Effective date: April 13, 2026 · Revision 3
This Privacy Policy explains how Svyazio ("we", "us", "our") collects, uses, stores, shares, and protects the personal data of users who interact with the Svyazio platform, the operator dashboard, the embeddable chat widget, and the svyazio.com website. This policy applies to all individuals worldwide who use our services, visit our website, or communicate with website visitors through our platform. We are committed to compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the CPRA, the Russian Federal Law No. 152-FZ on Personal Data, and all other applicable data protection legislation. By using our services, you acknowledge that you have read and understood this Privacy Policy.
The data controller responsible for the processing of your personal data is Eduard Pashchenko, operating as a Sole Trader (Individual Entrepreneur) registered in the Russian Federation. The full legal details of the data controller are as follows:
Legal name: Individual Entrepreneur Eduard Andreevich Pashchenko (ИП Пащенко Эдуард Андреевич)
Tax ID (INN): 231221935418
Registration No. (OGRNIP): 321237500279053
Legal address: Krasnodar, Krasnodar Krai, Russian Federation
Privacy inquiries: privacy@svyazio.com
Website: svyazio.com
As the data controller, Eduard Pashchenko determines the purposes and means of processing personal data collected through the Svyazio platform and website. For the purposes of GDPR compliance, the data controller is the natural person identified above. If you are a website operator who uses Svyazio to communicate with your own visitors, you act as an independent data controller for the personal data of your visitors, and Svyazio acts as a data processor on your behalf. The relationship between Svyazio and its operator customers is further governed by the Data Processing Agreement.
Given the scale and nature of current data processing activities, Svyazio has not appointed a separate Data Protection Officer (DPO). All data protection inquiries, rights requests, and privacy-related concerns should be directed to privacy@svyazio.com. We are committed to responding to all legitimate inquiries within the timeframes specified in applicable law.
We collect and process several categories of personal data depending on how you interact with our services. The specific data collected varies based on whether you are a Svyazio operator (a business customer who uses our platform), an agent (an employee of an operator who handles chats), or a website visitor (an end user who communicates through the Svyazio chat widget). Below is a detailed description of each category.
2.1. Account and Registration Data
When you create a Svyazio account as an operator or are invited as an agent, we collect your full name (or a display name you choose), your email address, and an encrypted password. If you choose to sign up through a third-party authentication provider, we receive your name and email address from that provider. We may also collect your phone number if you voluntarily provide it in your profile settings. This data is essential for creating and maintaining your account, authenticating your identity, and providing you with access to the Svyazio dashboard.
2.2. Billing and Payment Data
When you subscribe to a paid plan or make any payment, we collect billing-related information including your billing name, billing address, tax identification number (where applicable), and payment transaction metadata such as the date, amount, and payment method type. We do not store full credit card numbers or CVV codes on our servers. All payment processing is handled by our third-party payment processor, which operates under its own privacy policy and PCI-DSS compliance obligations. We retain billing records, invoices, and transaction history as required by applicable tax and accounting regulations.
2.3. Communication and Chat Data
The core function of Svyazio is to facilitate real-time communication between website operators and their visitors. In the course of providing this service, we process the content of all chat messages exchanged through the Svyazio widget, including text messages, file attachments (images, documents, and other files uploaded during conversations), and any pre-chat form submissions (such as a visitor's name, email, or phone number entered before initiating a chat). For operators using our email channel integration, we also process the content of emails routed through the platform. This data is stored to provide chat history continuity, enable operators to review past conversations, and support quality assurance.
2.4. Usage and Behavioral Data
We collect information about how you interact with the Svyazio dashboard and website. This includes pages visited, features used, buttons clicked, time spent on various sections, navigation patterns, and the frequency and duration of your sessions. For operators, we track dashboard activity such as which settings are configured, how many conversations are handled, and response times. This usage data helps us understand how our product is used, identify areas for improvement, and develop new features that address real user needs.
