Personal Data Policy
Last updated: May 1, 2025
Governing principles for processing personal data of FASONET users
1. General Provisions
1.1. This Personal Data Policy ("Policy") governs the processing of personal data of users of the FASONET service at fasonet.ru.
1.2. The data controller is Dmitry Andreevich Novikov, self-employed individual (TIN 471207457721), hereinafter "Controller". Contact: info@fasonet.ru.
1.3. This Policy applies to all personal data the Controller receives from users in connection with use of the Service.
1.4. This Policy is publicly available at fasonet.ru/en/personal-data.
2. Key Definitions
- Personal data — any information relating to an identified or identifiable natural person (data subject).
- Processing — any operation performed on personal data: collection, recording, storage, amendment, retrieval, use, transfer, anonymisation, blocking, deletion, or destruction.
- Controller — Dmitry Andreevich Novikov, who independently or jointly with others organises and carries out the processing of personal data.
- Data subject — a natural person who uses the Service and whose personal data is processed by the Controller.
- Consent— a freely given, specific, informed, and unambiguous indication of the data subject's agreement to the processing of their personal data.
3. Principles of Processing
Personal data is processed on the following principles:
- lawfulness and fairness of processing;
- purpose limitation — data is collected for specific, explicit, legitimate purposes;
- data minimisation — adequate, relevant, and limited to what is necessary;
- accuracy — data is kept up to date;
- storage limitation — retained no longer than necessary;
- integrity and confidentiality — protected against unauthorised access, alteration, disclosure, or destruction.
4. Categories of Personal Data Processed
The Controller processes the following categories of data:
4.1. Registration data:
- first and last name (if provided);
- email address;
- password hash.
4.2. Usage data:
- IP address;
- browser type and version, operating system;
- date, time, and duration of visits;
- pages visited;
- actions in the Service interface.
4.3. Uploaded content:
- product photos and images uploaded by the user for AI processing.
4.4. Transaction data:
- payment transaction information (payment ID, amount, date). Bank card details are not processed or stored by the Controller — they are transmitted directly to the payment operator.
The Controller does not process special categories of personal data such as racial or ethnic origin, political opinions, religious beliefs, biometric data, or health data.
5. Purposes and Legal Bases
| Purpose | Legal basis |
|---|---|
| Providing AI image-generation services | Performance of contract |
| Account creation and management | Consent of the data subject |
| Payment processing | Performance of contract |
| Technical support | Consent; performance of contract |
| Service improvement and analytics | Consent (cookie) |
| Sending informational communications | Consent of the data subject |
| Compliance with legal obligations | Legal obligation |
6. Processing Conditions
6.1. Personal data is processed using automated systems and databases.
6.2. The Controller may engage third-party processors under agreements that require them to maintain confidentiality and ensure data security.
6.3. Third parties to whom personal data may be transferred include:
- Google LLC — Google Analytics service (anonymised statistical data); privacy policy: policies.google.com/privacy.
- Payment operators — for financial transactions.
- Cloud infrastructure providers — for storing and processing images.
7. Retention Periods
- Account data — for the lifetime of the account and 1 year after deletion (to fulfil obligations and comply with legal requirements).
- Uploaded images — for the duration of the subscription plus 30 days after it ends.
- Analytics data — no longer than 26 months from collection.
- Transaction data — 5 years in accordance with accounting requirements.
- Support correspondence — 3 years from the date of the last contact.
Upon expiry of the retention period, personal data is destroyed or anonymised.
8. Rights of Data Subjects
You have the right to:
- access information about the personal data we process about you;
- request rectification or erasure of your data;
- restrict or object to processing;
- withdraw consent to data processing at any time;
- lodge a complaint with the data-protection authority in your country of residence.
To exercise your rights, send a request to: info@fasonet.ru. We will respond within 30 days.
9. Security Measures
The Controller applies the following technical and organisational safeguards:
- encryption in transit (TLS/HTTPS);
- passwords stored as cryptographic hashes;
- access controls restricting employee access to personal data;
- regular security audits;
- use of secured cloud infrastructure.
10. International Transfers
Where personal data is transferred internationally, the Controller ensures that the destination country provides an adequate level of protection, or obtains the data subject's explicit written consent.
11. Minors
The Service is intended for users aged 18 and over. The Controller does not knowingly collect personal data from minors. If such data is discovered, it will be deleted immediately.
12. Policy Updates
The Controller may amend this Policy. For material changes, data subjects will be notified by email and/or via a notice on the website. The current version is always available at fasonet.ru/en/personal-data.
13. Contact
For questions about personal data processing:
Controller: Dmitry Andreevich Novikov
Status: Self-employed individual, TIN 471207457721
Email: info@fasonet.ru
Website: fasonet.ru