Personal Data Processing Policy

1. General Provisions

This Personal Data Processing Policy ("Policy") has been developed in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and defines the procedure for processing and protecting personal data of users of the DesignOps service ("Service").

The personal data operator is a self-employed individual registered under the laws of the Russian Federation ("Operator").

By using the Service, the user unconditionally agrees to this Policy and the conditions for processing personal data specified herein. If the user disagrees with the terms, they must refrain from using the Service.

2. Key Definitions

• Personal data — any information relating directly or indirectly to an identified or identifiable natural person (data subject).
• Processing of personal data — any action performed on personal data, including collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, anonymization, blocking, deletion, and destruction.
• Operator — a person who independently or jointly with others organizes and/or carries out the processing of personal data.
• User — a natural person using the Service.

3. Categories of Personal Data Processed

The Operator processes the following personal data:

• Email address
• Figma User ID
• IP address
• Browser and operating system information (User-Agent)
• Service usage data (launch statistics, number of checks)
• License key

The Operator does not collect or process special categories of personal data (racial origin, political opinions, health status, etc.).

4. Purposes of Processing

Personal data is processed for the following purposes:

• Providing access to the Service and activating the license
• User identification within the scope of the license agreement
• Processing payments and managing subscriptions
• Communicating with the user regarding technical support
• Improving the Service quality based on anonymized analytics
• Compliance with the laws of the Russian Federation

5. Legal Basis for Processing

Processing of personal data is carried out on the following grounds:

• Consent of the data subject (Art. 6, Para. 1, Sub. 1 of FZ-152)
• Performance of a contract to which the data subject is a party (Art. 6, Para. 1, Sub. 5 of FZ-152)
• Necessity for the purposes pursued by the Operator (Art. 6, Para. 1, Sub. 7 of FZ-152)

6. Methods of Processing

Personal data is processed using automated means and without them, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), anonymization, blocking, deletion, and destruction.

7. Data Storage

In accordance with Art. 18, Part 5 of Federal Law No. 152-FZ, the recording, systematization, accumulation, storage, clarification, and extraction of personal data of citizens of the Russian Federation is carried out using databases located within the territory of the Russian Federation.

Personal data is stored for the duration of the user's account. Upon account deletion or withdrawal of consent, data is destroyed within 30 (thirty) business days.

8. Disclosure to Third Parties

The Operator may transfer personal data to the following third parties solely for the purpose of fulfilling the contract:

• Robokassa (LLC "ROBOKASSA") — card payment processing
• Plisio (UAB Plisio) — cryptocurrency payment processing

Transfer of personal data to other third parties is carried out only with the consent of the data subject or in cases provided by the legislation of the Russian Federation. The Operator does not sell, rent, or exchange users' personal data.

9. Cross-Border Data Transfer

Cross-border transfer of personal data to foreign states is carried out only to countries that ensure adequate protection of the rights of personal data subjects, in accordance with Art. 12 of FZ-152.

10. Data Protection Measures

The Operator takes necessary and sufficient organizational and technical measures to protect personal data:

• Data encryption during transmission (TLS/SSL)
• Restricted access to personal data
• Regular data backups
• Security monitoring of systems

11. Rights of the Data Subject

The user has the right to:

• Obtain information about the processing of their personal data
• Request clarification, blocking, or destruction of personal data
• Withdraw consent to the processing of personal data
• Appeal the actions or inaction of the Operator to Roskomnadzor or to a court

To exercise these rights, the user may send a request to: support@designops.dev. The Operator is obligated to review the request within 10 (ten) business days of receipt.

12. Data Destruction Procedure

Personal data is subject to destruction in the following cases:

• Achievement of the purpose of processing
• Withdrawal of consent by the data subject
• Account deletion by the user
• Request by the data subject
• Expiration of the storage period

Destruction of personal data is carried out within 30 (thirty) business days from the occurrence of the above circumstances.

13. Use of Cookies

The Service uses cookies to ensure proper functionality and improve user experience. The user may disable cookies in their browser settings; however, this may affect the functionality of the Service.

14. Changes to This Policy

The Operator reserves the right to amend this Policy. The current version is posted on this page with the date of last update. Continued use of the Service after changes constitutes acceptance of the updated Policy.

15. Contact Information

For any questions regarding personal data processing, please contact:

Email: support@designops.dev