This Consent is given by the User in accordance with Article 9 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” to the personal data Operator specified in Section 1.
The Consent is provided in a form that allows confirmation of the fact of its receipt, by the User ticking a separate checkbox in the registration form, payment form, account settings and/or the Service interface.
The Operator records the date and time the Consent is given, the IP address, user-agent, account identifier, the version of this Consent, the version of the Personal Data Processing Policy and other technical information confirming the fact of the Consent.
The Consent is specific, subject-matter-related, informed, conscious, and unambiguous. The User confirms that they have read this text in full and understand its content.
1. Personal Data Operator
The personal data operator (the “Operator”) is:
Individual Entrepreneur Pavel Viktorovich Maslov
INN: 233711456369
OGRNIP: 326237500225791
Email: admin@offerhack.tech
2. Personal Data Subject
The personal data subject (the “User”) is a natural person who has registered on the website offerhack.tech and/or in the OfferHack client application, identified by the email address provided during registration.
3. Purposes of Processing Personal Data
The Operator processes the User’s personal data for the following purposes:
- conclusion and performance of the Public Offer Agreement for the provision of access to the OfferHack information and analytics AI service;
- identification of the User when logging in to the Account and granting access to the Service;
- generation and provision of AI responses as part of the use of the Service’s functional capabilities;
- processing of payments for the subscription and credit top-ups, including interaction with the payment provider LLC NCO “YooMoney” (the YooKassa service) and the issuance of payment receipts in the manner established by the tax regime applied by the Operator;
- saving the User’s payment method (binding of the payment card in the YooKassa service) for future payments and execution of automatic (recurring) charges under the subscription in accordance with the selected pricing plan — subject to the User’s express consent (Section 6 of the Public Offer Agreement);
- sending the User service notifications (registration confirmation, password recovery, notifications of upcoming subscription charges, notifications of changes to the terms of service);
- providing the User with customer support and handling their requests;
- analysis of the use of the Service in statistical, aggregated and/or pseudonymized form to improve the quality of services;
- ensuring the security of the Service, detecting and preventing fraud, payment fraud, multi-accounting, automated use, circumvention of limits and other violations of the Agreement, including processing of technical indicators and signals (risk-score, anti-abuse signals, login events, session parameters, device identifiers, IP address, information about payment disputes and chargebacks) for the said purposes;
- processing of the content of the User’s requests to AI models and AI responses, including text, audio recordings and screen images (screenshots), as well as user materials (files, notes, resumes, legends, system prompts, user context) — for the purposes of generating AI responses and operating the functional capabilities of the Service;
- recording the fact of acceptance of the Public Offer Agreement, the fact of receipt of consents, the versions of legal documents, the notifications sent (including notifications about the subscription, price and automatic charges) and other legally significant events;
- fulfilling the obligations imposed on the Operator by applicable law (in particular, the tax and financial legislation of the Russian Federation).
4. List of Personal Data Processed
The Operator processes the following categories of the User’s personal data:
- Identification data: email address, display name (nickname) — if available.
- Authentication data: account password (stored exclusively as a cryptographic hash and cannot be reversed).
- Technical data: IP address, type and version of the operating system and browser, device identifiers, interface language, screen resolution, time zone.
- Usage data: history of requests to the Service, activity timestamps, selected features, the history and content of requests to the AI and the AI responses received.
- Payment data: information about payments made (amount, date, transaction identifier), the last four digits of the payment card, card type, card issuing country.Full payment card data is not processed or stored by the Operator — it is processed directly by the payment provider OOO NKO “YooMoney” (the “YooKassa” service) in accordance with the PCI DSS standard.
- Support request data: the content of the User’s messages to the support service, attached files, and other information communicated by the User.
- Web analytics data: statistical, aggregated and/or pseudonymized information about behavior on the Website, collected by the Yandex.Metrica service. Basic statistics are collected on the basis of informing the User, while the recording of actions by the “Webvisor” feature occurs only after separate consent, expressed through the cookies banner. The terms are described in Section 13 of the Personal Data Processing Policy.
- Content of AI requests and AI responses: text of the User’s requests to AI models, audio recordings, screen images (screenshots), as well as the generated AI responses, transcripts and processing results. Such materials may contain personal data of the User or of third parties if the User independently includes them in the request.
- User materials: files, documents, notes, resumes, legends, system prompts, user context, images, screenshots, audio files, text materials and other data uploaded or transferred by the User to the Service.
