tl;dr - you should remove this disclaimer until this issue is resolved:
https://github.com/Telegram-Mini-Apps/analytics?tab=readme-ov-file#%EF%B8%8F-disclaimer
Problem:
My tests shown that you're sending at least a Telegram user ID to your backend.
Under GDPR and specifically in Telegram's case it's PII (personally identifiable information), because it doesn't prevent re-identification in specific cases.
Solution:
You should send a one-way-hashed user fingerprint to your backend, instead of using a plain PII data.
P.S.
TON is going to USA - don't forget to check local privacy laws in each state.
tl;dr - you should remove this disclaimer until this issue is resolved:
https://github.com/Telegram-Mini-Apps/analytics?tab=readme-ov-file#%EF%B8%8F-disclaimer
Problem:
My tests shown that you're sending at least a Telegram user ID to your backend.
Under GDPR and specifically in Telegram's case it's PII (personally identifiable information), because it doesn't prevent re-identification in specific cases.
Solution:
You should send a one-way-hashed user fingerprint to your backend, instead of using a plain PII data.
P.S.
TON is going to USA - don't forget to check local privacy laws in each state.