Privacy Policy

Русский

Updated: 2026-07-14

1. What we process

Guest session: a technical reading-session / progress identifier without mandatory registration.

Telegram: when you open the Mini App we validate initData server-side (Telegram signature). We store linked account technical identifiers, not an advertising profile.

Payments: checkout / payment event metadata (offer, Stars amount, statuses, idempotency keys). Provider raw payloads are stored as protected refs, not clear text in ordinary logs.

Support: email and message body if you contact support (categories paid_no_access, refund, bug).

Technical logs: request ids and API errors — without tokens, secrets, or raw feedback text in public logs.

2. Why

To provide reading and paywall, confirm payments and entitlements, prevent fraud and duplicate grants, support users, meet legal duties, and keep the service secure.

3. Who we share with

Telegram (Mini App auth and Stars). We do not sell personal data to brokers. Infrastructure processors (hosting, database) act on behalf of the site operator.

4. Retention and minimization

We aim for minimization: the core reader flow does not require free text. Exceptions (feedback / support / corrections) have retention expectations and protected refs.

Release 1 aligns with RF 152-FZ intent where applicable for Russian users and GDPR baseline principles for the EN audience (minimization, transparency, data requests). Full self-serve export/delete may be expanded; requests are accepted at support@storycard.ru.

5. Cookies and similar

We use necessary cookies / storage for session, security, and (when enabled) offline PWA. Third-party ad tracking is not a Release 1 core feature.

6. Contact

Privacy requests: support@storycard.ru. Please include Telegram/user context when possible, without sharing other people’s secrets.