Privacy Policy

1.1. The data controller is ИП Попов Иван Петрович, ИНН 521600320843 (the «Controller»), which operates the PublPost internet service available at publpost.ru (the «Service»).

1.2. This Policy is based on Russian Federal Law No. 152-FZ of July 27, 2006 «On Personal Data», EU Regulation 2016/679 (GDPR) where applicable to processing of users from EU/EEA countries, and other Russian legal acts on the protection of personal data.

1.3. By registering with the Service and/or using its functionality, the User gives unconditional consent to this Policy and the personal data processing terms set out in it. If the User disagrees with the Policy, they must stop using the Service.

1.4. PublPost is a social media management platform providing tools for scheduling, creating, automatically publishing content, and analytics.

We process personal data for the following purposes:

• Service provision — registration and authentication, content publishing to social networks, post scheduling, publication analytics
• Communication — sending notifications about publication status, technical updates, terms of service changes
• Service improvement — usage analysis to identify bugs, optimise performance, and develop new features
• Security — preventing unauthorised access, detecting fraud and abuse
• Legal obligations — payment processing, reporting, compliance with applicable law
• AI content generation — passing text data (prompts, account context) to AI providers to generate content at the User's request

Personal data processing is carried out on the following legal grounds (Article 6 of FZ-152, Article 6 of GDPR):

• Consent of the data subject (Article 6.1.1 FZ-152, Article 6(1)(a) GDPR) — at registration, newsletter subscription, use of analytics cookies
• Performance of a contract (Article 6.1.5 FZ-152, Article 6(1)(b) GDPR) — to provide Service features, process payments, publish content to social networks
• Legitimate interest of the Controller (Article 6(1)(f) GDPR) — to ensure Service security, prevent abuse, improve service quality
• Legal obligation (Article 6.1.2 FZ-152, Article 6(1)(c) GDPR) — to comply with tax and other legislation

5.1. User personal data is stored on servers located within the territory of the Russian Federation, in accordance with Article 18 part 5 of FZ-152.

5.2. Personal data retention periods:

5.3. Data is transmitted over the secure HTTPS protocol (TLS 1.2+). Passwords are stored as cryptographic hashes (bcrypt). Social network access tokens are stored in encrypted form.

5.4. After account deletion, personal data is erased within 30 days, except for data retained as required by law.

6.1. We do not sell User personal data to third parties. Data is shared only in the cases described below, and only to the extent necessary for the stated purposes.

Pursuant to Article 14 of FZ-152 and Chapter III of the GDPR, you have the following rights:

• Right of access — you may request information about which of your personal data we process, for what purposes, and to whom it has been disclosed
• Right of rectification — you may update or correct your personal data in your profile settings or by contacting us via email
• Right to erasure — you may delete your account and all associated data in the Service settings. After deletion, the data will be permanently erased within 30 days
• Right to withdraw consent — you may withdraw consent for personal data processing at any time by sending a request to support@publpost.ru. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
• Right to data portability — you may request a copy of your data in a machine-readable format
• Right to restriction of processing — you may demand restriction of processing of your data in cases provided for in Article 18 GDPR
• Right to lodge a complaint — you may lodge a complaint with Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media): rkn.gov.ru

To exercise any of these rights, send a request to support@publpost.ru. We will respond within 30 days.

8.1. The Service uses cookies — small text files saved in the User's browser.

8.2. Types of cookies used:

8.3. You can disable cookies in your browser settings. Note that disabling necessary cookies will prevent the Service from being used (no authentication).

8.4. To disable analytics cookies for Yandex.Metrica, you can use the Yandex.Metrica blocking extension.

9.1. We take all necessary organisational and technical measures to protect personal data from unauthorised access, destruction, modification, blocking, copying, distribution, or other unlawful actions by third parties.

9.2. Security measures applied:

• Data transmission over the secure HTTPS protocol (TLS 1.2+)
• Password hashing using bcrypt (with individual salts)
• Encryption of social network access tokens
• Access control within the Service
• Regular data backups
• Suspicious activity monitoring
• CSRF, XSS, and SQL injection protection at the application level

9.3. Despite the measures taken, we cannot guarantee absolute security of data transmitted over the internet. In the event of a data breach, we will notify affected Users and the relevant authorities within the timelines established by law.

10.1. The Service is not intended for persons under 16 years old. We knowingly do not collect personal data of minors.

10.2. If we become aware that we have received personal data of a person under 16 years old without parental or legal guardian consent, we will take steps to delete such data as soon as possible.

10.3. If you are a parent or legal guardian and believe that your child has provided us with personal data, please contact us at support@publpost.ru.

11.1. We reserve the right to make changes to this Policy. The current version is always available at publpost.ru/privacy.

11.2. In the event of material changes, we will notify Users by email at least 14 days before the changes take effect.

11.3. Continued use of the Service after the changes take effect constitutes the User's acceptance of the updated Policy.

For all questions related to personal data processing, you can contact the Controller:

Response time: within 30 days of receiving the request.