Documentation
PRIVACY POLICY
Legal Notice: This document is drawn up in Russian, which is the only version having legal force. The English translation is provided solely for convenience of reference. In the event of any discrepancy between the translation and the original, the Russian text shall prevail. Disputes arising in connection with the interpretation of this document shall be resolved in accordance with the legislation of the Russian Federation.
Original (Russian): Политика конфиденциальности
  1. GENERAL PROVISIONS
    1. This Privacy Policy (hereinafter — the "Policy") of the "XSDB" service (hereinafter — the "Service") applies to all information that Danilov Anton Alekseevich (hereinafter — the "Operator") may receive about a user (hereinafter — the "User") during the User's use of the Service.
    2. In compliance with the requirements of Part 2 of Article 18.1 of the Federal Law "On Personal Data" dated 27.07.2006 No. 152-FZ (hereinafter — "FZ-152"), the Policy is published in open access on the Internet at: https://xsdb.cloud/docs/legal-privacy-policy.
    3. The Operator does not verify the accuracy of personal data received from the subject of personal data.
    4. The Policy determines the procedure for the processing and protection of personal data by the Operator. The Operator processes personal data in accordance with the requirements of the Federal Law dated 27.07.2006 No. 152-FZ "On Personal Data" and independently determines the composition and list of necessary and sufficient legal, organizational, and technical measures to ensure their protection. The Operator takes necessary measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions.
    5. In cases provided for by the legislation of the Russian Federation, the Operator obtains separate consent from the subject of personal data for the processing of their personal data.
  2. TERMS AND DEFINITIONS
    1. For the purposes of application and interpretation of the Policy, the following terms are used:
      1. Processing of personal data — any action (operation) or set of actions (operations) performed with personal data, including collection, recording, systematization, accumulation, storage, clarification, retrieval, use, transfer, depersonalization, blocking, deletion, destruction.
      2. Personal data operator / Operator — Danilov Anton Alekseevich (INN 253205380476), independently or jointly with other persons organizing and/or carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data subject to processing, and the actions (operations) performed with personal data.
      3. Personal data — any information relating to a directly or indirectly identified or identifiable natural person.
      4. User — a natural person using the functional capabilities of the Service through an account.
      5. User Content — data, records, scenarios, dashboards, files, and other information that the User independently creates, uploads, places, modifies, deletes, or otherwise processes in the Service.
      6. Service Visitor — a natural person who has opened the Service website, views its pages, or otherwise interacts with the Service interface prior to registration, authorization, or without using an account.
      7. XSDB Service / Service — the Operator's online service available at https://xsdb.cloud, at all levels of the specified domain, as well as via the Telegram bot (@xsdb_cloud_bot), intended to provide Users with functional capabilities for creating, storing, processing, and managing structured data and user content, including the use of automation, visualization, and other built-in Service functions, including through the use of artificial intelligence technologies.
      8. Shared Access — a functional capability of the Service that allows a User to grant one or more other registered Users of the Service access to a document or other User Content within the scope and volume determined by the Service functionality and the settings of the User who granted such access.
      9. Subject of personal data — a natural person to whom the personal data processed by the Operator relates, as well as other natural persons whose personal data may be processed by the Operator in cases provided for by the Policy and the legislation of the Russian Federation.
      10. Account — a personal section of the user in the Service, access to which is provided after registration and/or authorization.
  3. PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL DATA
    1. Processing of personal data is carried out by the Operator using automation tools, and in necessary cases also without the use of such tools.
    2. The Operator processes personal data on a lawful and fair basis, limits processing to the achievement of specific, predetermined, and lawful purposes, and does not allow the processing of personal data that is incompatible with the purposes of their collection.
    3. The content and volume of processed personal data correspond to the declared purposes of processing and are not excessive in relation to such purposes.
    4. When collecting personal data, the Operator ensures the recording, systematization, accumulation, storage, clarification, and retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
    5. The Service infrastructure is hosted on the territory of the Russian Federation using the Yandex Cloud cloud infrastructure. Backup is carried out within the same infrastructure.
    6. Processing of personal data ceases upon achievement of the processing purposes, loss of necessity for their achievement, expiration of processing periods, withdrawal of consent by the subject of personal data if processing is carried out on the basis of consent, as well as in other cases provided for by the legislation of the Russian Federation.
