Privacy Policy for the AI Assistant Web Application

Published: 29.12.2025
Last updated: 01.05.2026
Operator (Developer): Individual Entrepreneur Zyubanov Sergey Viktorovich (TIN: 261901169671)
Document language: English (RU / EN)

1. Introduction

This Privacy Policy explains what data we collect and process when you use AI Assistant, for what purposes, with whom data may be shared, how we protect data, and what rights you have.

2. Definitions

• Service / Web application: AI Assistant website, web interface, API, and related components.
• User: an individual using the Service.
• Organization: legal entity or sole proprietor using a corporate account.
• Content: prompts, messages, attachments/files, and generated outputs.

3. What data we collect

3.1 Account data

• Identifiers: user ID, organization ID (if applicable), session IDs, auth tokens.
• Registration data: name/nickname (if provided), email/phone (if used for sign-in), avatar (if uploaded).
• Preferences: language, UI settings, feature settings.

3.2 Content you submit/upload

• Text: chat messages, prompts, draft content, generated text.
• Files: images, documents, audio, and video uploaded for processing.
• Outputs: generated text/images/audio/video and related metadata.

3.3 Technical data

• Browser and device: browser type/version, OS, language, timezone, screen resolution.
• Network data: IP address, approximate location by IP, connection parameters.
• Logs: request time, status codes, error logs, diagnostics, performance metrics.
• Security signals: abuse/fraud indicators and related telemetry.

3.4 Payment data

• Subscription/purchase status: plan type, period, payment status, transaction IDs.
• Important: payment card details are typically processed by payment providers.

4. Cookies and web storage

The Service may use cookies and web storage (e.g. localStorage, sessionStorage) for authentication, security, and preferences.

Category	Purpose	Examples
Strictly necessary	Sign-in, session state, security	Session token, CSRF token
Functional	Preferences and convenience	Language, UI options
Analytics (if enabled)	Quality and performance improvements	UI events, performance metrics

5. Why we process data

• To provide Service functions (chat and content generation/processing).
• To process requests using integrated AI models/APIs.
• To provide support and respond to requests.
• To ensure security and prevent abuse/fraud.
• To handle billing, subscriptions, and corporate accounts.
• To diagnose incidents and improve reliability/performance.

6. Legal basis for processing

• Contract performance - to provide access and Service features.
• Consent - where required (e.g. camera/microphone browser permissions).
• Legitimate interests - security, abuse prevention, service quality.
• Legal obligation - where required by law.

7. Sharing with third parties

To execute your requests, parts of data may be shared with external providers that deliver AI functions.

OpenAI Google Anthropic ByteDance Yandex Qwen MathPix

• What may be shared: prompt text, selected context, required files, and technical parameters.
• Why: request processing and output generation.
• Cross-border processing: provider infrastructure may be outside Russia.
• Terms: provider-side processing follows provider policies and API terms.

8. Retention periods

• Account/profile data: retained while the account is active and up to 3 years after the user's last activity, unless a longer period is required by law or for protecting the Operator's rights.
• Chat/file history: retained for history/project features until deleted by the user or up to 24 months after the last activity in the relevant project/dialog. Deletion or anonymization requests are processed within up to 30 days unless continued retention is legally required.
• Payment, subscription and accounting data: retained up to 5 years or another period required by Russian law and payment/accounting documents.
• Security logs: retained up to 12 months; diagnostic error logs up to 90 days; security incident records up to 3 years.
• Consent records and legally significant events: retained for the term of the consent/agreement and 3 years after termination to confirm lawful processing.

9. Corporate accounts

• Organization admins can manage users, roles, limits, subscription, and settings.
• Admins may have access to usage metadata and, if configured, to parts of user content under corporate mode.
• Organization-level policies may apply to employees/users of corporate accounts.

10. Browser permissions

• Microphone - voice input/audio features.
• Camera - photo/video features (if used).
• Files - upload via browser file picker only after user action.

11. Your rights

• Request access to your personal data.
• Request correction of inaccurate data.
• Request deletion where legally possible.
• Withdraw consent where processing is consent-based.

Requests can be sent to: aiassistant.official@gmail.com (subject: AI Assistant - personal data request).

12. Children

The Service is not intended for independent use by children under 13. If you believe a child submitted data without proper consent, contact us.

13. Policy updates

We may update this Policy from time to time. The current version date is shown at the top of this document.

Show/hide safe use memo