VOSCOM.ONLINE Legal Plain Text Document: Privacy Notice / Уведомление о конфиденциальности Version: 2 Effective date: 2026-04-12 Requested language: en Source language: en Source HTML: https://voscom.online/legal/en/privacy_v2.php Plain text URL: https://voscom.online/legal_text.php?lang=en&doc=privacy JSON metadata URL: https://voscom.online/legal_text.php?lang=en&doc=privacy&format=json SHA-256 text: 1a22b5393a4e44a96767be329ad9632e5924b0adfb75df25b20192a852341b7b SHA-256 source file: 611f151a6bd22a335b7d5e67e236ac0e3afa2c7be490ca9feb5f4da19397ff27 Last modified: 2026-05-23T20:16:58+00:00 Index: https://voscom.online/legal_text.php?lang=en --- Legal Documents # Privacy Notice Notice regarding the processing of personal data and other information related to the use of the international VOSCOM.ONLINE segment. Version: 2 Effective date: April 12, 2026. About this document: this is a legal document of the VOSCOM.ONLINE website. VOSCOM.ONLINE is an international MVP/demo resource for AI-assisted embedded systems and Industrial IoT development: MWOS projects, device configuration, firmware builds, browser terminal/flashing tools, engineering documentation, news, market items, and professional collaboration. ## 1. Who We Are and What This Notice Covers 1.1. This Privacy Notice (the “Notice”) describes how LIMITED LIABILITY COMPANY “VOSCOM-ONLINE” (LLC “VOSCOM-ONLINE”), registered in the Russian Federation, Moscow; Primary State Registration Number (OGRN) 1217700640189, Taxpayer Identification Number (INN) 9719021912, Tax Registration Reason Code (KPP) 771901001, address: Apt. 72, 50 Sirenevy Boulevard, intracity territory municipal district Eastern Izmailovo, Moscow, 105484, Russian Federation (the “Operator”, “we”, “us”), collects, uses, stores, transfers, and otherwise processes personal data and related information when the international MVP segment of VOSCOM.ONLINE is used. At this stage, the Operator acts as the temporary operator of the international segment until such segment is transferred to a separate international operating entity. 1.2. This Notice applies to the website, user accounts, AI tools, cloud builds, monitoring, project sections, documentation, APIs, messages, requests, commercial inquiries, feedback forms, and other digital features that expressly refer to this Notice. 1.3. If a separate feature, enterprise plan, local delivery, marketplace segment, customer-instructed processing, or integration is governed by a separate data agreement, data processing agreement, enterprise agreement, or other special privacy documentation, such special documentation shall prevail in the relevant part. ## 2. International Segment and Exclusion of the Russian Segment 2.1. VOSCOM.ONLINE is designed as an international service and is not intended for use from within the territory of the Russian Federation and is not intended to serve as an environment for processing personal data of individuals located in the Russian Federation, unless otherwise expressly agreed in a separate written agreement. 2.2. During registration and use of the service, we may ask the user to confirm that the user is not located in the territory of the Russian Federation, does not use the service from such territory, and will not upload through the international segment personal data of individuals located in the Russian Federation without a separate written legal basis. 2.3. If we reasonably determine that an account or data is connected with use of the service in violation of Section 2, we may restrict access, suspend processing, request additional information, delete or anonymize data to the extent permitted by applicable law, or retain certain records where required for security, accounting, investigation of violations, or compliance with legal obligations. 2.4. The international VOSCOM.ONLINE segment is not intended for the initial collection, accumulation, storage, updating, or retrieval of personal data of citizens of the Russian Federation through foreign infrastructure. Users located in the Russian Federation or using the service as the Russian segment must use VOSCOM.RU after the relevant domain and local infrastructure are launched. 2.5. Cookie consents, document acceptance logs, accounts, databases, payment environments, and service identifiers of the international VOSCOM.ONLINE segment must be separated from the Russian VOSCOM.RU segment if such segment is launched. ## 3. Data We May Collect 3.1. Depending on how you use the service, we may collect the following categories of data: - Account data: username, email address, hashed password, email verification information, interface language, time zone, user role, account status, and history of acceptance of documents and versions of terms. - Technical and log data: IP address, technically determined country/region, user agent, device and browser information, timestamps, session identifiers, security, error, and audit logs, anti-abuse and anti-fraud signals. - Service usage data: information about logins, actions in the user account, use of AI tools, API calls, build runs, activity in project sections, history of settings changes, limits, usage metrics, and payment events. - User Materials: AI prompts, task descriptions, diagrams, configurations, texts, files, project data, comments, support requests, and other materials that you upload or create through the service. - Commercial and payment data: information about the tariff, plan, subscription status, invoice metadata, payment status, tax fields, and other data necessary for accounting and invoicing. Full bank card details and payment credentials may be processed by payment providers rather than directly by us. - Communications data: content of messages in support channels, email inquiries, responses to legal and privacy requests, feedback, error reports, demo requests, pilots, and enterprise inquiries. - Security and compliance data: information necessary to prevent abuse, comply with export control and sanctions requirements, verify the permissibility of service use, investigate incidents, and protect infrastructure. 