Privacy Policy

This Privacy Policy (hereinafter — "Policy") defines the procedure for processing and protecting personal data of users of the AppStar service (hereinafter — "Service"). Data Controller: AppStar LLC TIN: 7819318014 Address: Russia, St. Petersburg The Policy is developed in accordance with: • Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" • Federal Law No. 149-FZ dated 27.07.2006 "On Information" • Government Decree No. 1119 dated 01.11.2012 By using the Service, you consent to processing of personal data in accordance with this Policy.

We process the following categories of personal data: Data provided by user: • Name (surname, first name) • Email address • Phone number (if provided) • Organization name (if provided) Data collected automatically: • IP address • Browser type and version • Device and operating system data • Cookies and session identifiers • Date and time of visit • Referrer source Payment data: • Transaction history • Selected plans and services Note: Bank card data is not stored on Operator's servers; processing is performed by T-Bank payment system.

Personal data is processed for the following purposes: • User registration and identification in the Service • Providing access to Service features • Payment processing and accounting • Communication with users on support issues • Sending Service notifications (service messages) • Sending informational and marketing materials (with user consent) • Improving Service quality and user experience • Ensuring security and fraud prevention • Compliance with Russian Federation legislation • Protection of Operator's rights and legitimate interests

Personal data processing is based on: • Data subject's consent (Art. 6 Part 1 Clause 1 of FZ-152) • Contract performance (Art. 6 Part 1 Clause 5 of FZ-152) — Terms of Service and Public Offer • Operator's legitimate interests (Art. 6 Part 1 Clause 7 of FZ-152) — security, analytics • Legal compliance (Art. 6 Part 1 Clause 2 of FZ-152) Consent for personal data processing is given by registering in the Service and accepting the Terms of Service.

Operator may transfer personal data to: • Tinkoff Bank JSC (T-Bank) — for payment processing • Hosting providers — to ensure Service operation • Analytics services (Yandex.Metrica, Google Analytics) — anonymized data • Government authorities — upon request in accordance with Russian law Operator does NOT sell personal data to third parties. When transferring data, Operator requires third parties to maintain confidentiality and apply data protection measures.

Personal data may be transferred to countries providing adequate protection of data subject rights. When using foreign services (Google Analytics, cloud providers), data may be processed on servers outside Russia in accordance with Art. 12 of FZ-152.

Operator implements technical and organizational measures to protect data: Technical measures: • Data encryption during transmission (SSL/TLS, HTTPS) • Secure password storage (bcrypt hashing) • Unauthorized access protection (firewall, monitoring) • Regular backups • Use of secure data centers Organizational measures: • Restricted access to personal data • Employee training on security requirements • Appointment of person responsible for PD processing • Regular security audits

Personal data is stored: • Account data — during Service use + 3 years after account deletion • Transaction data — 5 years (accounting requirements) • Technical logs — 1 year • Cookies — up to 1 year or until user deletion After retention period expires, data is destroyed or anonymized.

Under FZ-152 you have the right to: • Obtain information about processing of your personal data • Access your personal data • Request correction, blocking or destruction of data • Withdraw consent for data processing • Appeal Operator's actions to Roskomnadzor or court To exercise rights, send request to: private@appstar.com.ru Request processing time — up to 30 days. Upon withdrawal of consent, access to paid Service features will be terminated.

Service uses cookies for: Necessary cookies: • User authorization (session) • Saving language settings • Security (CSRF tokens) Analytics cookies: • Yandex.Metrica — traffic analysis • Google Analytics — user behavior analysis You can disable cookies in browser settings. Disabling may affect some Service features.

Operator may change this Policy. • Current version is posted at localhost/privacy • Users are notified of significant changes by email • Continued use of the Service means agreement with changes

You can request deletion of your account and associated data. How to request deletion: 1. Send an email to private@appstar.com.ru with subject "Account Deletion" 2. Specify the email associated with your account 3. Confirm the request by replying to the verification email Data that will be deleted: • Account data (name, email, phone) • Generation history and settings • Cookies and session data Data that is retained: • Transaction history — 5 years (Russian accounting requirements) • Anonymized analytics data Deletion timeline: • Request processing — up to 30 days • Data deletion — within 7 days after confirmation • Backup copies — up to 90 days After account deletion, recovery is not possible.

For personal data processing questions: AppStar LLC TIN: 7819318014 Email: private@appstar.com.ru Telegram: @appstar_support Website: localhost Mailing address: Russia, St. Petersburg Supervisory authority: Roskomnadzor Department for the Northwestern Federal District