2.5. Device and Technical Data
When you access our website, dashboard, or interact with the chat widget, we automatically collect certain technical information from your device. This includes your IP address, browser type and version (e.g., Chrome 124, Firefox 128), operating system and version (e.g., Windows 11, macOS 15), device type (desktop, tablet, or mobile), screen resolution, preferred language settings, and the referring URL or UTM parameters that led you to our site. For widget visitors, we additionally collect the URL of the page where the widget is embedded. This technical data is necessary for delivering a functional service, ensuring compatibility, diagnosing technical issues, and maintaining security.
2.6. Cookie and Tracking Data
Our website and platform use cookies and similar tracking technologies to maintain session state, remember your preferences, and collect analytics data. Cookies placed by our analytics and marketing partners (described in detail in Section 5) may collect data such as unique visitor identifiers, session duration, page views, conversion events, and interactions with specific page elements. The Svyazio chat widget uses its own first-party cookies solely to maintain the visitor session and preserve chat history across page navigations. For a complete description of the cookies we use, their purposes, and their lifetimes, please refer to our Cookie Policy.
2.7. Widget Visitor Data
When a visitor interacts with the Svyazio chat widget embedded on an operator's website, we collect and process data specific to that interaction. This includes a unique, per-organization visitor identifier (generated randomly and stored in a first-party cookie), the visitor's IP address, geographic location derived from the IP address (at the city level), browser and device information, the page URL where the conversation was initiated, any information the visitor voluntarily provides in pre-chat forms or during the conversation (name, email, phone number, message content), and the timestamps of all interactions. This data is processed on behalf of the operator (who acts as the data controller for their visitors) and is necessary to deliver the chat functionality, maintain conversation continuity, and enable the operator to provide customer support.
We process personal data only for specific, explicit, and legitimate purposes. Below we describe each purpose along with the corresponding legal basis under Article 6(1) of the GDPR.
3.1. Service Provision and Contract Performance
Legal basis: Article 6(1)(b) — performance of a contract. We process your account data, communication data, and technical data as necessary to perform our contractual obligations to you. This includes creating and managing your account, providing access to the Svyazio dashboard and chat widget, delivering real-time messaging functionality, maintaining chat history, processing file attachments, routing conversations to the appropriate agents, and providing all features included in your subscription plan. Without processing this data, we would be unable to deliver the service you have subscribed to.
3.2. Billing and Financial Processing
Legal basis: Article 6(1)(b) — performance of a contract and Article 6(1)(c) — legal obligation. We process billing data to manage your subscription, generate invoices, process payments and refunds, and maintain accurate financial records. We are also legally required to retain certain billing and transaction records for tax compliance purposes under the Russian Tax Code and applicable international tax treaties. Billing records are retained for the minimum period required by law (see Section 7 for specific retention periods).
3.3. Analytics and Service Improvement
Legal basis: Article 6(1)(f) — legitimate interests. We use analytics tools (described in detail in Section 5) to understand how users interact with our website and platform. This includes tracking page views, feature usage, user flows, and conversion events. Our legitimate interest is to improve the quality, usability, and performance of our service, identify and fix bugs, and make informed decisions about product development. We have assessed that this processing does not override your fundamental rights, particularly because the data is aggregated and pseudonymized for analytical purposes and you can opt out via cookie consent controls.
3.4. Marketing and Advertising
Legal basis: Article 6(1)(a) — consent. With your consent (obtained through our cookie consent mechanism), we may use marketing and advertising tools to measure the effectiveness of our advertising campaigns, track conversions from ad clicks, and deliver relevant advertisements on third-party platforms. This includes the use of Google Ads conversion tracking and Roistat marketing analytics (described in Section 5). You may withdraw your consent at any time by adjusting your cookie preferences, and we will cease marketing-related data processing promptly. We do not send unsolicited marketing emails without prior opt-in consent.
