Politique de confidentialité

Locked minimum (D-19a). Expanding this list requires an explicit product/legal change.

We DO NOT collect: phone, name, passport / INN / SNILS, DOB, card data, biometrics, geolocation, or "About me" free-text.

• email address
• OAuth provider + provider_user_id (Google / GitHub)
• jurisdiction (RU or INTL, set on signup; binding for billing-rail routing)
• client_ip on signup events
• last-seen User-Agent on signup
• stripe_customer_id (only when paid plans launch — billing is deferred, so none is collected today)

These sub-processors process some data on our behalf:

• Stripe US - international card payments (only when paid plans launch; not active today)
• Yookassa RU - Russian-resident card payments (only when paid plans launch; not active today)
• Sentry US - error telemetry (operational)
• omni (omni.oxicom.ru) RU - LLM gateway: idea text for verdict generation
• OpenRouter US - text embeddings for similar-idea matching
• Backblaze US - international DB backups
• Yandex RU - RU-region DB backups (152-FZ data localization)

We use session, anon_id, and csrf cookies only. They are required for login, anonymous analyses, and CSRF defense.

No analytics cookies. No Google Analytics, no Mixpanel, no third-party trackers.

• Access: /settings -> "Export my data" (152-FZ Art. 14 / GDPR Art. 15)
• Deletion: /settings -> "Delete my account" (152-FZ Art. 21 / GDPR Art. 17)
• Withdraw consent: same self-serve delete path

Application-layer deletion is immediate. Encrypted backup blobs can remain for up to 30 days under the D-39 lifecycle window.

Operator and data controller: OOO OKSIKOM, INN 7807245570, OGRN 1217800001352. Data requests: privacy@ideatribunal.com. Support: support@ideatribunal.com.