- Anti-fraud data and subscription information: risk-score, anti-abuse signals, signs of suspicious activity, signs of multi-accounting and automation, request frequency, credit consumption, login and logout events, session parameters, device identifiers, suspicious IPs and geo signals, payment events, information about payment disputes and chargebacks, history of blocks; pricing plan, subscription status, automatic renewal dates, the fact of automatic renewal cancellation and removal of the payment method.
- Information on acceptance and consents: versions of the Public Offer Agreement, the Personal Data Processing Policy, this Consent and other documents at the moment of acceptance; date, time, IP address and user-agent of the User at the moment of acceptance; events of sending notifications about material terms of the subscription.
The Operator does not knowingly request the following categories of data:
- special categories of personal data (racial or ethnic origin, political views, religious beliefs, health status, intimate life);
- biometric personal data; voice and screen images are NOT used by the Operator for identification or authentication and do not constitute processing of biometric personal data within the meaning of Article 11 of Federal Law No. 152-FZ;
- personal data of persons under 18 (eighteen) years of age (registration requires confirmation that the person has reached the age of 18).
The User is prohibited from transmitting such data through the Service in the absence of lawful grounds. If such data is transmitted by the User on their own initiative as part of a request or user material, it is processed exclusively as part of executing the relevant request and is subject to deletion in the ordinary course.
Voice and screen recording. When the User uses the Service’s functional capabilities related to the processing of voice or screen images, such data is processed exclusively for the purposes of speech recognition, analysis of visual content and generation of AI responses. The Operator does not use voice, screen images, face or other data for identification or authentication and does not create voice prints, biometric templates or identification profiles.
Retention periods: raw audio fragments — until transcription is completed, but not more than 24 hours; raw screen images and screenshots — until processing is completed and an AI response is generated, but not more than 30 days; transcripts and AI responses — for the dialog history retention period or until deletion by the User.
5. List of Actions Performed on Personal Data
The Operator is entitled to carry out the following actions with the User’s personal data (both with the use of automation tools and without them):
collection, recording, systematization, accumulation, storage, updating (renewal, modification), retrieval, use, transfer (provision, access), blocking, deletion, and destruction of personal data.
Personal data is processed in a mixed manner — with the use of automation tools (software and hardware) and without their use (on paper carriers — in exceptional cases, to comply with the requirements of the law).
6. Transfer of Personal Data to Third Parties
The Operator does not sell or transfer the User’s personal data to third parties for commercial purposes. The transfer of personal data is carried out exclusively to the following categories of recipients and for the specified purposes:
- To the cloud infrastructure provider — for the purposes of hosting and ensuring the operability of the Operator’s servers and databases. Databases are hosted on servers located within the territory of the Russian Federation.
- To the payment provider OOO NKO “YooMoney” (the “YooKassa” service) — for processing subscription payments.
- OOO “YANDEX” (the “Yandex.Metrica” service, including “Webvisor”) — for analyzing Website traffic and User behavior in statistical, aggregated and/or pseudonymized form. Basic statistics are transferred on the basis of informing the User, while the data of the “Webvisor” feature is transferred only with consent expressed through the cookies banner. The data is processed on servers within the territory of the Russian Federation.
- To AI providers and data processing providers — providers of large language models, multimodal models, speech recognition (transcription) models, image and screenshot processing models and other AI tools — for the generation of AI responses and the operation of the Service. AI providers are not transferred the User’s account identifiers (e.g., account email) unless required for the operation of the Service. However, the content of requests, files, audio, images or user context may contain personal data if the User independently includes them in the request. The terms of data processing by AI providers depend on the specific provider and tariff.
- To monitoring, logging and product analytics services — to ensure the stability, security and improvement of the quality of the Service (error tracking, logging, metrics, product analytics).
- To notification delivery services — email and other notification delivery services for sending service, payment, security and other notifications to the User.
- To CDN, WAF, hosting and network providers — to ensure the operation of the Website and the Service, protection against attacks and content delivery.
- To authorized state authorities of the Russian Federation — in the cases and in the manner provided for by the applicable legislation of the Russian Federation (upon requests from law enforcement, tax, and other authorized authorities).
The specific composition of suppliers within the listed categories may change. A change in the composition of suppliers within the listed categories and purposes does not require separate notification of the User and does not constitute a change to this Consent.