3.2. We do not seek to collect more data than is necessary for the operation of the service, security, accounting, legal functions, compliance, and product development. ## 4. Sources of Data 4.1. We may receive data: - directly from you when you register, log in, configure your account, use the service, and interact with us; - automatically from your browser, devices, logs, and infrastructure systems when you use the service; - from payment providers, anti-fraud tools, hosting providers, analytics providers, and other processors to the extent necessary for service operation, security, and accounting; - from your organization, workspace administrator, or enterprise customer, if the service is used in a B2B environment. ## 5. Purposes for Which We Use Data 5.1. We may use data for the following purposes: - creating and maintaining an account, confirming registration, and authentication; - providing access to service features, including AI tools, project sections, builds, monitoring, documentation, and APIs; - ensuring operation, security, resilience, logging, abuse limitation, incident investigation, and fraud prevention; - performing a contract with the user or with the organization on whose behalf the user acts; - providing support, responding to inquiries, processing requests, legal requests, and privacy requests; - payments, accounting, invoicing, tax, and financial control; - complying with applicable law, responding to lawful requests from public authorities, fulfilling sanctions and export control obligations, and protecting the rights of the Operator and third parties; - improving the service, engineering reliability improvements, error diagnostics, usage analytics, capacity planning, and development of the interface and features; - team training, maintaining internal documentation, and improving support procedures in anonymized form or to the minimum necessary extent; - where expressly disclosed to you separately, use based on your consent. ## 6. Legal Bases for Processing 6.1. Depending on applicable law and the nature of the processing, we may rely on one or more of the following legal bases: - performance of a contract or steps prior to entering into a contract — where processing is necessary for registration, provision of service features, payments, support, and performance of obligations; - legitimate interest — where processing is reasonably necessary for security, prevention of abuse, diagnostics, infrastructure protection, product improvement, internal administration, and protection of the Operator’s rights, subject to a balancing of interests; - consent — where it is required under applicable law or where we separately request it from you; - compliance with a legal obligation — where processing is necessary to comply with law, a court order, a lawful request from a public authority, sanctions obligations, or tax obligations; - protection of vital interests or other legal bases — only where they are genuinely applicable under law. 6.2. Where we rely on consent, you have the right to withdraw it for the future; however, withdrawal does not make processing carried out before the withdrawal unlawful. ## 7. AI Tools, Project Data, and Sensitive Content 7.1. User Materials, including AI prompts, project descriptions, diagrams, configurations, and other uploaded data, may be processed within the service’s computing environment to generate responses, builds, compatibility checks, error diagnostics, and technical support. 7.2. You must not upload through the service any personal data, trade secrets, confidential information, regulated data, data subject to export control, or other information for which you do not have a lawful basis for transfer or a separate arrangement with us. 7.3. If you use an enterprise environment, BYOK, or separate data processing restriction modes, the applicable procedure for processing prompts, results, logs, and project data may also be governed by separate settings, a data processing agreement, or an enterprise agreement. 7.4. Unless expressly stated otherwise in a separate agreement, do not rely on the service as the storage location for the only copy of critical data. You are responsible for backups, access control, and verifying the lawfulness of transferring materials. ## 8. To Whom We May Disclose Data 8.1. We may disclose data to the following categories of recipients where necessary and lawful: - processors and infrastructure providers: hosting, cloud, databases, CDN, email providers, monitoring, logging, anti-fraud, analytics, support tools, and payment providers; - enterprise customers and organization administrators: if you use the service as an employee, contractor, or representative of an organization, that organization may have access to account data and usage data within the scope of enterprise administration; - professional advisers: lawyers, auditors, accountants, and insurers to the extent necessary; - public authorities and other authorized persons: where there is a lawful request, court order, request we are required to comply with, or where disclosure is necessary to protect rights, security, or investigate violations; - persons involved in a corporate transaction: in connection with a reorganization, sale of assets, merger, financing, or other corporate transaction, subject to reasonable confidentiality measures. 8.2. We do not disclose your data to third parties more broadly than necessary for the stated purposes, and we seek to use contractual and technical safeguards where appropriate. 8.3. The current list of significant processors and categories of subprocessors may be published at: not published. ## 9. International Data Transfers 9.1. The service may use infrastructure and providers located in multiple countries. Accordingly, your data may be transferred, stored, or made accessible outside the country where you are located. 