Privacy Policy
Last updated: 31.01.2026
1. General Provisions
This Privacy Policy (hereinafter — "Policy") defines the procedure for processing personal data of users of the xlartas.com and xlartas.ru websites (hereinafter — "Website") and regulates the relationship between an independent developer (hereinafter — "Developer", "we") and Website users (hereinafter — "User", "you"). The Website is available on two domains: • xlartas.com — international version with full functionality • xlartas.ru — version for users from Russia The Website provides access to several web applications and services, including Winky, Tracker, Xexamai, and other applications developed by an independent developer. By using the Website and provided services, you agree to the terms of this Policy. If you do not agree with any provisions of the Policy, please do not use the Website and provided services.
2. About Provided Services
Our Website provides access to the following applications and services: • Winky — application for notes and task management • Tracker — project and task management system • Xexamai — platform for conducting interviews and candidate assessment • Other web applications and services developed by an independent developer Each application may have its own privacy policy, terms of service, and public offer, which are available on the respective product landing pages. We recommend reviewing each product's documents before using it.
3. Categories of Personal Data Processed
We process the following categories of personal data: • Identification data: first name, last name, middle name, nickname • Contact data: email address, phone number • Account data: username, password (encrypted), user ID • Service usage data: action history, settings, preferences • Technical data: IP address, browser data, device information, cookies • Payment data: transaction information (processed by payment systems) We do not collect or process special categories of personal data (biometric data, health data, political views, etc.) without your explicit consent.
4. Purposes and Legal Basis for Processing
We process your personal data for the following purposes: • Providing access to web applications and services • User authentication and authorization • Ensuring application functionality • Improving service quality and user experience • Processing user requests and inquiries • Compliance with legal obligations • Protection of legitimate interests • Marketing activities (with your consent) Personal data processing is carried out on the basis of: • Consent of the data subject • Necessity for contract performance • Compliance with legal obligations • Protection of vital interests
5. Methods of Obtaining Personal Data
We obtain personal data in the following ways: • Directly from you during registration and service use • When filling out forms on the Website and in applications • When using application features (creating notes, tasks, projects, etc.) • During email correspondence or through feedback forms • Automatically when using the Website and applications (technical data, cookies) • From third parties when using OAuth authorization (Google, GitHub, Discord, etc.) All data is collected with your explicit consent or on legal grounds.
6. Use of Personal Data
Your personal data is used for: • Providing access to applications and their functionality • Authentication and account management • Saving your data and settings in applications • Ensuring data synchronization between devices • Providing technical support • Improving service quality and developing new features • Analyzing service usage for optimization • Compliance with legal requirements • Marketing activities (with your consent) We do not use your data for purposes not specified in this Policy.
7. Transfer of Personal Data to Third Parties
We may transfer your personal data to the following categories of recipients: • IT service providers (hosting, cloud services, CDN) • Payment systems (for payment processing) • OAuth authorization providers (Google, GitHub, Discord, etc.) • Government agencies (when legally required) • Legal consultants (when necessary) When transferring data to third parties, we ensure: • Confidentiality agreements • Compliance with legal requirements • Minimization of transferred data • Control over data usage We do not sell or transfer your personal data to third parties for their marketing purposes without your consent.
8. International Data Transfers
In case of transferring personal data to countries that do not ensure an adequate level of protection, we: • Obtain your explicit consent for such transfer • Use EU standard contractual clauses • Ensure additional data protection guarantees • Conduct risk assessments for your rights and freedoms We do not transfer data to countries with inadequate protection levels without appropriate guarantees.
9. Data Retention Periods
We store your personal data for the following periods: • Account data: until account deletion by user • Service usage data: 3 years from last use • Technical data and logs: 1 year from collection • Payment data: according to tax legislation requirements • Marketing data: until consent withdrawal After the specified periods, data is subject to deletion or anonymization.
