Privacy Policy
1. General provisions
This Policy describes how personal data of users of the Alertov service (the "Service") is processed. It applies to all information the Operator may obtain about a user in the course of providing the Service. The Policy is prepared in accordance with Russian Federal Law No. 152-FZ of 27 July 2006 "On Personal Data" and other applicable Russian data-protection regulations.
Personal data operator: {{ORG_NAME}} (sole proprietor / LLC Alertov). Contact for requests related to personal data: privacy@alertov.ru.
By using the Service and providing personal data at registration, the User confirms that they have read this Policy and consent to the processing of their personal data on the terms set out below. This Policy applies to users of the web interface and of the Telegram bot integrated with the Service.
2. Categories of data processed
In connection with the Service, the Operator processes the following categories of data:
- email address;
- password as a cryptographic hash (the plaintext password is never stored);
- name and team name;
- Telegram chat_id and related information required to deliver notifications;
- IP addresses and sign-in logs (timestamp, User-Agent, authentication outcome);
- service data generated through use of the Service: schedules, escalation policies, incidents.
3. Purposes of processing
- providing Service functionality: managing schedules, escalations, and delivering incident notifications;
- authentication and access control;
- delivering notifications via Telegram and other agreed channels;
- ensuring security, preventing abuse, and investigating incidents;
- complying with the laws of the Russian Federation.
4. Legal basis
Processing is based on the consent of the data subject, given at registration; on the performance of the user agreement (contract); and on the Operator's legitimate interests in the security and operation of the Service.
5. Storage location and cross-border transfer
Personal data of citizens of the Russian Federation is recorded, organised, accumulated, stored, updated, and retrieved using databases located on servers within the territory of the Russian Federation (hosting provider: Timeweb). Cross-border transfer of personal data is not performed during normal operation of the Service, except as explicitly described in section 6.
6. Transfer to third parties
Personal data may be transferred to the following third parties in the minimum volume required:
- Telegram Messenger LLP — to deliver incident notifications (chat_id and notification text are transmitted);
- payment providers — once paid plans are introduced (the list will be updated before billing launches and users will be notified);
- state authorities — in cases and to the extent required by the laws of the Russian Federation.
7. Retention period
Personal data is retained for the duration of Service use and for 30 calendar days after account deletion, unless a different period is required by law. At the end of this period the data is deleted or anonymised.
8. Rights of the data subject
Under Article 14 of 152-FZ, the data subject has the right to:
- obtain information about the fact, purposes, and methods of processing of their data;
- request correction, blocking, or deletion of personal data if it is incomplete, outdated, inaccurate, or obtained unlawfully;
- request restriction of processing;
- withdraw consent to processing;
- appeal actions or inaction of the Operator to the authorised data protection body (Roskomnadzor) or to a court.
Requests should be sent to privacy@alertov.ru. Responses are provided within the time limits set by 152-FZ.
9. Cookies and similar technologies
The Service uses only a technical session cookie (HttpOnly, SameSite=Lax) required to maintain the authenticated session. Advertising cookies, third-party trackers, and behavioural analytics tools are not used.
10. Security measures
The Operator takes technical and organisational measures to protect personal data from unauthorised access, destruction, alteration, blocking, copying, and distribution, including traffic encryption (HTTPS/TLS), password hashing with a brute-force-resistant algorithm (Argon2id), application- and database-level access control, and administrator action logging. Database backups are performed regularly; backups are encrypted and stored on servers located in the Russian Federation.
11. Changes to this Policy
The Operator may amend this Policy. The current version is always available at /en/privacy. Users are notified of material changes by email at least 30 days before such changes take effect.