3.5. Security and Fraud Prevention
Legal basis: Article 6(1)(f) — legitimate interests. We process technical data, including IP addresses, session information, and access logs, to protect the security and integrity of our platform. This includes detecting and preventing unauthorized access, identifying suspicious activity, mitigating distributed denial-of-service attacks, enforcing rate limits, and investigating potential violations of our Terms of Service. Our legitimate interest in maintaining a secure platform for all users justifies this processing, and we have implemented appropriate safeguards including data minimization and limited retention of security logs.
3.6. Customer Support
Legal basis: Article 6(1)(b) — performance of a contract and Article 6(1)(f) — legitimate interests. When you contact us for support via email or through the Svyazio widget on our own website, we process the content of your communications and any associated account data to diagnose issues, provide assistance, and resolve your inquiries. For contractual customers, support is part of our service obligations. For prospective customers or visitors, we process support inquiries based on our legitimate interest in providing responsive pre-sales assistance.
3.7. Legal Compliance
Legal basis: Article 6(1)(c) — compliance with a legal obligation. We may process and retain personal data when required to comply with applicable laws, regulatory requirements, court orders, or enforceable government requests. This includes retaining financial records for tax authorities, responding to lawful data disclosure requests from law enforcement agencies, and maintaining records necessary to demonstrate compliance with data protection regulations including the GDPR.
Where we rely on your consent as the legal basis for processing (such as for marketing cookies or optional communications), you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
You can withdraw consent for cookies and tracking technologies by adjusting your preferences through the cookie consent banner on our website, or by clearing cookies in your browser settings. If you wish to withdraw consent for any other processing activity, you may contact us at privacy@svyazio.com and we will act on your request without undue delay.
We share personal data with third parties only when necessary to provide our services, comply with legal obligations, or where you have given consent. We do not sell your personal data. Below is a comprehensive list of the categories of recipients and the specific third-party services we use.
5.1. Google Analytics 4 (GA4)
We use Google Analytics 4, provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to analyze website traffic and user behavior on svyazio.com. GA4 collects data including page views, session duration, user interactions, traffic sources, geographic location (at the country/city level derived from IP addresses), and device/browser information. GA4 uses first-party cookies to distinguish unique users and sessions. IP anonymization is enabled, meaning your full IP address is not stored by Google. Data collected by GA4 is transmitted to and processed on Google's servers in the United States. Google may use this data in accordance with its own privacy policy. We have configured GA4 to retain analytics data for 14 months. Google Privacy Policy. You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
5.2. Google Ads (Conversion Tracking)
We use Google Ads conversion tracking, provided by Google LLC, to measure the effectiveness of our advertising campaigns on the Google Search and Display Networks. When you click on a Svyazio advertisement and subsequently perform a conversion action (such as signing up for an account), Google Ads places a cookie on your device to attribute the conversion to the originating ad click. The data shared includes conversion event type, timestamp, and anonymized user identifiers. No chat content, account credentials, or personal messages are shared with Google Ads. This tracking is activated only when you have consented to marketing cookies. Google Privacy Policy.
5.3. Yandex.Metrika (with Session Replay)
We use Yandex.Metrika, provided by Yandex LLC (16 Lva Tolstogo St., Moscow, 119021, Russian Federation), for website analytics and user experience analysis. Yandex.Metrika collects data similar to GA4 — page views, user interactions, traffic sources, device information, and session duration. Additionally, we use the Webvisor (session replay) feature, which records mouse movements, clicks, scrolling behavior, and form interactions on our website pages. Webvisor recordings are used exclusively to identify usability issues and improve the website experience. Session replay does not capture passwords or payment card data, which are automatically masked. Data collected by Yandex.Metrika is transmitted to and processed on Yandex servers in the Russian Federation. Yandex.Metrika data is retained for up to 12 months. Yandex Privacy Policy.
