Legal document

Privacy Policy

Last updated: April 27, 2026

This Privacy Policy describes how Individual Entrepreneur Shamyshev Aleksey Borisovich (Tax ID 165123453265, Registration No. 323169000271371), hereinafter the "Operator", processes personal data in connection with the Naparnik service (the "Service"), available at https://naparnik.ai. By using the Service, you agree to the collection and use of information in accordance with this Policy. Contact: info@naparnik.ai.

Note: A Russian-language version of this Privacy Policy is available at https://naparnik.ai/legal/privacy and complies with Russian Federal Law No. 152-FZ "On Personal Data".

01 Introduction

1.1. This Policy explains what personal data the Operator collects, how it is used, with whom it is shared, how long it is stored, and what rights you have as a data subject.

1.2. The Policy applies to all visitors of the website, customers (legal entities and individual entrepreneurs), and their employees and representatives (collectively, "Users").

1.3. Use of the Service constitutes your consent to this Policy. If you do not agree with the terms of this Policy, please discontinue use of the Service.

02 Data We Collect

2.1. The Operator processes the following categories of personal data:

Category	Examples
Account data	Name, email, phone number, position
Organization data	Company name, Tax ID, registration number
Payment data	Payment date, amount, status (card details are processed by YooKassa and are not stored by the Operator)
Interaction content	Text queries to AI assistants, uploaded documents, dialogue history
Google integration data	OAuth tokens, file IDs, temporary file content
Technical data	IP address, browser type, device type, operating system, cookies, access timestamps
Support requests	Content of inquiries and contact details

2.2. The Operator does not process special categories of personal data (race, political views, health data, etc.) or biometric personal data.

03 How We Use Data

3.1. The Operator uses collected data to:

provide and maintain the Service;
authenticate Users and manage accounts;
process payments and maintain accounting records;
operate AI assistants by transmitting User requests to LLM providers;
provide technical support and handle inquiries;
improve Service quality, analyze usage, and ensure security;
comply with obligations imposed by applicable law.

04 Google API Services User Data Policy

Naparnik's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4.1. Requested Scopes

Scope	Purpose
`https://www.googleapis.com/auth/documents`	Read and write Google Docs to create and edit documents at the User's explicit request
`https://www.googleapis.com/auth/spreadsheets`	Read and write Google Sheets to extract and write data at the User's explicit request

4.2. Limited Use Compliance

The Operator's use of information received from Google APIs adheres to the Limited Use requirements. Specifically, the Operator:

uses Google user data solely to provide the AI assistant functionality explicitly requested by the User;
does NOT use Google user data for training or improving artificial intelligence or machine learning models;
does NOT transfer Google user data to third parties for advertising, marketing, or sale purposes;
does NOT allow humans to read Google user data, except: (a) with the User's explicit consent, (b) for security investigations, (c) when data is anonymized and aggregated, or (d) when required by law.

4.3. Data Storage

Content of Google Docs and Google Sheets is processed in memory only and is not retained on the Operator's servers after the User's request is completed. Only technical metadata (file IDs, access timestamps) is stored for up to 90 days for audit and security purposes.

4.4. Third-Party Sharing of Google Data

Google document content provided by the User in AI assistant requests may be transmitted to LLM providers (e.g., Anthropic, OpenAI) solely to generate responses to the User's request. LLM providers are contractually prohibited from using API data for model training.

4.5. Revoking Access

Users can revoke the Service's access to Google data at any time:

through their Google Account settings: https://myaccount.google.com/permissions;
through the Service's account settings.

05 Data Sharing

5.1. The Operator shares data with third parties only in the following cases:

Recipient	Purpose	Data
LLM providers (Anthropic, OpenAI)	Generating AI assistant responses	User query content. Profile data (name, email, phone) is NOT shared. Google data is shared only as needed to fulfill a specific request and is not used for model training.
YooKassa (payment processor)	Payment processing	Data necessary for the transaction
Government authorities	Legal compliance	As required by applicable law

5.2. The Operator does not sell, rent, or trade personal data.

06 Data Storage and Security

6.1. Retention periods:

account data and AI dialogues — stored on servers located in the Russian Federation during the term of the agreement and 90 days after termination;
payment records — retained per applicable accounting laws (minimum 5 years);
technical logs — up to 12 months;
Google API content — not retained after request completion (metadata only, max 90 days);
Google OAuth tokens — until revoked by the User or 90 days after agreement termination.

6.2. Security measures:

TLS/SSL encryption in transit;
hashed password storage;
access control and audit logging;
regular backups;
firewall and intrusion detection.

07 International Data Transfers

7.1. User queries to AI assistants may be transmitted to LLM providers with servers located outside the Russian Federation.

7.2. Profile data (name, email, phone, organization details) is stored exclusively on servers located in the Russian Federation and is not transferred outside its borders.

7.3. Google API data may be transmitted to LLM provider servers located outside the Russian Federation only at the moment of fulfilling the User's request and is not retained.

08 Your Rights

8.1. You have the right to:

access information about how your data is processed;
request correction, blocking, or deletion of your data;
withdraw consent to data processing;
file complaints with supervisory authorities.

8.2. To exercise these rights, contact info@naparnik.ai. Requests are processed within 10 business days.

8.3. Account deletion and consent withdrawal. To revoke consent and delete your account, send a written request to info@naparnik.ai. Data will be deleted within 30 calendar days, except where retention is required by applicable law.

09 Cookies

9.1. The Service uses essential cookies for authentication and session management, and analytics cookies for service improvement.

9.2. By using the Service, you consent to cookie usage. You can disable cookies in your browser settings, though this may limit Service functionality.

10 Children's Privacy

10.1. The Service is intended for business users and is not directed to individuals under 18 years of age. The Operator does not knowingly collect personal data from minors.

11 Changes to This Policy

11.1. The Operator may update this Policy from time to time. The current version is always available at https://naparnik.ai/legal/privacy-en.

11.2. Continued use of the Service after changes are published constitutes acceptance of the updated Policy.

12 Contact Information

Data Controller: Individual Entrepreneur Shamyshev Aleksey Borisovich

Country: Russian Federation

Tax ID (INN): 165123453265

Registration No. (OGRNIP): 323169000271371

Email: info@naparnik.ai

Website: https://naparnik.ai