Privacy Policy

1. General Provisions

1.1. This Policy covers how User data is collected and used. The Administration does not collect personal data of Users through the Service, unless otherwise expressly stated in this Privacy Policy.

1.2. The purpose of this Policy is to ensure adequate protection of information about Users, including their personal data, from unauthorized access and disclosure.

1.3. The collection, storage, distribution, and protection of information about Users are governed by this Policy, other official documents of the Administration, and the effective legislation of USA.

1.4. The Administration has the right to make changes to this Policy. When changes are made, the Administration notifies Users by posting a new version of the Policy at https://bothub.center/privacy.

1.5. By using the Service, the User agrees to the terms of this Policy and to the processing of personal data in the manner prescribed by this Policy, as well as to the processing of personal data by third parties acting on behalf of the Administration within its legitimate interests.

1.6. If the User disagrees with the terms of this Policy, the User must immediately stop using the Service.

1.7. In addition to the definitions established by the Terms of Use, and used in the same sense in this Privacy Policy, the following terms are additionally defined:

• Registered User — the User who has created an Account;
• User data — technical data, as well as Account data necessary for the User to use the Services on an onerous basis and to provide access to them, which does not contain information that allows the identification of an individual;
• Payment data — personal data of the Registered User necessary to provide access to and use of the Service on a reimbursable basis.

2. Collection, Storage and Use of Data

2.1. User data collected from each User includes:

2.1.1. When authorizing on the Site:

• username, email address and encrypted password (when creating an Account), or a public OpenID identifier containing only an email address and ID (when using alternative means of authorization);
• date and time of registration and last access to the Service;
• information about the transition from another resource;
• site language;
• Google Analytics data.

2.1.1.1. When authorizing in the Bot:

• user ID;
• date and time of registration and last access to the Service;
• Bot language.

2.1.2. When paying for Plans and purchasing OLR, the following Payment Data is collected by the external payment service:

• the email address specified by the User during registration;
• first name and last name;
• billing address.

2.1.3. When sending requests or contacting the Administration by e-mail:

• e-mail address;
• name;
• other information included in the text of the request or appeal.

2.2. The above information received from the User is necessary to perform:

2.2.1. The Terms of Use between the Administration and the User, including but not limited to:

• sending informational messages related to the performance of the Terms of Use and this Policy (regarding changes to the specified documents, the amount of payments for Plans and OLR purchases, authorization events in the Account, responses to User requests, etc.);
• providing access to the Services on an onerous basis and processing payments for Plans and OLR purchases, including through the payment systems of a third-party provider;
• ensuring that the User complies with Section 5 of the Terms of Use.

2.2.2. Purposes arising from the legitimate interests of the Administration:

• transfer of data to third parties on behalf of the Administration for processing on its behalf, or to partner organizations that provide support and help improve the operation of the Services;
• responding to inquiries and requests from Users, their legal representatives, and government agencies;
• providing technical support to Users when they use the Services.

2.3. The Administration does not collect or process bank card or account data of Users. Information about bank cards is collected by the payment system of the third-party service provider specified in clause 4.3 of this Policy.

2.4. To confirm payment for Plans and OLR purchases, the Administration has access, through the payment system of a third-party service provider, to information about the payment status that does not contain bank card data.

2.5. The collected data may be amended at the request of the User if it is inaccurate or outdated, following their identification.

2.6. The Administration protects data provided by the User with reasonable and sufficient security measures against loss or theft, as well as against unauthorized access, disclosure, copying, use, or modification.

2.7. The Administration does not store on its servers the data requested by the User for verification, and the history of some of the User's actions is retained in the Account for a limited time. However, such actions may be performed by the Data Source.

2.8. When the User uses the Service, the Administration does not have access to the data requested for verification, but does store statistics on the use of the Tools.

2.9. User and Payment data are stored and processed until the processing goals are achieved — that is, until the User stops using the Service and requests the deletion of their User data. User and Payment data may also be erased in connection with the termination of the Account on the grounds provided for in clause 5 of the Terms of Use. Some personal data may be processed after the termination of use of the Service, to the extent required by applicable law.

2.10. User and Payment data may be disclosed by virtue of the law or upon requests from law enforcement agencies or court orders, including to protect the rights of third parties during legal proceedings, administrative procedures, operational search, or investigative measures; to protect the rights and interests of other Users; to protect the life and vital interests of other individuals; to ensure the proper level of security of the Service and User data; as well as to protect intellectual property rights and other rights and legitimate interests of the Administration.

2.11. The Administration takes technical, organizational, and legal measures to ensure the protection of the User's personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, and other unlawful actions.

