Privacy Policy

The locked minimum. A future internal change that adds a field to this list lands a CI failure.

We DO NOT collect: phone, name, passport / INN / SNILS, DOB, card data, biometrics, geolocation, or "About me" free-text.

• email address
• OAuth provider + provider_user_id (Google / GitHub)
• jurisdiction (RU or INTL, set on signup; binding for billing-rail routing)
• client_ip on signup events
• last-seen User-Agent on signup
• stripe_customer_id (only when paid plans launch — billing is deferred, so none is collected today)

These sub-processors process data on our behalf:

• Stripe US - international card payments (only when paid plans launch; not active today)
• Yookassa RU - Russian-resident card payments (only when paid plans launch; not active today)
• Sentry US - error telemetry (operational)
• omni (omni.oxicom.ru) RU - LLM gateway: idea text for verdict generation
• OpenRouter US - text embeddings for similar-idea matching
• Backblaze US - international DB backups
• Yandex RU - RU-region DB backups (152-FZ data localization)

We use three functional cookies: session for login, anon_id for returning anonymous analyses, and csrf for CSRF defense.

We do NOT use analytics cookies. No Google Analytics, no Mixpanel, no third-party trackers. Continued use is acceptance.

• 152-FZ Art. 14 / GDPR Art. 15 - access; self-serve at /settings -> "Export my data"
• 152-FZ Art. 21 / GDPR Art. 17 - destruction; /settings -> "Delete my account"
• 152-FZ Art. 9 / GDPR Art. 7(3) - withdraw consent; same path as deletion

When you delete your account, the application-layer cascade fires immediately. Encrypted database backup blobs can lag the live state by up to 30 days (D-39 bucket lifecycle).

Operator and data controller: OOO OKSIKOM, INN 7807245570, OGRN 1217800001352. Data requests: privacy@ideatribunal.com. Support: support@ideatribunal.com.