1. Who is the operator

slobachevskiy.ru is the personal site of Semen Lobachevskiy (individual, Russian Federation). I am the sole operator and recipient of any data. Reach out at hi@slobachevskiy.ru or on Telegram @Hichnick.

2. What data I process

Only what you put into the AI assistant on /contact, plus minimal telemetry needed for anti-spam.

• Your conversation with the AI assistant and the brief assembled from it (goal, deadline, budget, constraints, desired outcome).
• Contacts you provided for a reply: email and/or Telegram username.
• Your IP address (stored as a SHA-256 hash truncated to 16 chars — used only for rate limiting).
• Browser User-Agent (only inside the brief email; not stored separately).
• If you continued in @slobachevskiy_bot — your Telegram user id and the bot conversation history.

3. Why I process it

Strictly limited purposes:

• Reply to your enquiry on its merits.
• Prepare a quote or invoice if we agree to work together.
• Defend against spam and automated attacks (rate limit, Cloudflare Turnstile).
• Self-review of bot answer quality — occasionally I read my own briefs to refine the system prompts.

4. Who else sees the data

I do not sell or transfer your data to third parties for marketing. The only services involved are those the site cannot work without:

• vsegpt.ru — LLM provider that generates AI replies (servers in RF). Receives chat messages and the system prompt, not your explicit contacts.
• Resend (resend.com) — delivers the brief email to me. Receives the brief text and the contacts you provided.
• Telegram (api.telegram.org) — delivers the brief and powers the two-way bot. Telegram sees message metadata per their own rules.
• Cloudflare Turnstile (challenges.cloudflare.com) — anti-bot check. Cloudflare receives browser behaviour signals, not your contacts.

5. How long I keep it

Default retention is 12 months from the last interaction, after which files and rows are automatically removed by a scheduled script.

• JSONL log of submitted briefs: up to 12 months, split by month (old files deleted by a systemd timer).
• SQLite database of bot conversations: until you send /delete (any time) or until I purge it on request.
• Rate-limit and access logs: only in process memory, never persisted longer than a few minutes.

6. Your rights

Under Article 14 of the Russian Personal Data Law (152-FZ) you may:

• Ask which of your data I store.
• Ask me to correct, complete or delete any data about you.
• Withdraw consent to processing.
• In the Telegram bot: send /delete — your conversation is wiped immediately, no confirmation needed.

7. How I protect the data

The site runs on my own VPS in RF. Server access is SSH-key only, no passwords. Brief files live under root with mode 700, the SQLite database too. All transport is HTTPS (TLS, HSTS). The vsegpt.ru API is reached over a secured channel.

8. Policy changes

If processing rules change, I update this document and bump the date at the top. Material changes will additionally be flagged in my Telegram channel.