5.4. Roistat
We use Roistat, provided by Roistat LLC (Russian Federation), for end-to-end marketing analytics. Roistat helps us track the performance of our advertising channels by attributing website visits and sign-ups to specific marketing campaigns, keywords, and traffic sources. The data shared with Roistat includes visit identifiers, traffic source information, UTM parameters, conversion events (sign-up, subscription), and anonymized user identifiers. Roistat does not receive chat content, personal messages, or detailed account information. Roistat Privacy Policy.
5.5. Google Fonts
Our website uses Google Fonts, a font delivery service provided by Google LLC. When you load a page on svyazio.com, your browser makes a request to Google's servers to download the font files used on the page. In the course of this request, Google receives your IP address, the referring page URL, and your browser's user-agent string. Google may use this data in accordance with its privacy policy. This processing is based on our legitimate interest in presenting our website with consistent, high-quality typography. Google Privacy Policy.
5.6. Cloud Infrastructure Providers
Our platform runs on dedicated and virtual private servers provided by third-party infrastructure companies. These providers supply the physical and virtual hardware on which our application, database, and supporting services operate. Infrastructure providers may have physical access to the servers but do not access or process customer data in the ordinary course of operations. All data stored on these servers is encrypted and access is restricted through stringent access controls. Our primary infrastructure providers are located in the Russian Federation and the United States, as further described in Section 6.
5.7. Email Delivery Services
We use email infrastructure (self-hosted mail transfer agents) to send transactional emails such as account verification, password reset, agent invitation notifications, and subscription confirmations. These emails necessarily contain your email address and the relevant message content. Our mail servers are self-hosted and operate within our own infrastructure.
5.8. Legal and Regulatory Disclosures
We may disclose personal data to law enforcement agencies, courts, or regulatory authorities when we are legally compelled to do so by a valid court order, subpoena, or mandatory legal process. We will make reasonable efforts to notify affected users before such disclosure, unless prohibited by law from doing so. We may also share personal data with professional advisors (legal, accounting) who are bound by professional confidentiality obligations.
Svyazio operates infrastructure in multiple geographic regions, and some of the third-party services we use are based outside the European Economic Area (EEA). As a result, your personal data may be transferred to and processed in countries that may not provide the same level of data protection as your country of residence.
Transfers to the Russian Federation: Our primary servers, including the production database and application servers, are hosted in the Russian Federation. Yandex.Metrika and Roistat also process data in Russia. The Russian Federation has its own data protection framework under Federal Law No. 152-FZ, but has not received an adequacy decision from the European Commission. For personal data originating from the EEA, we rely on the Standard Contractual Clauses (SCCs) adopted by the European Commission as the appropriate safeguard under Article 46(2)(c) of the GDPR to legitimize these transfers.
Transfers to the United States: Google Analytics 4, Google Ads, and Google Fonts are operated by Google LLC in the United States. Our secondary server infrastructure (the US/COM region) is also hosted in the United States. The EU-US Data Privacy Framework provides a mechanism for lawful transfers of personal data from the EEA to certified US organizations. Google LLC is a participant in the EU-US Data Privacy Framework. For our own US infrastructure, we rely on the Standard Contractual Clauses as the appropriate safeguard.
We regularly assess the legal landscape of the countries to which data is transferred and will implement additional safeguards (such as supplementary measures including encryption in transit and at rest) if necessary to ensure an essentially equivalent level of protection for your personal data. You may request a copy of the relevant Standard Contractual Clauses by contacting us at privacy@svyazio.com.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The specific retention periods for each category of data are as follows:
7.1. Account Data
Your account data (name, email, profile information, organization settings) is retained for the entire duration of your active account. If you delete your account or request account deletion, we will erase your account data within 90 days of the deletion request. During this 90-day period, your data is marked for deletion and is no longer accessible through the platform, but is retained to allow for account recovery in case of accidental deletion and to resolve any outstanding billing or support matters.
7.2. Chat Transcripts and Communication Data
Chat transcripts, message content, and file attachments are retained for the duration of the operator's active account. When an operator account is deleted, all associated chat transcripts and attachments are permanently erased within 30 days. Individual visitors may request deletion of their conversation data by contacting the operator or by reaching out to us directly (see Section 8 on your rights).
