on GitHub.

What we refuse to do

×

No central database of customer data. Each VPS is sovereign.

×

No AI proxy. Your VPS calls the AI vendor directly. We're not a processor.

×

No Coding Plan shortcuts. Personal subscriptions used commercially get accounts banned.

×

No group-size bypass. The 100-member cap is a source-code invariant.

×

No shared api_id. Each customer registers their own.

Questions about deployment?

Happy to walk through the architecture, TOS analysis, or encryption model.

Email us →

Audit the source →