Legal / 152-FZ

Privacy Policy

Last updated:

English version (for convenience)

This Policy defines the procedure for processing personal data when using the Rizae service (the “Service”) and is developed in accordance with Federal Law No. 152-FZ “On Personal Data” and other applicable provisions of the legislation of the Russian Federation. In case of discrepancies, the Russian version prevails.

1. General provisions

1.1. The Operator publishes this Policy and ensures unrestricted access to it. By using the Service and/or creating an account, the User confirms that they have read this Policy and understand the terms of data processing.

1.2. The Service is intended for users aged 16+. The Operator does not target the Service at processing data of persons under 16 years of age.

  • Operator: Solod Sergey Anatolyevich (the “Operator”).
  • Contacts for personal data matters: Email: sergeissolod@gmail.com; address (for requests if needed): Moscow, Russian Federation.
  • Processing territory: The Operator processes and stores personal data strictly within the territory of the Russian Federation. The Operator does not carry out cross-border transfer of personal data.
  • Legal grounds for processing: Processing is carried out based on: (a) conclusion and performance of the contract (public offer) and providing access to the Service; (b) the User’s consent (e.g., for optional analytics-if enabled); (c) the Operator’s legitimate interests (security, anti-fraud, protection of rights); (d) requirements of Russian law (including accounting for payments for services).

2. What data we process and localization

Data and infrastructure localization:
The Rizae Service is hosted on servers in the Russian Federation. Personal data, databases, event logs, Service files, and backups are stored and processed within the territory of the Russian Federation. The project’s source code, builds, configurations, and internal service files are also hosted and stored on infrastructure located in Russia.

2.1. We process data to the extent necessary for operating the Service, ensuring security, enforcing platform rules, and performing the contract. The scope of data depends on the features used (registration, chats, support, paid features).

2.2. Categories of data that may be processed:

2.3. Data sources: (a) data you provide directly; (b) data generated automatically when using the Service; (c) limited data from partner processors (e.g., the payment provider-payment status).

  • Account data: Email (login), account identifier, registration date/time, settings (e.g., language), access/subscription status information.
  • Chat data: Text messages you enter in chats and the Service’s replies. This data is used to provide functionality (dialog history, context) and to ensure security and handle requests.
  • Technical data and event logs: IP address, request date/time, device and browser parameters (User-Agent, language), session information, technical events (including security/anti-fraud events).
  • Support requests: The content of requests, correspondence with support, and technical information necessary to resolve the issue.
  • Payment data (limited): The Operator does not collect or store bank card details. Payments are processed by the payment provider. The Operator may receive only the information necessary to provide access and keep records: payment status/amount/currency/date, transaction identifier, and masked details (e.g., last 4 digits) if such information is provided by the provider.

3. AI processing and contractors (in Russia, no cross-border transfer)

3.1. The Service uses artificial intelligence technologies to generate replies. Processing of messages for reply generation is performed on infrastructure located within the territory of the Russian Federation.

3.2. The Operator does not carry out cross-border transfer of personal data and does not send the User’s messages for processing to foreign jurisdictions. If cross-border transfer becomes necessary for any features in the future, the Operator will update this Policy in advance and, where required, request separate consent, or restrict the relevant functionality until consent is obtained. (This approach aligns with general cross-border transfer requirements under 152-FZ.)

3.3. In any case, the Operator does not sell personal data and does not transfer it to third parties for purposes unrelated to operating the Service, security, or performance of the contract.

  • Data minimization: We design processing to use only the information necessary to generate replies and operate the Service. Do not include unnecessary personal data in your messages.
  • Contractors and processors: The Operator may engage contractors for hosting, technical support, analytics, and payment acceptance. We select such contractors so that processing is performed within the territory of Russia and ensure contractual confidentiality and security measures to a reasonable extent.

4. Prohibition of sensitive and payment data

IMPORTANT:
It is prohibited to enter into the Service and/or transmit in chats: passport data and documents, bank card/account numbers, CVV/CVC, SMS codes, passwords, access credentials, medical data, and other sensitive information. The Operator does not request such data in chats. If the User voluntarily provides such data, they do so at their own risk and are responsible for the consequences. The Operator may delete/hide such information, restrict access, and/or block an account to protect the User and comply with platform rules.

