Privacy Policy

1. General provisions

This Privacy Policy (the "Policy") defines the procedure for processing and protecting personal data when using the website https://hintsage.com, the personal account, the Hintsage desktop application and related functions (the "Service").

The personal data operator is Individual Entrepreneur Vitaly Aleksandrovich Ulaev, OGRNIP 326554300039945, INN 550408464967, owner and administrator of the Service. The Policy is developed in accordance with Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" and is part of the Terms of Use.

2. Key concepts

• Personal data means any information relating directly or indirectly to an identified or identifiable individual.
• User content means audio, recognized text, messages, LLM requests, screenshots, code, knowledge base files and other materials that the user transfers or creates while working with the Service.
• Technical data means data about the device, browser, errors and network requests.
• Processing means collection, recording, systematization, storage, clarification, use, transfer, anonymization, blocking, deletion and destruction of data.

3. What data is processed

Depending on the functions used, the Service may process the following categories of data:

• Account data: email address, password in hashed or otherwise protected form, user identifier, authorization tokens, login and access recovery data.
• Payment and subscription data: selected plan, balance of hours and screenshots, payment statuses, applied coupons, purchase and access activation details. Hintsage does not receive or store bank card details.
• Device and anti-abuse data: IP address, operating system, virtual machine indicator, and on Windows technical device identifiers such as motherboard serial number, processor identifier, disk serial number and system UUID. These data are used for security, prevention of multi-accounting, abuse of the free period and violations of access terms.
• Audio and speech recognition: voice fragments from the microphone and/or system audio, text obtained as a result of speech recognition, and recognition parameters. Voice data is used for speech recognition and is not used by Hintsage to identify the user; therefore, by itself it is not considered biometric personal data.
• LLM requests: text questions, recognized speech, AI answers, translation of recognized phrases, as well as images or text if the user uses screenshots, clipboard or text from the browser extension.
• Screenshots and images: screenshots of the screen or selected area, including series of screenshots if the user launches the corresponding function.
• Knowledge base: files voluntarily uploaded by the user to the knowledge base function, information about data size, file name, processing status and file deletion.
• Diagnostic data: local logs, saved audio files or screenshots if the user enabled the corresponding settings. In case of errors, a diagnostic report with an error message and a fragment of technical logs may be sent to the Service.
• Integrations: Telegram account or settings for sending answers to Telegram if the user connects this function; user API key, provider and proxy parameters if the user enables their own API key.

3.1. Cookies and Yandex Metrica

The website uses cookies and Yandex Metrica for website operation, traffic analytics, interface improvement and detection of technical errors. The IP address in the format provided by the analytics settings, cookies, referral source, page views, clicks, visit time and Webvisor data may be processed.

Yandex Metrica data is processed according to the rules of YANDEX LLC. The Operator does not use web analytics data to identify the user and does not combine it with the account without a separate lawful basis.

3.2. Third-party data in audio, text and images

If the user records the voice, messages, images, code or other data of third parties, they must notify such persons in advance, obtain the necessary consents for recording and data processing, and comply with the rules of the relevant platform. The user is responsible for the legality of the transferred content and for ensuring that it does not contain information protected by an NDA, trade secret or other restrictions.

4. Purposes of processing and legal bases

The legal bases for processing under Article 6 of Federal Law No. 152-FZ "On Personal Data" are: performance of a contract with the user, the user's consent, compliance with a legal obligation, and the Operator's legitimate interest that does not violate the user's rights and freedoms.

• Registration, login, account management and access recovery.
  Data categories: email, password in protected form, user identifier, authorization tokens, login and access recovery data.
  Legal basis: performance of a contract with the user and actions at the user's request before entering into the contract.
• Provision of Service functions: speech recognition, LLM answers, translation, screenshot analysis, code review and knowledge base.
  Data categories: audio, recognized text, questions, AI answers, images, screenshots and knowledge base files.
  Legal basis: performance of a contract with the user; for optional functions that the user enables separately, the user's consent expressed by enabling or using such function.
• Integrations and user API keys.
  Data categories: Telegram integration data, user API key, provider and proxy parameters.
  Legal basis: performance of a contract with the user; for optional integrations and own API key, the user's consent expressed by connecting them.
• Payment, subscription, balance of hours and screenshots, coupons and access confirmation.
  Data categories: selected plan, payment identifiers and statuses, purchase details, balances, coupons and access activation history without bank card details.
  Legal basis: performance of a contract with the user, as well as compliance with the Operator's obligations under accounting, tax and other applicable legislation.
• Security, anti-fraud, prevention of multi-accounting, abuse and unauthorized access.
  Data categories: IP address, operating system, virtual machine indicator, technical device identifiers and information about login attempts.
  Legal basis: performance of a contract with the user and the Operator's legitimate interest in protecting the Service.
• User support, error diagnostics and stability.
  Data categories: email, request content, account information, error messages and technical logs that the user transfers when contacting support or through an error report.
  Legal basis: performance of a contract with the user, processing of the user's request and the Operator's legitimate interest in maintaining Service operability.
• Website analytics and improvement of user experience.
  Data categories: cookies, Yandex Metrica and Webvisor data, referral source, page views, clicks, visit time and anonymized website statistics.
  Legal basis: user's consent to analytical cookies and web analytics services; for strictly necessary cookies, the Operator's legitimate interest in ensuring website operation and security.

