Privacy Policy

of the "Dostup.io" Software Complex

Version 1.0

Effective as of July 9, 2025

1. General Provisions

1.1. This Privacy Policy (hereinafter, the "Policy") defines the procedure for processing and protecting personal data that "REMOTE SOLUTIONS" Limited Liability Company (hereinafter, the "Operator") may receive about a natural person (hereinafter, the "User") during their use of the "Dostup.io" software complex (hereinafter, the "SC").

1.2. The Operator is included in the Register of operators processing personal data.

Registry entry number: 77-25-451655.

Basis for inclusion in the register: Order of Roskomnadzor No. 494 dated July 7, 2025.

1.3. This Policy has been developed in accordance with the requirements of the Federal Law of July 27, 2006, No. 152-FZ "On Personal Data" and is an integral part of the License Agreement-Offer (hereinafter, the "Offer").

1.4. Registering an account on the Website and subsequent use of the SC constitutes the User's unconditional consent to this Policy and the terms of their personal data processing specified herein. If the User disagrees with these terms, the User must refrain from using the SC.

2. Terms and Definitions

2.1. Capitalized terms used in this Policy have the meanings defined in Section 1 of the Offer.

2.2. Personal Data (PD) — any information relating to a directly or indirectly identified or identifiable natural person (personal data subject).

2.3. Processing of PD — any action or set of actions performed with or without the use of automated means on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, and destruction of personal data.

3. Scope, Purposes, and Legal Basis for Data Processing

The Operator adheres to the principle of data minimization and processes only the information necessary for the performance of the Agreement with the User and the operation of the SC.

3.1. Data Provided by the User:

Scope of data: Email address.
Purposes of processing: Conclusion and performance of the Agreement (identification, authentication); sending service notifications and fiscal receipts; providing technical support.
Legal basis: Clause 5, Part 1, Art. 6 of Federal Law No. 152-FZ (performance of a contract).

3.2. Operational Metadata Generated by the System:

Scope of data: User's system login, Access Node IP address, User's IP address, session start/end time, traffic volume.
Purposes of processing: Ensuring the technical operation of the SC; applying tariff restrictions; diagnostics and security.
Legal basis: Clause 5, Part 1, Art. 6 of Federal Law No. 152-FZ (performance of a contract); Clause 7, Part 1, Art. 6 of Federal Law No. 152-FZ (legitimate interests of the Operator).

3.3. Payment Information:

Scope of data: Payment details (order number, amount, date, status).
Purposes of processing: Conducting settlements under the Agreement; complying with the requirements of legislation on cash register equipment.
Legal basis: Clause 5, Part 1, Art. 6 of Federal Law No. 152-FZ (performance of a contract); Clause 2, Part 1, Art. 6 of Federal Law No. 152-FZ (fulfillment of functions imposed by the legislation of the Russian Federation).

4. No-Logs Policy

4.1. The Operator does not monitor, record, or store any logs of Users' internet activity. Specifically, the Operator does not collect or store:

a) DNS queries;

b) Visited websites, their IP addresses, or URLs;

c) The content of transmitted traffic (messages, files, application data).

4.2. The operational metadata listed in clause 3.2 are used exclusively for the purposes specified therein and do not allow for the identification of a User's specific actions on the Internet.

5. Use of Cookies

5.1. The Operator uses technical (functional) cookies for the proper functioning of the Website, particularly the Personal Account. These files are necessary for User authentication, session maintenance, and saving Website settings.

5.2. The Operator does not use third-party analytical or advertising cookies to track User behavior or display advertisements.

5.3. The User can manage cookies independently in their browser settings; however, disabling functional cookies may lead to the partial or complete malfunction of the Personal Account.

6. Procedure and Conditions for PD Processing

6.1. Storage and Retention Periods:

a) Account PD (e-mail) are stored for the entire term of the Agreement with the User and are deleted upon their request or after the termination of use of the SC and deletion of the account.

b) Operational session metadata are stored for 90 (ninety) days from the end of the session for billing and security purposes, after which they are subject to destruction or depersonalization.

c) Payment information is stored for the periods established by the legislation of the Russian Federation on accounting and archival matters.

6.2. Security Measures. The Operator takes necessary and sufficient legal, organizational, and technical measures to protect PD, including but not limited to:

a) Organizational measures: Appointing a person responsible for PD processing, developing internal policies, strict control and segregation of employee access to PD, and concluding confidentiality agreements.

b) Technical measures: Encrypting connections (HTTPS, TLS), using firewalls, applying multi-factor authentication for access to critical systems, regular software updates, protection against unauthorized access to servers, and information backup.

6.3. Interaction with Third Parties. The Operator does not transfer PD to third parties, except in the following cases:

a) Interaction with a payment aggregator (Robokassa) to initiate and confirm payments. The User enters their payment data independently on the aggregator's secure page, and the Operator does not gain access to it.

b) Hosting databases on server infrastructure provided by Russian hosting providers and data center operators, who are contractually obliged to ensure data confidentiality and security.

c) Providing information to authorized state bodies of the Russian Federation only on the grounds and in the manner prescribed by the legislation of the Russian Federation.

6.4. No cross-border data transfer is carried out. All processing and storage of Users' PD are performed on servers located within the territory of the Russian Federation.

7. Rights of the User as a Personal Data Subject

7.1. The User has the right at any time to:

a) Obtain information concerning the processing of their PD in the manner provided for by Art. 14 of Federal Law No. 152-FZ.

b) Demand that the Operator clarifies, blocks, or destroys their PD if the data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing.

c) Withdraw their consent to the processing of PD if the processing was based on consent.

d) Exercise other rights provided for by the legislation of the Russian Federation.

7.2. To exercise their rights, the User may send a corresponding request to the email address specified in Section 9 of this Policy.

8. Final Provisions

8.1. The Operator reserves the right to amend this Policy unilaterally. The new version of the Policy comes into force from the moment of its posting on the Website, unless otherwise provided by the new version.

9. Operator's Details and Contacts

"REMOTE SOLUTIONS" LLC
Legal address: 15 1905 Goda St., Apt. 80, Presnensky Municipal Okrug, Moscow, 123022, Russia
TIN/KPP: 9703186330 / 770301001
OGRN: 1247700519021
Email for personal data inquiries: info@dostup.io