7.3. Analytics Data
Analytics data collected by third-party providers is subject to those providers' own retention policies. Google Analytics 4 is configured to retain user-level and event-level data for 14 months, after which it is automatically deleted from Google's systems. Yandex.Metrika retains detailed analytics and session replay data for up to 12 months. Roistat retains marketing attribution data according to the settings configured in our account. Our own internal analytics and aggregated usage statistics may be retained indefinitely in anonymized form that does not permit identification of individual users.
7.4. Billing and Financial Records
Invoices, payment records, transaction histories, and associated billing information are retained for a minimum of 5 years from the date of the transaction, as required by Russian tax law (Article 23 of the Russian Tax Code) and consistent with generally accepted accounting record-keeping obligations. After the mandatory retention period expires, billing records are securely deleted.
7.5. Server and Security Logs
Server access logs, application error logs, and security-related logs (including IP addresses, request timestamps, and user-agent strings) are retained for 90 days. These logs are necessary for diagnosing technical issues, investigating security incidents, and maintaining the overall health of our platform. After 90 days, logs are automatically rotated and permanently deleted.
7.6. Cookie Data
The retention period for cookie data varies by cookie type and purpose. Session cookies are deleted when you close your browser. Persistent cookies have specific expiration dates ranging from 30 days to 24 months depending on their function. For a detailed breakdown of individual cookie lifetimes, please refer to our Cookie Policy.
If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that recognizes equivalent rights under GDPR, you are entitled to the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@svyazio.com. We will respond to your request within 30 days. In exceptional cases where the request is particularly complex or we receive a large number of requests, we may extend this period by an additional 60 days, and we will notify you of any such extension within the initial 30-day period.
8.1. Right of Access (Article 15)
You have the right to request confirmation as to whether we process your personal data and, if so, to obtain a copy of that data along with information about the purposes of processing, the categories of data concerned, the recipients to whom the data has been disclosed, the retention period, and the existence of your other rights. We will provide this information free of charge in a commonly used electronic format. If requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.
8.2. Right to Rectification (Article 16)
You have the right to request correction of inaccurate personal data without undue delay. You also have the right to have incomplete personal data completed, including by providing a supplementary statement. For operators and agents, most account data can be corrected directly through the Svyazio dashboard settings. If you are unable to correct data through the dashboard or if you are a widget visitor, you may submit a rectification request to our privacy email and we will make the corrections promptly.
8.3. Right to Erasure (Article 17)
You have the right to request the deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected, when you withdraw consent (where consent was the legal basis), or when the data has been unlawfully processed. We will erase your data without undue delay unless we have a legal obligation to retain it (for example, billing records required for tax compliance) or the data is necessary for the establishment, exercise, or defense of legal claims. When we delete your data, we will also notify any third parties to whom we have disclosed the data, where feasible.
8.4. Right to Restriction of Processing (Article 18)
You have the right to request that we restrict the processing of your personal data in certain situations: when you contest the accuracy of the data (for a period enabling us to verify accuracy), when processing is unlawful and you oppose erasure, when we no longer need the data but you require it for legal claims, or when you have objected to processing pending verification of our legitimate grounds. When processing is restricted, we will store your data but will not further process it except with your consent, for legal claims, or for the protection of the rights of another person.
8.5. Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON), and to transmit that data to another controller without hindrance from us. This right applies to data that you have provided to us and that is processed on the basis of consent or contract performance, and where the processing is carried out by automated means. Upon request, we will provide an export of your account data and chat transcripts in JSON format. Where technically feasible, we can also transmit the data directly to another service provider at your request.
8.6. Right to Object (Article 21)
You have the right to object to the processing of your personal data where processing is based on our legitimate interests (Article 6(1)(f)). Upon receiving your objection, we will cease processing your data for that purpose unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. Where personal data is processed for direct marketing purposes, you have the absolute right to object at any time, and we will cease processing for marketing without exception.
