Privacy Policy

Effective date: January 1, 2024 · Last updated: January 1, 2024

OOO ,MITNAS ("OOO ,MITNAS", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and what rights you have. If you have questions, contact us at yona@santim.space.

Information We Collect
How We Use Your Information
Data Sharing
Data Retention
Your Rights
Cookies
Security
Contact

1. Information We Collect

We collect the following categories of personal information:

Account information: name, email address, phone number, and password hash when you register for OOO ,MITNAS.
Financial data: transaction records, account balances, and spending categories obtained via read-only bank API connections you authorize.
Usage data: pages visited, features used, session duration, device type, operating system, and browser type.
Communications: messages you send to our support team, feedback forms, and any voluntary information you provide when contacting us.
Technical data: IP address, time zone, and technical logs necessary for security and operational purposes.

We do not collect sensitive personal data such as biometric data, health information, or government identification numbers unless required by applicable law and explicitly consented to.

2. How We Use Your Information

We use your personal data only for purposes consistent with this Policy:

Service delivery: to provide AI-powered financial analysis, budgeting recommendations, and forecasting features.
Account management: to authenticate your identity, manage your preferences, and maintain your profile.
Improvement of services: to train and refine our AI models using aggregated, anonymized data patterns (never your raw identifiable data).
Customer support: to respond to inquiries, resolve disputes, and provide technical assistance.
Legal compliance: to fulfill obligations under Russian federal law, including Federal Law No. 152-FZ "On Personal Data" and related regulations.
Security: to detect fraud, unauthorized access attempts, and other malicious activity.

We do not use your data for advertising purposes or sell it to marketers.

3. Data Sharing

OOO ,MITNAS does not sell your personal data. We may share information only in the following limited circumstances:

Service providers: trusted third-party vendors who process data on our behalf (e.g., cloud hosting, analytics) under strict data processing agreements.
Banking integrations: read-only API connections to your financial institution that you explicitly authorize. We do not store your banking credentials.
Legal requirements: when required by applicable law, court order, or governmental authority in the Russian Federation.
Business transfers: in the event of a merger or acquisition, subject to equivalent privacy protections for your data.
With your consent: for any other purpose where you have given explicit, informed consent.

All third-party service providers are contractually bound to process data only as instructed and to maintain appropriate security standards.

4. Data Retention

We retain your personal data only as long as necessary to provide services and fulfill legal obligations:

Active account data: retained for the duration of your account plus 90 days after account closure to support potential disputes.
Transaction data: retained for 5 years to comply with Russian financial record-keeping requirements.
Support communications: retained for 3 years from the date of the communication.
Technical logs: retained for 12 months and then automatically purged.
Anonymized analytics: may be retained indefinitely as they cannot be used to identify you.

When data is no longer needed, it is securely deleted or anonymized according to our data destruction procedures.

5. Your Rights

Under Russian Federal Law No. 152-FZ and applicable data protection regulations, you have the following rights:

Right of access: request a copy of all personal data we hold about you.
Right to rectification: correct inaccurate or incomplete personal data.
Right to erasure: request deletion of your personal data, subject to legal retention requirements.
Right to restriction: request that we limit how we process your data in certain circumstances.
Right to portability: receive your data in a structured, machine-readable format.
Right to object: object to processing based on legitimate interests.
Right to withdraw consent: withdraw consent at any time where processing is consent-based, without affecting prior lawful processing.

To exercise any of these rights, contact us at yona@santim.space. We will respond within 30 days. We may need to verify your identity before processing your request.

6. Cookies

We use a minimal set of cookies to operate our service:

Essential cookies: required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
Analytics cookies: anonymized usage statistics to help us understand how users interact with OOO ,MITNAS. No personally identifiable information is collected through these cookies.
Preference cookies: store your language, display, and notification settings.

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings. Blocking essential cookies may prevent you from logging in or using the service.

7. Security

We take data security seriously and implement industry-standard measures to protect your information:

All data transmitted between your device and our servers is encrypted using TLS 1.3 or higher.
Financial data is stored encrypted at rest using AES-256 encryption.
Access to production systems is restricted to authorized personnel via multi-factor authentication.
We conduct regular security audits and penetration testing.
Bank connections use read-only OAuth tokens — we never store your banking passwords.
In the event of a data breach that affects your rights, we will notify you and the relevant authorities within 72 hours as required by applicable law.

While we take all reasonable precautions, no system is completely immune to security risks. We encourage you to use a strong, unique password and enable two-factor authentication.

8. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: yona@santim.space
Phone: 14135265997+
Company: OOO ,MITNAS
Website: santim.space

We are committed to resolving complaints promptly. If you are not satisfied with our response, you have the right to file a complaint with Roskomnadzor, the Russian data protection authority.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website at least 14 days before taking effect.