9.2. If EEA/UK GDPR rules apply to you, international transfers of personal data are carried out only where an applicable lawful mechanism is in place, including an adequacy decision, standard contractual clauses, international data transfer instruments, or another permitted basis under applicable law. 9.3. You understand that the international nature of the service may require cross-border data processing for hosting, logging, support, security, and operation of specific features. ## 10. Retention Periods 10.1. We retain personal data no longer than necessary for the purposes for which it was collected, unless longer retention is required by law, security obligations, accounting, dispute resolution, or protection of rights. 10.2. Specific retention periods may depend on the category of data: - account data — generally for the duration of the account and for a reasonable period after its closure; - security and audit logs — for the period necessary to investigate incidents, monitor abuse prevention, maintain records, and protect legal rights; - payment and tax records — for the period required by applicable tax and accounting law; - support messages and legal correspondence — for the period necessary to process requests, resolve disputes, and protect legal rights; - project materials and AI interaction data — depending on product settings, plan, enterprise mode, and your deletion actions, unless otherwise required for security or performance of a contract. 10.3. After the applicable period expires, data may be deleted, anonymized, aggregated, or isolated in restricted-access archives. ## 11. Data Security 11.1. We take reasonable organizational, administrative, and technical measures to protect data against unauthorized access, loss, disclosure, alteration, or destruction. 11.2. Such measures may include access controls, logging, environment segmentation, backups, personnel access restrictions, security monitoring, encryption in transit, secrets management, and other safeguards appropriate to the scale and nature of the service. 11.3. No system can guarantee absolute security. Therefore, you are also responsible for using strong passwords, protecting credentials, enabling available account protection measures, and not transferring data to the service without verifying that such transfer is permitted. ## 12. Your Rights 12.1. Depending on applicable law, you may have one or more of the following rights: - the right to request access to your data; - the right to request correction of inaccurate data; - the right to request deletion of data in cases provided by law; - the right to restrict processing or object to certain types of processing; - the right to data portability where applicable; - the right to withdraw consent where processing is based on consent; - the right to lodge a complaint with a competent supervisory authority. 12.2. To exercise your rights, you may send a request to admin@voscom.online. We may request reasonable verification of your identity and authority in order to protect data from disclosure to unauthorized persons. 12.3. If the GDPR/UK GDPR applies to you, we generally seek to respond to requests without undue delay and, as a rule, within one month, unless a different period is permitted by law. ## 13. Children and Age Restrictions 13.1. The service is intended only for persons over 18 years of age and is not intended for children or minors. 13.2. We do not knowingly seek to collect personal data of persons under 18 years of age. If we become aware that an account or data is associated with a minor in violation of the service rules, we may restrict access, request age verification, and delete or anonymize such data to the extent permitted by applicable law. ## 14. Cookies, SDKs, and Similar Technologies 14.1. The service may use cookies, local storage, session identifiers, pixels, analytics tags, and other similar technologies for authentication, maintaining session state, security, basic analytics, interface preferences, and operation of specific features. 14.2. If applicable law requires separate notice or consent for certain cookies or tracking technologies, the relevant procedure may be disclosed in a separate cookie notice or consent interface. ## 15. Profiling and Automated Decisions 15.1. We may use automated tools for abuse prevention controls, security risk assessment, rate limiting, fraud detection, country and risk verification, product analytics, support request routing, and other internal procedures. 15.2. Unless expressly stated otherwise in special documentation or an enterprise agreement, we do not make solely automated decisions that produce legal effects concerning you or similarly significantly affect you without the safeguards required by law. ## 16. External Services and Links 16.1. The service may contain links to third-party websites, SDKs, payment pages, repositories, documentation pages, or integrations that are not controlled by us. Their privacy practices are governed by the documents of the respective third parties. 16.2. We are not responsible for the privacy practices of third-party services outside our control. Before using such services, please review their terms and privacy documents. ## 17. Changes to This Notice 17.1. We may periodically update this Notice to reflect changes in the service, providers, legal environment, or our data processing practices. 17.2. The updated version takes effect as of the date stated at the end of the document, unless another effective date is specified. In the event of material changes, we may additionally notify users through the interface, by email, or by other reasonable means. ## 18. Contacts and Complaints 18.1. For privacy matters, data subject requests, security notices, and related inquiries, please contact: admin@voscom.online. 18.2. General contact of the Operator: support@voscom.online. 18.3. If applicable, details of the EEA/UK representative: - EU Representative: not appointed - UK Representative: not appointed - DPO / privacy contact: not appointed; privacy requests should be sent to admin@voscom.online 18.4. If the GDPR/UK GDPR applies to you, you may also lodge a complaint with the competent supervisory authority in the place of your habitual residence, place of work, or place of the alleged infringement. If desired, you may specify the main reference supervisory authority here: not specified. Effective date: April 12, 2026.