2.12. User information is stored in secure databases, access to which is restricted from third parties.

2.13. The Administration does not sell, transfer, or provide access to User data for consideration to persons not affiliated with or not in contractual relations with the Administration.

3. Right to Access, Erasure and Restriction of Data Processing

3.1. As the sources used by the Service to collect information about Leaks and O.S.I.N.T. events do not allow the direct or indirect identification of an individual (Article 4 of the General Data Protection Regulation of the European Union 2016/679), the Administration is unable to provide data in accordance with Art. 15 of the General Data Protection Regulation of the European Union.

3.2. Registered Users have the right to withdraw their consent to receive informational messages, notifications about authorization and authentication events on the Sites, and notifications about the expiration of a paid Plan period, sent to the e-mail address specified when creating an Account or via Bot messages. To withdraw consent, the User must perform actions confirming their refusal to receive such messages.

3.3. For e-mail messages, such actions include:

• a change in the Account settings;
• sending a relevant request to the Administration via e-mail;
• following a special link with anchor text "unsubscribe" or similar in any informational message;
• any other actions expressly stated in the text of informational e-mail messages.

3.3.1. For messages from the Bot, such actions consist of sending a corresponding request to the Bot.

3.4. Registered Users have the right to demand that the Administration rectify their personal data, restrict its processing, or erase it — including if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the originally stated purpose of processing — as well as to take measures provided for by law to protect their rights.

3.5. Erasure (deletion) and restriction of processing of all collected User data is carried out within 48 hours of receipt of the relevant request. A request for erasure (deletion) of User data necessary to perform the Terms of Use constitutes a refusal to further use the Service on an onerous basis and to perform the Terms of Use.

3.6. Registered Users have the right to receive information regarding the processing of their personal data, including:

• confirmation of the fact of personal data processing by the Administration;
• the legal basis and purposes of personal data processing;
• the purposes and methods of processing personal data used by the Administration;
• the identity and contact details of the Administration, and information about individuals or entities (other than Administration employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Administration or by law;
• the personal data relating to the User and the source of its receipt, unless another procedure for submitting such data is provided for by applicable law;
• the term or conditions of personal data processing, including the term or conditions of storage;
• the procedure for the User to exercise the rights provided for by applicable law;
• information about any completed or intended cross-border data transfers;
• the name and address of the person who processes personal data on behalf of the Administration, if such processing is or will be entrusted to that person;
• other information provided for by applicable law.

3.7. The User is entitled to address any personal data protection issues to the Data Protection Authority of their country of residence.

4. Third-Party Service Providers

4.1. The Administration transfers User data to certain third-party service providers in accordance with the terms of agreements that restrict the use and processing of User data. In some cases, these service providers may need access to User data in order to provide services related to the Administration's performance of its obligations under the Terms of Use and this Policy. Such service providers are permitted to use User data only to process data or provide services on behalf of the Administration within the framework of contractual obligations to protect the security and confidentiality of the processed User data. In some cases, these service providers may be required to disclose User data to governmental authorities under applicable law.

4.2. The results of information queries are obtained by the User through the Service from the Data Source, which may store and process information at its own discretion, in accordance with its own rules and regulations.

4.3. Third-party payment solutions are used to pay for Plans and purchase OLR. The third-party provider, acting on behalf of the Administration, collects and processes Payment Data, as well as bank card details, banking information, and other data necessary to process the license fee for the right to use the Service. When paying for Plans using Mastercard, Visa, or Mir payment cards, the Administration transfers the email address or user ID to the third-party provider, and the User transfers Payment Data to the third-party provider. The Administration does not receive or have access to bank card details or to the data used by the third-party provider to process payments, with the exception of the data specified in Section 2.3 of this Policy.

4.4. The Sites use Cloudflare from Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) to prevent automated requests to the Sites. Cloudflare is a service that protects web pages from spam and abusive requests. The Administration uses Cloudflare to protect input forms. When Cloudflare is used, Cloudflare, Inc. processes data to determine whether the User is human. Information about what data Cloudflare, Inc. collects and how it is used can be found here.

5. Links to Web Resources and Services of Third Parties

The Services may contain, or provide the ability to follow, links to unrelated third-party web resources and services. These web resources and services may operate independently of the Administration and may have their own terms of use, policies, and privacy notices, which the Administration strongly recommends reviewing. After accessing such web resources or services, the Administration no longer has any control over the processing of any data transferred to the unrelated third party, as the behavior of such parties is beyond its control. Therefore, the Administration does not assume any responsibility for the processing of such data by unrelated third parties. In addition, the Administration is not responsible for information posted on, or damage caused as a result of actions taken on, any web resources or services that can be accessed via links available through the Services or by using information obtained during the use of the Services, and that are not owned or controlled by the Administration or are not bound by this Policy.