Forward LogoForwardMsg
Security

Token Encryption & Security

See how ForwardMsg securely protects your tokens.

🔐 Token Encryption & Security

We take the security and privacy of our users seriously. This document explains how client-provided tokens—such as Discord Client Token or Telegram session tokens and Bot tokens—are securely handled by our system.

Why We Need Your Token

Tokens are required to integrate your bots or accounts with our automation service. These tokens grant the automation layer permission to act on your behalf with the associated platform (e.g., Telegram).

Your token is never exposed to any third-party service or human. It is encrypted and handled with strict access controls.

🔄 Token Lifecycle

1. Submission

When you enter your token into our platform:

  • It is immediately encrypted on the server-side using AES-256 encryption.
  • The encrypted value is stored in a secure database.

We do not store the raw token—only the encrypted version.

2. Storage

  • All encrypted tokens are stored in a dedicated, access-controlled database.
  • The encryption keys are stored separately and protected using industry-standard key management techniques.

3. Access by Automation

Only the automation engine can decrypt and use your token.

  • No other service or human has access.
  • Decryption happens just-in-time, only when the automation process needs it.

Automation processes operate in isolated environments and use your decrypted token only at runtime.

🔒 Security Highlights

  • ✅ Tokens are never logged
  • No one can manually retrieve your token
  • Just-in-time decryption ensures tokens aren't cached or kept in memory longer than needed

Your privacy and security are our top priority. If you have concerns or questions, feel free to contact our support.

For advanced users, feel free to contact support if you’d like to understand more about our encryption model.

Previous

📚 Materials

On this page