Privacy Policy
Last updated: 14.01.2026
1. General Provisions
This Privacy Policy (hereinafter — "Policy") defines the procedure for processing personal data of users of the xlartas.com website (hereinafter — "Website") and regulates the relationship between Individual Entrepreneur Tolpegin Nikita Dmitrievich (hereinafter — "Contractor", "we") and Website users (hereinafter — "User", "you"). Contractor: IP Tolpegin Nikita Dmitrievich Tax ID: 690808422511 OGRNIP: 324690000014056 By using the Website, you agree to the terms of this Policy. If you do not agree with any provisions of the Policy, please do not use the Website.
2. Categories of Personal Data Processed
We process the following categories of personal data: • Identification data: first name, last name, middle name • Contact data: email address, phone number • Project data: project description, technical specification, functionality requirements • Communication data: correspondence history, phone call records • Technical data: IP address, browser data, device information • Payment data: banking transaction information (processed by the bank) We do not collect or process special categories of personal data (biometric data, health data, political views, etc.).
3. Purposes and Legal Basis for Processing
We process your personal data for the following purposes: • Providing software development services (Art. 6(1)(b) GDPR) • Communication with clients and processing applications (Art. 6(1)(b) GDPR) • Fulfilling contractual obligations (Art. 6(1)(b) GDPR) • Compliance with legal obligations (Art. 6(1)(c) GDPR) • Protection of legitimate interests (Art. 6(1)(f) GDPR) • Marketing activities (with your consent, Art. 6(1)(a) GDPR) Personal data processing is carried out on the basis of: • Consent of the data subject • Necessity for contract performance • Compliance with legal obligations • Protection of vital interests
4. Methods of Obtaining Personal Data
We obtain personal data in the following ways: • Directly from you when filling out forms on the Website • During email correspondence • During phone conversations • During personal meetings • Automatically when using the Website (technical data) • From third parties with your consent All data is collected with your explicit consent or on legal grounds.
5. Use of Personal Data
Your personal data is used for: • Contacting you regarding service provision • Developing technical specifications and project evaluation • Fulfilling contractual obligations • Processing payments and invoicing • Providing technical support • Improving the quality of our services • Compliance with legal requirements • Marketing activities (with your consent) We do not use your data for purposes not specified in this Policy.
6. Transfer of Personal Data to Third Parties
We may transfer your personal data to the following categories of recipients: • Banking institutions (for payment processing) • IT service providers (hosting, cloud services) • Government agencies (when legally required) • Project partners (with your consent) • Legal consultants (when necessary) When transferring data to third parties, we ensure: • Confidentiality agreements • Compliance with legal requirements • Minimization of transferred data • Control over data usage
7. International Data Transfers
In case of transferring personal data to countries that do not ensure an adequate level of protection, we: • Obtain your explicit consent for such transfer • Use EU standard contractual clauses • Ensure additional data protection guarantees • Conduct risk assessments for your rights and freedoms We do not transfer data to countries with inadequate protection levels without appropriate guarantees.
8. Data Retention Periods
We store your personal data for the following periods: • Client data: 5 years after completion of the last project • Communication data: 3 years from the last contact • Technical data: 1 year from collection • Payment data: according to tax legislation requirements • Marketing data: until consent withdrawal After the specified periods, data is subject to deletion or anonymization.
9. Personal Data Protection Measures
We apply the following measures to protect your personal data: Technical measures: • Data encryption during transmission and storage • Use of secure communication channels • Regular software updates • Security system monitoring • Data backup Organizational measures: • Limited access to personal data • Staff training on data protection • Information security policies • Regular security audits • Confidentiality agreements with employees
10. Rights of Data Subjects
You have the following rights regarding your personal data: • Right to access data (obtaining information about processing) • Right to correct inaccurate data • Right to data deletion ("right to be forgotten") • Right to restrict processing • Right to data portability • Right to object to processing • Right to withdraw consent • Right to file a complaint with supervisory authorities To exercise your rights, contact us using the contact details specified in the "Contacts" section. We will review your request within 30 days.
11. Processing of Minors' Personal Data
We do not collect personal data of persons under 16 years of age without the consent of their legal representatives. If we become aware that we have received personal data of a minor without appropriate consent, we will immediately delete such data. Parents or legal representatives of minors can: • Request deletion of child's data • Restrict processing of child's data • Obtain information about child's data processing When working with minors, we apply additional measures to protect their personal data.
12. Automated Decision Making
We do not use your personal data for automated decision making, including profiling, that may have a significant impact on your rights and freedoms. If in the future we use such technologies, we will: • Notify you in advance • Obtain your explicit consent • Provide the opportunity to challenge the decision • Ensure human intervention in the process • Explain the decision-making logic
13. Cookies and Similar Technologies
Our Website uses cookies and similar technologies for: • Ensuring Website functionality • Analyzing Website usage • Personalizing content • Marketing purposes You can manage cookies through your browser settings. Disabling cookies may limit Website functionality. We use the following types of cookies: • Necessary cookies (for Website operation) • Analytical cookies (for statistics) • Marketing cookies (for advertising)
14. Notes Processing
When using the notes feature through the Winky application API, the following data processing rules apply: • All notes created through the API are stored in unencrypted form on our servers • We do not share the content of your notes with third parties • Notes are linked to your account and are only accessible to you • You can delete your notes at any time through the API When using local storage mode: • All notes are stored exclusively on your device • We do not have access to notes stored in local mode • Notes are not synchronized with servers • You are responsible for the security of notes in local mode We recommend using local mode for confidential notes.
15. Changes to Privacy Policy
We may change this Privacy Policy. We will notify you of significant changes: • By email • Through Website notifications • On your next visit to the Website Continued use of the Website after changes means your agreement with the new version of the Policy. We recommend periodically checking the current version of the Policy on our Website.
16. Contact Information
For all questions related to personal data processing, contact: IP Tolpegin Nikita Dmitrievich Tax ID: 690808422511 OGRNIP: 324690000014056 Email: ivanhvalevskey@gmail.com Working hours: Mon-Fri, 9:00-18:00 (Moscow time) Response time: up to 30 days You can also file a complaint with Roskomnadzor or other supervisory authorities if you believe your rights have been violated.