  4. RIGHTS AND OBLIGATIONS
    1. The Operator is obliged to:
  • process personal data in accordance with the legislation of the Russian Federation;
  • take necessary legal, organizational, and technical measures to protect personal data;
  • provide subjects of personal data with information about the processing of their personal data;
  • consider appeals and requests from subjects of personal data;
  • fulfill the requirements of authorized state bodies;
  • publish this Policy in open access.
    1. The subject of personal data has the right to:
  • receive information relating to the processing of their personal data;
  • demand clarification, blocking, or destruction of personal data in cases provided for by the legislation of the Russian Federation;
  • withdraw consent to the processing of personal data if processing is carried out on the basis of consent;
  • appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of subjects of personal data or in court;
  • exercise other rights provided for by the legislation of the Russian Federation.
  1. PURPOSES, CATEGORIES, AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
No.
Purpose of Processing
Category of Personal Data Subjects
List of Personal Data
Legal Grounds
Processing/Storage Period
1
Registration of the User in the Service, creation of an account, provision of access to the account, authorization and identification of the User.
Service Users
• Email address; data received from the authorization service if the User uses login through an external service, including:
 • when authorizing via Yandex — email address, login, first name, last name, gender, profile image;
 • when authorizing via Telegram — user name, username, profile photo, account identifier;
• technical data necessary for logging into the account and protection against unauthorized access
• Conclusion and execution of an agreement with the user;
• exercise of the rights and legitimate interests of the Operator related to ensuring the security and operability of the Service
During the period of use of the account, as well as until the expiration of the periods necessary for the fulfillment of the Operator's obligations, consideration of claims, resolution of disputes, and protection of the Operator's rights
2
Provision to the user of the Service functionality for creating, storing, modifying, deleting, and restoring User Content
Service Users
• Account data;
• User Content, including records in tables, scenarios, dashboards, files, and other information uploaded or created by the User in the Service;
• metadata associated with User Content, including information about structure, versions, creation time, modification, deletion, and restoration
Conclusion and execution of an agreement with the User
During the period of placement of content by the User in the Service; deleted content and its versions may be stored for up to 7 calendar days for restoration, ensuring Service resilience, and protection against errors; metadata may be stored longer within the periods necessary for the execution of the agreement, ensuring security, consideration of claims, and compliance with legislative requirements
3
Processing of user inquiries, customer and technical support
• Service Users;
• Service Visitors
• Name or pseudonym provided by the subject of personal data when submitting an inquiry, as well as other data necessary for identification of the inquiry;
• email address; information contained in the inquiry;
• files attached to the inquiry;
• other data that the User independently provides when submitting an inquiry
• Conclusion and execution of an agreement with the User;
• exercise of the rights and legitimate interests of the Operator related to the maintenance of the Service and processing of inquiries
During the period necessary for consideration of the inquiry, fulfillment of obligations to the User, resolution of disputes, consideration of claims, and protection of the Operator's rights
4
Ensuring the security, stability, and correct operation of the Service, diagnostics and elimination of errors
• Service Users;
• Service Visitors
• IP address;
• information about the browser, operating system, and device;
• date and time of access to the Service;
• information about crashes and critical errors;
• technical logs necessary for diagnostics of malfunctions
• Exercise of the rights and legitimate interests of the Operator related to ensuring the security, stability, and operability of the Service;
• execution of the agreement with the User
During the period necessary to ensure security, diagnose failures, eliminate malfunctions, and ensure stable operation of the Service, unless a different period is established by the legislation of the Russian Federation
5
Execution of User requests when using artificial intelligence functions, if such functions are available in the Service
Service Users
• Name or pseudonym, if such information is used to identify the User in the course of executing the request;
• Text of the User's request;
• User Content or a portion thereof that the User independently submits for processing using the corresponding function;
• technical data necessary for the execution of the request
• Conclusion and execution of an agreement with the User;
• exercise of the rights and legitimate interests of the Operator related to ensuring the functioning of the Service
During the period necessary for the execution of the corresponding user request, as well as within the periods of storage of User Content and related metadata established by the Policy and the Service architecture
6
Provision of Shared Access functionality for user content, management of access rights to documents, and display of information about users participating in collaborative work
Service Users
• Account data;
• user identifiers;
• name,
• pseudonym, username, and profile image to the extent used by the Service functionality;
• information about the granting, modification, restriction, and termination of access to a document;
• information about users who have access to the document;
• metadata associated with collaborative work on a document
• Conclusion and execution of an agreement with the User;
• exercise of the rights and legitimate interests of the Operator related to ensuring the functioning of the Service
During the period of shared access to the document, and thereafter within the periods necessary for the execution of the agreement, ensuring security, consideration of claims, resolution of disputes, and compliance with the requirements of the legislation of the Russian Federation
  1. ACCESS TO PERSONAL DATA AND CONTENT STORAGE FEATURES
    1. Access to personal data is provided only to those persons who need it for the fulfillment of official, contractual, or technical obligations related to ensuring the functioning of the Service, processing of inquiries, and compliance with the requirements of the legislation of the Russian Federation.