5. Cookies and analytics (Yandex.Metrica)

5.1. Analytics and service improvement

To analyze website usage and improve functionality, the Operator may use the Yandex.Metrica web analytics service (YANDEX LLC) and similar tools configured to operate within infrastructure located in Russia and without cross-border transfer of data by the Operator.

  • Analytics helps us understand which pages and features are in demand, identify errors, and improve the interface.
  • The Operator strives not to transmit identifying information (e.g., email) to analytics and not to use analytics for personalized advertising unless explicitly stated otherwise.
  • Using Yandex.Metrica requires appropriate legal grounds and informing visitors about cookies and data processing, which is reflected in this Policy and (if applicable) a cookie banner/settings.

5.2. Cookies

Cookies are small files/identifiers stored in the browser that help the website function. We use:

  • Technical (required): Needed for authorization, security, session persistence, language, and basic settings. Without them, some Service functions may work incorrectly or be unavailable.
  • Analytics (optional): Used to collect statistics (e.g., Yandex.Metrica). They may be enabled with the User’s consent if this is provided by the interface (cookie banner/settings).

You can manage cookies in your browser settings and/or via cookie settings on the website (if available). Disabling technical cookies may prevent authorization and proper operation of the Service.

6. Security and retention periods

6.1. The Operator takes reasonable organizational and technical measures to protect data against unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, and other unlawful actions.

  • Encryption and communication channels: Data transmission between the User and the Service is carried out using secure protocols (HTTPS/TLS) where applicable.
  • Access control: Access to data is restricted on a need-to-know basis. Security measures and anti-fraud controls are applied.
  • Passwords: The Operator does not store passwords in plain text. If password-based authentication is used, strong hashing methods are applied (e.g., bcrypt/argon2 or equivalent).
  • Retention periods (general principle): Data is stored no longer than necessary for processing purposes, performance of the contract, and compliance with legal requirements, after which it is deleted or anonymized.
  • Account data and chats: As a rule, stored while the account is active or until deletion upon the User’s request, unless longer storage is required by law or necessary to protect rights and legitimate interests (e.g., handling a claim, preventing abuse).
  • Technical logs and security events: May be stored for a reasonable period to ensure security and investigate incidents (e.g., up to 12 months) unless longer retention is required by law.
  • Backups: Data may be stored in backups on infrastructure in Russia and deleted as backups are overwritten/rotated. Backup rotation periods may differ from deletion periods in the active database.

7. User rights and deletion

7.1. The User has the rights provided by Russian personal data legislation, including the right to obtain information about processing, access their data, rectify it, block it, delete (destroy) it, and withdraw consent (where processing is based on consent).

7.2. To protect against abuse, the Operator may request reasonable information to confirm identity and account ownership (e.g., a reply from the email address associated with the account).

How to request data deletion?

7.3. You may request deletion of your account and/or personal data:

  • Send a request to: sergeissolod@gmail.com (preferably from the email used in the account).

7.4. Timeframes: the Operator aims to delete personal data from active (operational) systems within 30 calendar days from receipt of a valid request and confirmation of account ownership. Some data may be retained longer if required by law or necessary to protect rights and legitimate interests (e.g., handling a claim, fraud prevention). Data in backups is deleted as backups are rotated.

8. Changes to the Privacy Policy

8.1. The Operator may amend this Policy to reflect changes in the Service, security measures, legal requirements, or contractors used.

  • Notice: For material changes (e.g., changes to processing purposes, material changes in data categories, addition of new material contractors/processors), the Operator notifies Users via the Service interface and/or by email (if provided in the account).
  • Effective date: The new version of the Policy becomes effective upon publication on the website unless expressly stated otherwise in the new version. If the law requires separate User consent for new purposes/operations, the Operator ensures such consent is obtained via the Service interface.
  • Continued use of the Service after the changes take effect means acceptance of the updated Policy to the extent consent may be expressed in this way and does not contradict the law.
Back to top