Find

Personal data processing policy

This document explains what data Bototeka may process, for what purposes, and how a user may exercise their rights.

Status: draft for legal review. Operator details and applicable deadlines must be completed and approved before production publication.

Version dated July 11, 2026

1. Controller and scope

Controller: [legal entity, address, and registration details must be completed]. This policy applies to the public website, registration, the account area, support requests, and user-connected channels.

2. Purposes and data categories

Creating an account and workspace: name, work email, company information, and security settings. Product operation: tool settings, messages, and business data the user independently adds or connects. Support and security: request content, technical events, the log of significant actions, and device information to the extent necessary to protect the service.

3. Legal bases for processing

The legal basis must be determined separately for each purpose and may include performance of a contract, the data subject's consent, and duties required by law. Optional product analytics is enabled only after the user's separate choice.

3.1. Determining a country for price display

On the first visit, the service may determine a country at a trusted infrastructure boundary from the network address to offer a suitable currency. For pricing, only the country code, determination source, and confidence level are retained; the full IP address is not retained for this purpose. The user may change the currency manually. This choice is independent of the interface language and does not by itself change an active subscription or contractual price.

4. Retention, storage, and destruction

The controller approves specific retention periods for each data category and records them before production launch. Once the purpose is achieved, data is deleted, anonymized, or retained only where another legal basis exists. Requirements for localizing databases of citizens of the Russian Federation require separate infrastructure and legal review.

5. Recipients and processors

Data may be transferred to infrastructure providers and user-connected channel providers only to the extent needed to provide the service and under the relevant agreements. The current list of processors must be published after the production infrastructure is approved.

6. User rights

A user may request information about processing, correction, restriction, or deletion of data, withdraw consent, and challenge processing as provided by law. The request channel will be published on the contacts page after the controller's details are approved.

privacy@bototeka.com

7. Protection and policy changes

Bototeka uses workspace separation, authority controls, confirmation of significant actions, and auditing. The policy is updated when the product, infrastructure, or legal requirements change; each new version receives a publication date.

Legal basis for the document structure: Article 18.1 of Federal Law No. 152-FZ.