Legal Information

Personal Data Processing Policy

This document is published to provide open access to the operator’s personal data processing policy.

Effective date: July 15, 2026

1. Data Controller

ИП Медведев Никита Васильевич acts as the personal data controller.

2. What data may be processed

  • name, email address, phone number, company name, message text and other information voluntarily submitted through forms;
  • registration and account data such as username, display name, INN, OGRN or OGRNIP, registered address, email, phone number and organization details;
  • technical data related to website requests, including IP address, User-Agent, Referrer, date and time of the request;
  • self-hosted analytics data processed only after consent: visitor and session identifiers, IP address, User-Agent, device, browser, operating system, traffic source, viewed URLs, timestamps, and locally determined country or city when a local geolocation database is available;
  • anonymous traffic statistics without visitor identification: view timestamp, host, public page path without query parameters, analytics choice state, browser and operating-system family, device category, and a coarse traffic-source category. These records do not contain an IP address, User-Agent, cookie identifier, account information, location, exact Referrer or UTM parameters;
  • data contained in support requests, emails and documents sent to the operator.

3. Purposes of processing

  • responding to incoming requests and demo requests for Admin Desk;
  • user registration, authentication and access to accounts and services;
  • contract performance, invoicing, licensing and customer support;
  • security monitoring, abuse prevention and incident investigation;
  • website performance and traffic evaluation using anonymous statistics and, where consent is provided, detailed analytics;
  • compliance with applicable laws.

4. Legal grounds

  • the data subject’s consent;
  • performance of a contract or pre-contractual steps requested by the data subject;
  • legal obligations imposed by applicable law.
  • processing for statistical purposes subject to mandatory anonymization under Article 6(1)(9) of Federal Law No. 152-FZ.

5. Cookies and analytics

The website uses essential cookies for interface operation, theme, language and session state. After an explicit analytics choice, the website enables its own analytics system and stores the site_metric_visitor identifier. Analytics records are written directly to the controller's database in the Russian Federation and are not sent to third-party web analytics providers. Retention is configured by the controller and expired records are deleted automatically.

To document the visitor's choice, the controller stores the visitor identifier, analytics decision, decision timestamp, policy version and technical connection details on the server.

Before consent is provided or after analytics are declined, the website may separately count anonymous views of public pages. Such records contain the timestamp, host, page path without a query string, analytics choice state, browser and operating-system family, device category, and a coarse source category such as direct, internal, search, social or referral. The IP address and User-Agent may be checked transiently only to exclude local requests, configured addresses, automated robots, prefetch requests, excessive traffic and immediate duplicate views, but are not written to anonymous statistics. Exact Referrer and UTM parameters are not stored. Anonymous records are not linked and cannot identify a unique visitor, specific device, location or browsing history.

6. Data protection measures

  • role-based access controls;
  • authentication and access restriction measures;
  • protected communication channels and software updates;
  • backup and recovery measures;
  • organizational measures against unauthorized access.

7. Registration and authentication

Account access is provided through the operator’s own information system. Registration records the consent date, the accepted policy version and the technical connection address. Passwords are stored as cryptographic hashes, new accounts require email confirmation, and two-factor authentication may be used for additional protection.

8. Contact