    2. The Service provides for user and administrative access levels.
    3. Administrative access at the Service level is not intended to obtain access to the content of user content beyond the scope necessary for administration, technical support, diagnostics of malfunctions, and fulfillment of the Operator's obligations.
    4. The Service provides the capability to encrypt data in tables. Such encryption is applied only after the explicit enabling of the corresponding setting by the User and is performed on the User's device.
    5. The Operator and its employees do not have the technical capability to access encrypted data in tables in plain text without the use of data under the User's control.
    6. The specified encryption mechanism does not automatically extend to other data, including account data, scenarios, dashboards, files, support inquiries, metadata, and other information, unless otherwise expressly provided for by the Service functionality.
    7. Metadata, account information, and other data not subject to client-side encryption may be accessible to the Operator to the extent necessary for the functioning of the Service, its support, administration, diagnostics, and ensuring security. The Operator and its employees do not have the technical capability to access the encrypted portion of user content in plain text without the use of data under the user's control.
    8. At the same time, certain metadata, account information, and other data not subject to client-side encryption may be accessible to the Operator to the extent necessary for the functioning of the Service, its support, administration, diagnostics, and ensuring security.
    9. Within the framework of the Shared Access functionality, a User may grant access to documents to other registered users of the Service. In such a case, other users may, within the scope of the Service functionality, have access to information about the document author, including name, pseudonym, and profile image, and the document author may have access to information about the users to whom access has been granted.
    10. Within the framework of the shared access functionality, a User may grant access to documents and other user content to other registered users of the Service. In such a case, within the scope of the Service functionality, other users may have access to information about the document author, including name, pseudonym, username, and profile image, and the document author may have access to information about the users to whom access has been granted.
  2. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
    1. The Operator has the right to transfer personal data to third parties in the following cases:
  • if such transfer is necessary for the execution of the agreement with the User;
  • if the User has independently initiated the corresponding action;
  • if the transfer is necessary for the functioning of the Service;
  • if the obligation to transfer is provided for by the legislation of the Russian Federation;
  • if such transfer is necessary for the protection of the rights and legitimate interests of the Operator in cases provided for by the legislation of the Russian Federation.
    1. For the purpose of ensuring the functioning of the Service, the Operator may engage third parties providing infrastructure and technology services, including cloud hosting and data storage services on the territory of the Russian Federation.
    2. When the User uses artificial intelligence functions, the Operator may transmit to Yandex Cloud services the data that the User independently submits for the execution of the corresponding request.
    3. Transfer of data for the execution of an AI request is carried out to the extent necessary for the execution of the corresponding user request.
    4. When transferring user content to the corresponding Yandex Cloud services, the Operator, provided there is an appropriate technical capability and within the limits of the interaction interface used, transmits a technical prohibition on logging and use of such content for model training by setting the parameter x-data-logging-enabled: false.
    5. As of the date of approval of the Policy, the Operator does not declare systematic cross-border transfer of personal data within the primary operating model of the Service.
    6. Personal data may be provided to state bodies, local government bodies, and other authorized persons in cases and in the manner provided for by the legislation of the Russian Federation.
  1. USER CONTENT AND THIRD-PARTY DATA
    1. The User independently determines the composition of the information they place in the Service and bears responsibility for the lawfulness of its placement and processing.
    2. The User undertakes not to place personal data of third parties in the Service in the absence of a proper legal basis provided for by the legislation of the Russian Federation.
    3. If the User places personal data of third parties in the Service, the User guarantees that they possess all necessary rights, consents, and other lawful grounds for such processing.