7. Cross-Border Transfer of Personal Data
The Operator may carry out cross-border transfer of personal data to foreign states in which AI providers, providers of data processing, monitoring, logging, product analytics, CDN/WAF, hosting and other contractors specified in Section 6 of this Consent are located.
By ticking the box of consent to this document, the User agrees that, for the operation of the Service, personal data may be transferred to foreign recipients in the scope and for the purposes specified in Sections 4 and 6 of this Consent and in the Personal Data Processing Policy.
The cross-border transfer of personal data is carried out after the Operator has sent the relevant notification to Roskomnadzor in the manner of Article 12 of Federal Law No. 152-FZ. If the composition of foreign recipients is expanded, the Operator updates the notification before the start of such transfer.
AI providers are not transferred the User’s account identifiers (e.g., account email) unless required for the operation of the Service. However, the content of requests, files, audio, images or user context may contain personal data if the User independently includes them in the request.
8. Term of Consent and Withdrawal Procedure
8.1. This Consent is valid from the moment it is given and until the moment of its withdrawal by the User or the cessation of the purposes of processing.
8.2. Storage periods for individual categories of personal data:
- Raw audio fragments — until transcription is completed, but not more than 24 hours.
- Raw screen images and screenshots — until processing is completed and an AI response is generated, but not more than 30 days.
- AI responses, transcripts and dialog history — for the period of existence of the account or until deletion by the User of the relevant dialogs.
- User materials (files, notes, resumes, legends, system prompts, user context) — for the period of existence of the account or until deletion by the User.
- Account data — for the entire period of existence of the User’s account. After the account is deleted, the data is subject to destruction within 30 calendar days, with the exception of data subject to retention by law.
- Payment and transaction data — 5 (five) years from the moment the relevant transaction is carried out (for the purposes of complying with the requirements of the tax legislation of the Russian Federation).
- Anti-fraud and chargeback data — up to 3 (three) years if retention is necessary for the consideration of payment disputes, protection of the Operator’s rights and security purposes.
- Consents, versions of legal documents and information about acceptance — for the term of the Agreement and 3 (three) years after its termination.
- Support request data — 3 (three) years from the moment the request is closed.
- Access logs and security logs — 1 (one) year.
- Pseudonymized analytical data linked to a user or device identifier — for the period of existence of the account and 12 months after its deletion.
- Genuinely anonymized analytical data that does not allow identification of the subject may be stored indefinitely.
8.3. Withdrawal of Consent. The User has the right to withdraw this Consent at any time by sending a written request to the Operator’s email address: admin@offerhack.tech with the subject line “Withdrawal of consent to the processing of personal data” and indicating the email address of the account.
8.4. From the moment the withdrawal of Consent is received, the Operator ceases the processing of personal data within a period not exceeding 10 (ten) business days and ensures the destruction of personal data within 30 (thirty) calendar days, except in cases where processing may be continued on other legal grounds provided for by Part 5 of Article 21 of Federal Law No. 152-FZ (in particular, to comply with the requirements of the law, to protect the Operator’s rights in legal proceedings, etc.).
9. Rights of the Personal Data Subject
In accordance with Articles 14, 20, and 21 of Federal Law No. 152-FZ, the User has the right to:
- receive information about the fact that their personal data is processed by the Operator, the purposes and methods of its processing, the storage periods, and the list of data processed;
- demand the clarification, blocking, or destruction of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing;
- withdraw this Consent;
- object to decisions that produce legal consequences for the User based solely on the automated processing of personal data;
- appeal against the actions or inaction of the Operator to Roskomnadzor and/or in court.
All requests related to the exercise of the said rights should be sent to the Operator’s email address: admin@offerhack.tech. The Operator’s response time is no later than 10 (ten) business days from the moment the request is received (with the possibility of extension by up to 5 business days on the grounds provided for by Part 8 of Article 14 of No. 152-FZ).
10. Consequences of Refusal to Give Consent
Giving this Consent is a necessary condition for registration with the OfferHack Service and the use of its functional capabilities. If the User refuses to give Consent, the Operator will not be able to:
- create the User’s account;
- provide access to the Service;
- process subscription payments;
- issue a payment receipt;
- provide customer support.
Withdrawal of Consent after registration may result in the suspension of the provision of services until the User’s account is deleted.
By ticking the checkbox “I consent to the processing of personal data” in the registration form on the offerhack.tech Website, the User confirms that they have carefully read this Consent, understand its content, and unconditionally agree to all of its provisions.