8.7. Right to Withdraw Consent (Article 7(3))
Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. The withdrawal of consent will not affect the lawfulness of processing that took place before the withdrawal. You can withdraw consent for cookies through the cookie consent banner on our website or by contacting us directly. We will act on your withdrawal without undue delay.
8.8. Right to Lodge a Complaint (Article 77)
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, your place of work, or the place of the alleged infringement. While we would appreciate the opportunity to address your concerns directly before you contact a supervisory authority, this is entirely your prerogative and you may exercise this right at any time.
If you are a resident of the State of California, you have specific rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA). This section describes those rights and how you may exercise them.
9.1. Right to Know
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information. You may make this request up to twice in a 12-month period. We will verify your identity before responding to your request and will provide the requested information for the preceding 12-month period in a portable and readily usable format.
9.2. Right to Delete
You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions. We may retain personal information where necessary to complete a transaction, provide a good or service you requested, comply with a legal obligation, detect security incidents, exercise free speech, or for other internal uses reasonably aligned with your expectations. When we delete your personal information, we will also direct our service providers to delete your information from their records, to the extent applicable.
9.3. Right to Opt-Out of Sale or Sharing
Svyazio does not sell your personal information. We do not and will not sell the personal information of our users to third parties for monetary or other valuable consideration, as those terms are defined under the CCPA/CPRA. We also do not "share" personal information for cross-context behavioral advertising purposes. The analytics and marketing tools described in Section 5 are used solely for our own first-party business purposes (measuring ad campaign performance and improving our website), not for selling or sharing data with third parties for their independent commercial benefit. Because we do not sell or share personal information, there is no need for a "Do Not Sell or Share My Personal Information" opt-out mechanism. However, if you have any concerns or wish to verify this, please contact us at privacy@svyazio.com.
9.4. Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices or rates, provide a different level or quality of service, or suggest that you will receive a different price or quality of service because you exercised a privacy right. Your subscription terms, pricing, and service quality remain entirely unaffected by your exercise of privacy rights.
9.5. How to Submit a CCPA Request
To exercise your rights under the CCPA, you may contact us by email at privacy@svyazio.com with the subject line "CCPA Request." We will verify your identity by matching the information you provide with the information we have on file. We will respond to verifiable consumer requests within 45 days of receipt. If we need additional time (up to an additional 45 days), we will inform you of the reason and the expected response date in writing.
9.6. Categories of Personal Information Collected (CCPA Disclosure)
Under the CCPA, we are required to disclose the categories of personal information we have collected in the preceding 12 months. The categories include: identifiers (name, email address, IP address, unique visitor IDs); commercial information (subscription records, billing history); internet or electronic network activity (browsing history on our website, feature usage, interactions with our widget); geolocation data (approximate location derived from IP address); and professional or employment-related information (only if voluntarily provided in your account profile). We collect this information from the sources described in Section 2 and use it for the business purposes described in Section 3.
Our website and platform use cookies and similar tracking technologies. Cookies are small text files stored on your device that allow us to recognize your browser and maintain session state across page loads. We use four categories of cookies:
Necessary cookies are essential for the basic functioning of our website and platform. These include session cookies that keep you logged in to the dashboard, CSRF protection tokens, and widget visitor identification cookies. These cookies cannot be disabled without breaking core functionality, and they do not require consent under applicable law.
Functional cookies remember your preferences and settings, such as language preference, dashboard layout choices, and widget display preferences. These cookies enhance your experience but are not strictly necessary for the service to function.
Analytics cookies are placed by Google Analytics 4 and Yandex.Metrika to collect information about how visitors use our website, including which pages are visited most often, how visitors navigate between pages, and whether visitors encounter error messages. All information collected by analytics cookies is aggregated and pseudonymized.
Marketing cookies are placed by Google Ads and Roistat to track the effectiveness of our advertising campaigns and attribute conversions to specific ad clicks. These cookies are activated only with your explicit consent.
