Privacy Policy
Effective date: 14.07.2026. Operator: ООО «РУМУН» · privacy contact: [email protected]. Other language: Русский. Also see International Addendum, Terms (payments).
1. Controller and legal bases
The Service operator is the data controller (see Contacts on site). Contact: privacy@ (listed on site). Bases: consent; contract performance; legitimate interests (security, fraud prevention); legal obligation. International users: see International Addendum for GDPR, CCPA, PIPL, DPDP.
2. Data we process
Name or alias; birth date, time, place; email and/or phone; purchase history (no full card numbers); test answers; IP, cookies, device and session IDs. We do not intentionally collect special categories (health, religion, biometrics).
3. Purposes
Calculations and readings; account and history; authentication; payments; security; transactional emails; legal compliance; anonymized analytics.
4. Third parties and cross-border transfer
Payment providers (YooKassa, Stripe, crypto processors); hosting/CDN; AI providers (OpenAI, xAI) — minimum necessary data only. Cross-border transfers use SCC, adequacy decisions, or consent as required. We do not sell personal information (CCPA/CPRA).
5. Retention
Readings: until account deletion. IP logs: up to 90 days then anonymized. Financial records: as required by tax law (~5 years). Consent log: 3 years.
6. Your rights
Access, correction, deletion, restrict processing, portability, object, withdraw consent, complain to your supervisory authority. Response: 30–45 days depending on jurisdiction. RF: Roskomnadzor. EU: your DPA.
7. Security
TLS/HTTPS; access controls; password hashing; consent logging; PCI DSS via payment partners.
8. Breach notification
We notify authorities and affected users as required by applicable law.
9. Policy updates
We publish updates with effective date. Material changes notified by email or in-account notice.