Privacy · personal data · cookies

Personal Data Processing Policy

This document explains what personal data is processed on the DevAstro website, why it is used, how contact forms, cookies and analytics work, and how a user can exercise their rights under Russian personal data law.

Last updated: July 15, 2026

1. General provisions

This Policy describes how personal data is processed on devastro.ru. It is prepared with regard to Federal Law No. 152-FZ “On Personal Data”, publication requirements for an operator’s policy and the principle of data minimization.

The personal data operator for this website is the owner of the DevAstro website. Contacts for personal data requests: info@devastro.ru, phone: +7 928 460‑22‑13, contact address: Maykop, Chkalova St., 65, office 17A. If services are provided by a legal entity or individual entrepreneur, their details should be specified additionally in the contract, invoice, act or commercial proposal.

This Policy applies to data submitted through website forms, messengers, email, phone and the project brief, as well as technical data processed when a user visits the website.

2. Key terms

Personal data means any information relating directly or indirectly to an identified or identifiable individual. Personal data processing means any action with personal data, including collection, recording, systematization, storage, clarification, use, transfer, blocking, deletion and destruction.

A personal data subject is a website user, request sender, representative of a client or partner, or any visitor who submitted data through the website or related contact channels.

3. Processing principles

  • processing is performed on a lawful and fair basis;
  • data is collected for specific, predetermined and lawful purposes;
  • the website does not request data that is not needed to process a request or operate the website;
  • storage is limited by processing purposes, agreements with the user and legal requirements;
  • access is limited to persons and services that need it for request processing, website support and user communication.

4. Purposes, data categories and storage periods

PurposeDataSubjectsStorage period
Processing a request and providing feedbackName, phone, email, message, selected service, submission page, date and timeWebsite users, potential clients, company representativesUntil communication is completed and then no longer than 3 years if correspondence is needed to confirm agreements
Preparing an estimate, brief, proposal or first project stageCompany or website, project type, budget, timeline, CMS/platform, current system, goals, integrations, task description, attached filesUsers who submitted a project brief or extended requestUntil the purpose is achieved, consent is withdrawn or business need ends, but no longer than 3 years without renewed interaction
Communication through Telegram, MAX, WhatsApp, email or phoneName or nickname, phone, email, messenger account, message text and attachments voluntarily sent by the userUsers who chose communication through messengers, phone or emailFor the period of correspondence and request processing, then until the correspondence is deleted or consent is withdrawn unless storage is legally required
Website operation, security, analytics and interface improvementIP address, cookies, browser and device data, visited pages, technical events, traffic sourceWebsite visitorsWithin the storage periods of cookies, logs and analytics systems, usually up to 24 months unless a shorter period is set by the service

5. Legal basis

Data is processed based on the user’s consent expressed when submitting a form, project brief, messenger message, email or when continuing to use the website after the cookie notice. In some cases, processing may be necessary to prepare, enter into or perform a contract, comply with legal requirements or protect the operator’s rights and legitimate interests.

The user is not required to provide personal data, but without the required contact fields and consent DevAstro cannot process the request, prepare a response or contact the user.

6. Cookies, analytics and technical data

The website may use Cloudflare Turnstile to protect forms and interactive requests from automated spam. When Turnstile is used, Cloudflare processes technical data required to verify the visitor in accordance with the Cloudflare Turnstile Privacy Addendum.

The user may restrict or delete cookies in browser settings. This may affect some website functions, theme storage, analytics and interface convenience.

7. Processing and transfer procedure

The operator may process personal data using automated and non-automated means. Form data may be transferred to services that provide request intake, Telegram or MAX notifications, request storage, analytics, hosting, website protection and technical support.

Personal data is not sold or transferred to third parties for independent marketing. Transfer is possible only when needed for request processing, website operation, contract performance, legal compliance or protection of the operator’s rights.

If cross-border personal data transfer occurs through specific services, it is carried out only where there is a legal basis and with regard to Russian personal data law requirements.

8. Personal data protection

The operator takes necessary organizational and technical measures to protect personal data from unauthorized access, modification, disclosure, blocking, copying, distribution and other unlawful actions. These measures include access limitation, secure communication channels where applicable, form configuration control, careful webhook notification handling and storing secret tokens outside the public website code.

9. User rights

The user may receive information about personal data processing, request correction, blocking or destruction of data, withdraw consent, challenge the operator’s actions or inaction with Roskomnadzor or a court, and exercise other rights provided by Russian law.

Requests should be sent to info@devastro.ru. It is helpful to include name, reply contact, the request itself and details that help find the submission: form submission date, phone, email or contact channel.

10. Consent withdrawal and data destruction

The user may withdraw consent to personal data processing by sending a request to the operator’s email. After withdrawal, processing is stopped and data is deleted or anonymized unless further storage is required by law, contract, protection of the operator’s rights or confirmation of request processing.

11. Policy updates

The operator may update this Policy when the website, forms, processed data, connected services, notification channels, analytics or legal requirements change. The current version is always available on this page without registration.

Fill out brief