5. How user content works

Audio, recognized text, screenshots, images, text requests and other materials are transferred to Hintsage servers and/or third-party providers only to the extent necessary to perform the function selected by the user. As a general rule, such content is not published.

Exceptions are possible if the user independently enables or uses the relevant function: local saving of session results, WAV files or screenshots; uploading files to the knowledge base; sending an answer to Telegram; temporary uploading of session results to create a link; sending a diagnostic report in case of an error.

6. Third-party services

For certain functions, the Service uses external APIs and platforms, including speech recognition services, LLM providers, payment systems, Telegram and Yandex Metrica. Depending on the operating mode, Yandex Cloud/Yandex GPT, GigaChat, SaluteSpeech and other compatible AI providers may be used.

If the user enables their own API key, the key and parameters of the selected provider are stored in the local application configuration in encrypted form. Depending on the selected request execution mode, the key may be transferred to the selected AI provider directly, through the proxy specified by the user, or through the Hintsage server to execute the request.

Data transferred to third-party services is processed under their own terms and privacy policies.

7. Transfer of data to third parties

The Operator does not sell personal data and does not transfer it to third parties except where:

• the transfer is necessary for the operation of the selected Service function, including speech recognition, LLM requests, payment, Telegram integration, analytics or knowledge base;
• the user initiates the transfer themselves, for example uploads a file, sends data to Telegram, uses a user API key or opens a link to session results;
• the transfer is necessary to comply with the law, respond to a request from an authorized authority or consider a claim.

8. Data protection

The Operator applies legal, organizational and technical protection measures proportionate to the nature of the data and processing risks:

• identifies possible threats to personal data security and periodically assesses the sufficiency of the applied protection measures;
• transfers data between the website, application, server and external APIs through secure communication channels using TLS/HTTPS/WSS where supported by the relevant protocol;
• stores passwords as hashes and does not store bank card payment details;
• separates access rights to personal data and grants access only to persons who need it to perform work tasks;
• logs important operations and access to personal data, limits log retention periods and masks part of the data in logs where possible;
• minimizes the composition of transferred data and uses anonymization or aggregation where the selected Service function allows it;
• applies an incident response procedure: detection of unauthorized access, limitation of consequences, restoration of operability and notification of users or authorized authorities in cases provided by law.

The user must independently ensure the security of their device, email, password, API keys and locally saved files.

9. Data retention

• account data is stored during the period of account use and up to 30 calendar days after its deletion; data subject to mandatory storage by law is stored for the period established by law;
• payment, subscription, balance and accounting data is stored for the periods necessary to perform the contract and comply with legal requirements;
• security logs, anti-fraud data and device data may be stored for up to 12 months; in case of a claim, rule violation or legal storage obligation, the period is extended for the time necessary to consider the claim, resolve the violation or comply with the law;
• user content is stored only as long as necessary to process the request, except where the user enables history saving, uploads files to the knowledge base, creates a link to session results or contacts support;
• local application files, including history, logs, audio recordings and screenshots, are stored on the user's device until deleted by the user or settings are cleared;
• Yandex Metrica data is stored for the periods determined by the settings and rules of the Yandex Metrica service.

10. User rights

The user has the right to:

• receive information about the processing of their personal data;
• request clarification, blocking or deletion of personal data if it is incomplete, outdated, inaccurate, unlawfully obtained or not needed for the stated purposes;
• withdraw consent to personal data processing;
• delete local application files, disable saving of history, audio or screenshots, delete knowledge base files and disable optional integrations.

11. Data deletion and withdrawal of consent

To delete an account, withdraw consent or clarify data, the user may send a request to support@hintsage.com with the subject "Account deletion", "Withdrawal of consent" or "Personal data update". The Operator stops processing and deletes or anonymizes data within the time limits established by law. Data that the Operator is required by law to store or is entitled to store to protect its rights is processed only for the relevant purposes.

12. Payment processing

Payment is carried out through third-party payment systems. Hintsage receives information necessary to confirm payment, activate the plan and support the user, but does not process or store bank card data.

13. Confidentiality

The Operator and persons who have received access to personal data undertake not to disclose it without the user's consent, except in cases provided by law, the Terms of Use and this Policy.

14. Minors

The Service is not intended for persons under 18 years of age. If the Operator becomes aware that an account was created by a minor without sufficient legal grounds, such account may be restricted or deleted.

15. Policy updates

The Operator may update the Policy when legislation, the composition of functions or the procedure for data processing changes. The new version takes effect from the moment it is published on the website. The current version is available at: https://hintsage.com/privacy.

16. Contacts

For questions regarding personal data processing, the user may contact support@hintsage.com by email, as well as Telegram support: t.me/hintsage_support.