Document

SPG99 Privacy Policy

Updated: December 1, 2025

← Back to home

1. General provisions

1.1. This Privacy Policy and Personal Data Processing Policy (the “Policy”) defines the procedure and conditions for processing personal data, as well as the measures taken to ensure its security when using the “SPG99” service (the “Service”).

1.2. The personal data operator is ИП Беженарь В.В., ОГРНИП 324265100152923 (the “Operator”, “we”).

1.3. The Policy is developed in accordance with the laws of the Russian Federation, including Federal Law No. 152‑FZ “On Personal Data” and Federal Law No. 149‑FZ “On Information, Information Technologies and Information Protection”.

1.4. The Policy applies to personal data that the Operator may receive when:

  • visiting the Service website: spg99.ru;
  • using web interfaces and the management console;
  • using the API;
  • other interactions with the Service and the Operator.

1.5. By using the Service (website, Account, API, CLI, etc.), the User confirms that they have read and accept this Policy. If you do not agree, you must stop using the Service.

1.6. The Operator may change this Policy. The current version is available at spg99.ru/privacy. Continued use means acceptance of the changes.

2. Terms and definitions

2.1. Personal data — information relating to an identified or identifiable individual.

2.2. Personal data processing — any action performed on personal data (collection, recording, storage, use, disclosure, anonymization, deletion, etc.).

2.3. User — a legally capable individual or a representative of a legal entity/individual entrepreneur using the Service on their own behalf or on behalf of the represented entity.

2.4. Account — the User’s registration data and identifiers enabling authentication and authorization.

2.5. Cookies — small pieces of data that a browser sends to a server when accessing a website.

2.6. Other terms are used in the meanings defined by the Russian legislation on personal data.

3. Categories and types of processed data

3.1. When using the Service, the Operator may process:

  • Registration and identification data: full name (if provided), contact e‑mail, phone number (if provided), organization, job title, account data.
  • Service usage data: IP address, browser type/version, device/OS data, access date and time, requested page URLs, API request parameters, CLI command invocation facts (without the content of SQL queries if not logged), authentication information (tokens, session identifiers) — to the extent necessary.
  • Financial and payment data (for paid plans): information about payment facts and payment details (transaction ID, status, amount, date); sensitive payment data (full card numbers) is processed by the payment provider and is not stored in the Service.
  • Communications and requests: content of support requests, other contact channels, technical log data related to interactions.

3.2. The Operator does not aim to receive and does not process special categories of personal data (biometrics, health, beliefs, etc.) unless this follows from the nature of the request and is documented separately.

3.3. Data stored by the User in their PostgreSQL databases in the Service may include personal data of third parties. The Operator provides infrastructure; the User is responsible for the legality of such processing and for having the required legal grounds.

4. Purposes and legal grounds for processing

4.1. Purposes of personal data processing:

  • Account registration and User identification;
  • providing access to the Service features (creating/managing tenants and databases, using API/CLI, resource accounting);
  • performing contractual obligations (service provision, billing, support);
  • technical support and handling requests;
  • improving the Service and analyzing anonymized statistics;
  • service-related notifications (technical notices, tariff/terms changes, maintenance notifications);
  • marketing information (with the required consent where applicable);
  • compliance with Russian legal requirements.

4.2. Legal grounds: consent of the data subject; entering into and performance of a contract (offer) between the Operator and the User; fulfillment of obligations imposed by law; legitimate interests of the Operator or third parties provided that data subject rights are respected.

5. Principles and methods of processing

5.1. Processing is carried out on a lawful and fair basis and is limited to achieving specific and legitimate purposes.

5.2. The Operator processes only data that corresponds to the stated purposes and is necessary to achieve them.

5.3. Processing is performed using automated means and, if necessary, without automation (paper document workflow).

5.4. Combining databases for incompatible processing purposes is not allowed.

5.5. Personal data is stored no longer than required for the processing purposes or for the retention periods set by law.

6. Disclosure of personal data to third parties

6.1. Disclosure is possible if:

  • it is required by the Russian law (for example, upon request of authorities or a court);
  • disclosure is necessary to provide the Services and fulfill obligations to the User (payment providers, billing, hosting, mail/newsletter services) — to the minimum necessary extent;
  • the User has explicitly consented to the disclosure.

6.2. Engaged third parties undertake to comply with data protection and confidentiality requirements not lower than those specified in this Policy and the Russian law.

6.3. The Operator does not perform mass disclosure of personal data to third parties for their independent processing for marketing purposes without separate consent of the data subject.

7. Cross‑border transfer

7.1. By default, the Operator strives to process and store personal data within the territory of the Russian Federation.

7.2. If a cross‑border transfer is required, the Operator assesses the level of protection in the relevant country, takes additional measures, and, where necessary, obtains data subject consents.

8. Storage, restriction, and deletion

8.1. Personal data is stored in a form that allows identifying the data subject no longer than required for the processing purposes.

8.2. Upon achieving the purposes, expiration of retention periods, or withdrawal of consent (if there are no other legal grounds), data is subject to deletion or anonymization.

8.3. Deletion or anonymization is carried out in accordance with the Operator’s internal documents and Russian legal requirements.

9. Data subject rights

9.1. The User has the right to:

  • receive information about the processing of their data (fact, grounds, purposes, methods, terms, sources, recipients);
  • request rectification, blocking, or deletion of data in cases provided by law (incomplete, outdated, inaccurate, unlawfully obtained, or excessive for the purposes);
  • withdraw consent where processing is based on it and there are no other legal grounds;
  • appeal actions or inaction of the Operator to the competent authority or court.

9.2. To exercise rights, the User may send a request using the contacts in Section 13. The Operator reviews requests within the time limits established by the Russian law.

10. Personal data security measures

10.1. The Operator applies the necessary organizational and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, disclosure, and other unlawful actions.

10.2. Measures include: role-based access control; information security tools (including encryption of channels and storage where necessary); logging of operations; regular software updates and protection against unauthorized access; staff training; local security policies.

10.3. In case of a leak or a leak risk, the Operator acts in accordance with legal requirements and internal procedures, notifying data subjects and competent authorities if required by law.

11. Cookies and similar technologies

11.1. To improve convenience, analyze statistics, and enhance functionality, the Service website may use cookies and similar technologies.

11.2. Cookies may collect: IP address and approximate location; browser and OS data; visit time and duration; referral sources; actions on the website.

11.3. The User can restrict the use of cookies in browser settings; in this case, part of the functionality may work incorrectly.

12. Processing personal data of minors

12.1. The Service is intended for adult users and business purposes.

12.2. The Operator does not intentionally collect data from persons under 18. A legal representative may request deletion of a minor’s data if it was provided without proper consent.

13. Operator contact details

Operator: ИП Беженарь В.В.

OGRNIP: ОГРНИП 324265100152923

E-mail: support@spg99.ru

Service website: spg99.ru

In the request it is recommended to specify full name / organization, contact details for a reply, and the essence of the request (which right is exercised and which data it relates to).

14. Final provisions

14.1. This Policy is a public document and is available on the Service website.

14.2. In all matters not regulated by this Policy, the Parties are guided by the laws of the Russian Federation and the Service Terms of Service (offer) of “SPG99”.

14.3. In case of contradictions between Service documents, priority is given to the document that provides greater protection of rights and freedoms of personal data subjects.

By using the website or requesting a token, you confirm that you have read this Policy. Updates are published on this page.
Why SPG99ArchitectureRoadmapDocumentationBlog