    4. The Operator does not use User Content for purposes unrelated to providing the User with the functional capabilities of the Service, except in cases expressly provided for by the legislation of the Russian Federation.
  2. PERIODS OF PROCESSING AND STORAGE OF PERSONAL DATA
    1. Personal data is processed and stored no longer than required by the purposes of processing, unless a different storage period is established by the legislation of the Russian Federation.
    2. Account data is processed during the period of the User's use of the Service, and thereafter during the periods necessary for the fulfillment of the Operator's obligations, consideration of inquiries and claims, resolution of disputes, and protection of the Operator's rights.
    3. User Content is stored during the period of its placement by the User in the Service.
    4. Upon deletion of user content through the Service interface, the corresponding content is marked as deleted and is subject to final deletion within a period not exceeding 7 (seven) calendar days.
    5. During the specified period, deleted content may be available for restoration by the User if such function is provided by the Service.
    6. The change history and individual versions of user content may be stored for no more than 7 (seven) calendar days for the purpose of ensuring the possibility of restoration, protection against errors, and ensuring the resilience of the Service.
    7. Metadata associated with user content and the use of the Service may be stored longer than the content itself within the periods necessary for the execution of the agreement, ensuring security, consideration of claims, resolution of disputes, and compliance with the requirements of the legislation of the Russian Federation.
    8. Technical logs, information about critical errors, and other technical data are stored for the period necessary for diagnostics of malfunctions, ensuring security, and stable operation of the Service, unless a different period is established by the legislation of the Russian Federation.
  3. UPDATING, BLOCKING, DELETION, AND DESTRUCTION OF PERSONAL DATA
    1. The subject of personal data has the right to apply to the Operator with a request:
  • to provide information relating to the processing of their personal data;
  • to clarify their personal data;
  • to block or destroy their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the declared purpose of processing;
  • to withdraw consent to the processing of personal data if processing is carried out on the basis of consent.
    1. To exercise their rights, the subject of personal data sends an appeal to the email address: support@xsdb.cloud.
    2. The Operator considers appeals from subjects of personal data and provides responses within the time limits and in the manner established by the legislation of the Russian Federation.
    3. Upon confirmation of the inaccuracy of personal data, the Operator clarifies the personal data within the time limits provided for by the legislation of the Russian Federation.
    4. Personal data is subject to destruction or cessation of its processing upon achievement of the processing purposes, loss of necessity for their achievement, withdrawal of consent by the subject of personal data if processing is carried out on the basis of consent, detection of unlawful processing, as well as in other cases provided for by the legislation of the Russian Federation.
    5. If at the time of the appeal deletion of the account through the Service interface is unavailable, the User has the right to send the corresponding request to the support service, after which the Operator organizes the deletion of the account and the data associated with it within the scope and time limits permitted by the legislation of the Russian Federation and the Service architecture.
  1. MEASURES FOR THE PROTECTION OF PERSONAL DATA
    1. The Operator takes necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions.
    2. Such measures include, in particular:
  • restriction of access to personal data;
  • use of authentication and access control tools;
  • application of secure data transmission channels;
  • backup;
  • monitoring of infrastructure operation and detection of incidents;
  • software updates and remediation of identified vulnerabilities;
  • adoption of organizational measures aimed at preventing unauthorized access to data.
  1. FINAL PROVISIONS
    1. The Policy enters into force from the moment of publication and remains in effect indefinitely (until replaced by a new version).
    2. The Operator has the right to make changes to this Policy.
    3. A new edition of the Policy enters into force from the moment of its placement in the Service, unless a different period is provided for by the new edition of the Policy.
    4. The current edition of the Policy is available at: https://xsdb.cloud/docs/legal-privacy-policy
  2. CONTACTS FOR MATTERS RELATED TO THE PROCESSING OF PERSONAL DATA
    1. On all matters related to the processing of personal data, the subject of personal data may contact the Operator at the email address: support@xsdb.cloud.
  3. OPERATOR DETAILS
Danilov Anton Alekseevich
INN: 253205380476
Address: Russian Federation, Saint Petersburg, intracity municipality of Saint Petersburg, municipal okrug Porokhovye, Lagody Street, building 7, structure 1, apartment 307
Email for inquiries: support@xsdb.cloud
Version No. 1 as amended on 20.04.2026