● DATENSCHUTZ

Datenschutzerklärung

IdeaTribunal ist der Data Controller. Diese Erklärung setzt 152-FZ + GDPR Art. 13/14/15-17/21 für den minimalen D-19a Datensatz um.

1. Personenbezogene Daten, die wir sammeln

Locked minimum (D-19a). Expanding this list requires an explicit product/legal change.

We DO NOT collect: phone, name, passport / INN / SNILS, DOB, card data, biometrics, geolocation, or "About me" free-text.

email address
OAuth provider + provider_user_id (Google / GitHub)
jurisdiction (RU or INTL, set on signup; binding for billing-rail routing)
client_ip on signup events
last-seen User-Agent on signup
stripe_customer_id (only when paid plans launch — billing is deferred, so none is collected today)

2. Sub-processors

These sub-processors process some data on our behalf:

Stripe US - international card payments (only when paid plans launch; not active today)
Yookassa RU - Russian-resident card payments (only when paid plans launch; not active today)
Sentry US - error telemetry (operational)
omni (omni.oxicom.ru) RU - LLM gateway: idea text for verdict generation
OpenRouter US - text embeddings for similar-idea matching
Backblaze US - international DB backups
Yandex RU - RU-region DB backups (152-FZ data localization)

3. Cookies (nur notwendig)

We use session, anon_id, and csrf cookies only. They are required for login, anonymous analyses, and CSRF defense.

No analytics cookies. No Google Analytics, no Mixpanel, no third-party trackers.

4. Deine Rechte

Access: /settings -> "Export my data" (152-FZ Art. 14 / GDPR Art. 15)
Deletion: /settings -> "Delete my account" (152-FZ Art. 21 / GDPR Art. 17)
Withdraw consent: same self-serve delete path

5. Backup-Aufbewahrung

Application-layer deletion is immediate. Encrypted backup blobs can remain for up to 30 days under the D-39 lifecycle window.

6. Kontakt

Operator and data controller: OOO OKSIKOM, INN 7807245570, OGRN 1217800001352. Data requests: privacy@ideatribunal.com. Support: support@ideatribunal.com.