Privacy Policy

Effective date: January 1, 2025

1. General

This Privacy Policy describes what personal data Grinka collects, how it is used, stored, and protected.

By using the Service, you agree to this Policy. This Policy complies with Russian Federal Law No. 152-FZ "On Personal Data".

2. Data Controller

Grinka is the data controller.

Contact: support@gcardus.com

3. Data We Collect

Registration: email address (required), display name (optional).

Payment: payment date and selected plan. Card data is processed solely by YooKassa β€” we never receive or store it.

Technical: IP address, browser User-Agent, login timestamps. Required for security purposes.

We do not use third-party analytics trackers and do not share data with advertising networks.

4. Purpose and Legal Basis

Contract performance: providing Service access, managing subscriptions, processing payments.

Legitimate interest: account security and fraud prevention.

Legal obligation: retaining payment records as required by law.

We do not use personal data for targeted advertising and do not sell it to third parties.

5. Data Sharing

YooKassa β€” payment processor. We share: payment amount, order ID, user ID. No card data is shared with us.

Data may be disclosed to government authorities upon lawful request.

No other third-party sharing occurs without your explicit consent.

6. Retention Periods

Account data (email, name): retained until account deletion.

Payment records: retained 5 years per Russian tax law requirements.

Technical logs: retained 90 days, then automatically deleted.

7. Your Rights

You have the right to: access a copy of your data, correct inaccuracies, delete your account and associated data (except data legally required to be retained), restrict processing, withdraw consent.

To exercise these rights, contact: support@gcardus.com. We respond within 30 days.

8. Cookies

We use only technically necessary cookies:

NEXT_AUTH_SESSION_TOKEN β€” authentication session token. Lifetime: 30 days.

NEXT_LOCALE β€” interface language preference. Lifetime: 1 year.

No marketing, analytics, or advertising cookies are used.

9. Security

Passwords are stored as bcrypt hashes (cost factor 12). Plain-text passwords are never accessible.

All connections are secured by HTTPS/TLS.

In the event of a data breach, users will be notified within 72 hours as required by applicable law.

10. Changes to This Policy

We may update this Policy with 10 days' notice via the Service interface or email.

11. Contact

support@gcardus.com