For a complete listing of all cookies used on our website, including their names, purposes, providers, and expiration periods, please refer to our Cookie Policy.
Svyazio does not currently engage in automated decision-making that produces legal effects or similarly significant effects on users, as described in Article 22 of the GDPR. We do not use algorithms or AI systems to make decisions about access to our services, pricing, or other outcomes that would significantly affect your rights or interests without meaningful human involvement.
Our platform may include features that use automation to assist operators, such as automated conversation routing (assigning incoming chats to available agents based on rules configured by the operator), automated greetings (displaying pre-configured welcome messages to visitors based on page URL or visit count), and chatbot auto-reply suggestions. These features are operational tools that do not constitute automated decision-making with legal or similarly significant effects on the individuals involved. The operator retains full control over the configuration and behavior of these automated features. If we introduce any new features that involve automated decision-making with significant effects, we will update this Privacy Policy accordingly and, where required, obtain explicit consent before applying such processing to your data.
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. Our security measures include, but are not limited to, the following:
Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) with modern cipher suites. All API endpoints, the dashboard, the widget, and our website are served exclusively over HTTPS. Unencrypted HTTP connections are automatically redirected to HTTPS.
Encryption at rest: Sensitive data stored in our databases, including passwords and email integration credentials (IMAP/SMTP), is encrypted using industry-standard algorithms (AES-256-GCM for credentials, bcrypt for passwords). Database backups are encrypted before storage.
Access controls: We implement role-based access control (RBAC) within our platform. Access to production servers, databases, and infrastructure management tools is restricted to authorized personnel on a need-to-know basis. All administrative access is authenticated and logged.
Infrastructure security: Our servers are protected by firewalls, intrusion detection monitoring, and DDoS mitigation services. We maintain separate environments for development and production, and production data is never used in development environments.
Regular assessments: We conduct periodic security reviews of our codebase, infrastructure configuration, and access control policies. Identified vulnerabilities are prioritized and addressed promptly. We continuously monitor our systems for signs of unauthorized access or anomalous activity.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by Article 34 of the GDPR. Notification to affected users will be made via email to the address associated with your account. If the breach affects widget visitors whose email addresses we do not hold, we will notify the relevant operator so that they may inform their affected visitors.
Our breach notification will include: a description of the nature of the breach including, where possible, the categories and approximate number of individuals and data records concerned; the name and contact details of our privacy contact point; a description of the likely consequences of the breach; and a description of the measures taken or proposed to address the breach, including measures to mitigate its possible adverse effects. We maintain an internal breach register documenting all data breaches, their effects, and the remedial actions taken, regardless of whether the breach triggers a notification obligation.
Svyazio is a business-to-business SaaS platform and is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If you are a parent or guardian and believe that your child has provided personal data to us (for example, through a chat widget on a third-party website), please contact us at privacy@svyazio.com and we will take steps to delete such information from our systems promptly. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will delete that data without undue delay.
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, new features, or changes in applicable law. When we make changes, we will update the "Effective date" and "Revision" number at the top of this page.
For material changes that significantly affect the way we process your personal data or your rights, we will provide prominent notice. For registered users, this means an email notification to the address associated with your account at least 14 days before the changes take effect. For all visitors, material changes will be announced through a visible banner on our website. Your continued use of the Svyazio service after the updated Privacy Policy takes effect constitutes your acknowledgment of the changes. If you disagree with any changes, you have the right to stop using our service and request deletion of your data.
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us using the details below.
Svyazio
Legal entity: Individual Entrepreneur Eduard Andreevich Pashchenko (ИП Пащенко Эдуард Андреевич)
Tax ID (INN): 231221935418 | Reg. No. (OGRNIP): 321237500279053
Legal address: Krasnodar, Krasnodar Krai, Russian Federation
Privacy inquiries: privacy@svyazio.com
General support: support@svyazio.com
Website: svyazio.com
We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with a data protection supervisory authority in your jurisdiction.