10. Personal Data Protection Measures
We apply the following measures to protect your personal data: Technical measures: • Data encryption during transmission (HTTPS/TLS) • Data encryption during storage • Use of secure communication channels • Regular software updates • Security system monitoring • Data backup • Protection against unauthorized access Organizational measures: • Limited access to personal data • Information security policies • Regular security audits • Confidentiality agreements
11. Rights of Data Subjects
You have the following rights regarding your personal data: • Right to access data (obtaining information about processing) • Right to correct inaccurate data • Right to data deletion ("right to be forgotten") • Right to restrict processing • Right to data portability • Right to object to processing • Right to withdraw consent • Right to file a complaint with supervisory authorities To exercise your rights, contact us using the contact details specified in the "Contacts" section. We will review your request within 30 days. You can delete your account and all associated data in the settings of the respective application.
12. Processing of Minors' Personal Data
We do not collect personal data of persons under 16 years of age without the consent of their legal representatives. If we become aware that we have received personal data of a minor without appropriate consent, we will immediately delete such data. Parents or legal representatives of minors can: • Request deletion of child's data • Restrict processing of child's data • Obtain information about child's data processing When working with minors, we apply additional measures to protect their personal data.
13. Automated Decision Making
We do not use your personal data for automated decision making, including profiling, that may have a significant impact on your rights and freedoms. If in the future we use such technologies, we will: • Notify you in advance • Obtain your explicit consent • Provide the opportunity to challenge the decision • Ensure human intervention in the process • Explain the decision-making logic
14. Cookies and Similar Technologies
Our Website and applications use cookies and similar technologies for: • Ensuring Website and application functionality • User authentication • Saving settings and preferences • Analyzing service usage • Personalizing content • Marketing purposes (with your consent) You can manage cookies through your browser settings. Disabling cookies may limit Website and application functionality. We use the following types of cookies: • Necessary cookies (for Website and application operation) • Functional cookies (for saving settings) • Analytical cookies (for statistics) • Marketing cookies (for advertising, with your consent)
15. Product Privacy Policies
Each application available through our Website may have its own privacy policy, terms of service, and public offer. These documents are available on the respective product landing pages: • Winky: privacy policy available at /winky/privacy-policy • Tracker: privacy policy available at /tracker/privacy-policy (if applicable) • Xexamai: privacy policy available at /xexamai/privacy-policy We recommend reviewing each product's documents before using it. In case of conflicts between this Policy and a specific product's policy, the specific product's policy takes precedence.
16. Changes to Privacy Policy
We may change this Privacy Policy. We will notify you of significant changes: • By email • Through Website and application notifications • On your next visit to the Website Continued use of the Website and applications after changes means your agreement with the new version of the Policy. We recommend periodically checking the current version of the Policy on our Website.
17. Paid Services and Payment Data Processing
Our Website provides paid services, including a credits system for AI features. Payment data processing: • We do not store bank card data on our servers • Payment processing is carried out through certified payment systems • For cryptocurrency payments (Solana Pay), only the public wallet address is processed Payment-related data: • Transaction and balance top-up history • User credits balance • Information about purchased services • Billing data (if applicable) Processing purposes: • Crediting credits to user balance • Debiting credits for AI feature usage • Providing transaction history • Fraud protection • Compliance with tax legislation Retention periods: • Transaction history: according to tax legislation requirements (at least 5 years) • Credits balance: until account deletion by user
18. Voluntary Donations
Our Website provides the opportunity to make voluntary donations in support of project and services development. Important provisions about donations: • Donations are voluntary and gratuitous • Donations are not payment for goods or services • Donations are non-refundable • Donors may receive gratitude bonuses at the Developer's discretion Donation methods: • Bank cards and electronic payment systems — available on all domains (xlartas.com and xlartas.ru) • Cryptocurrency donations (USDT, USDC, SOL, and others) — available exclusively on xlartas.com Restrictions for xlartas.ru domain: In accordance with the legislation of the Russian Federation, cryptocurrency donations are not accepted on the xlartas.ru domain. Users from Russia who wish to make a cryptocurrency donation can use the international version of the website at xlartas.com. Donation data: • Donation information is processed by payment systems • We do not store bank card data • For cryptocurrency donations, only the sender's wallet address is processed
19. Contact Information
For all questions related to personal data processing, contact: Email: ivanhvalevskey@gmail.com Telegram: @artasov Response time: up to 30 days You can also file a complaint with Roskomnadzor or other supervisory authorities if you believe your rights have been violated.