Privacy Policy
Last updated: 19 мая 2026 г.
1. General
This Privacy Policy (the "Policy") describes what data software-analytics.bet (the "Service") collects, how it is used and protected.
The Policy is drawn up in accordance with Russian Federal Law No. 152-FZ on Personal Data.
By using the Service, the User consents to the processing of their data as described below. If the User does not agree — they must stop using the Service.
2. Data operator
The operator of personal data is the owner of software-analytics.bet (the "Operator").
Contact for data processing inquiries: support@software-analytics.bet.
3. What data we collect
3.1. Registration data
Email address — provided by the User when creating an account.
Password — stored only as a cryptographic hash (bcrypt algorithm). The original password is not accessible to the Operator and is not stored anywhere.
3.2. Technical data
Each request to the Service automatically collects:
- IP address — for security and protection against attacks;
- Browser User-Agent — for compatibility and diagnostics;
- Request timestamps — for logging and incident analysis.
3.3. Cookies
The Service uses the following cookies, all of which are required for it to work:
| Cookie | Purpose | Lifetime |
|---|---|---|
access_token | Authorization (HttpOnly, Secure, SameSite=Lax) | 15 minutes |
refresh_token | Session refresh (HttpOnly, Secure, SameSite=Lax) | 30 days |
csrf_token | CSRF protection | equal to refresh_token lifetime |
All cookies are first-party (domain software-analytics.bet). The Service does not currently set any third-party cookies.
3.4. Push notifications (for PWA)
When installing the Service as a PWA app and subscribing to forecast notifications:
- Device push token — issued by the browser/OS, used to deliver notifications.
- The push token contains no personal data of the User and does not allow identifying them outside the Service.
- The User may revoke notification permission in browser/device settings at any time.
4. Data processing purposes
The Operator processes data solely for the following purposes:
| Data | Purpose |
|---|---|
| Email, password | Registration, authorization, access recovery |
| IP, User-Agent, timestamps | Security, protection against attacks, diagnostics |
| Cookies | Maintaining the User session |
| Push tokens | Delivery of forecast notifications |
The Operator does not use the collected data for:
- marketing mailings without the User's separate consent;
- sale or transfer to third parties for commercial purposes;
- profiling for the purpose of targeted advertising.
5. Legal basis for processing
Performance of a contract (Article 6.1.5 of 152-FZ) — for registration and provision of the Service.
Consent of the subject (Article 6.1.1 of 152-FZ) — for sending push notifications and, in the future, for analytics and marketing.
Legitimate interest of the Operator (Article 6.1.7 of 152-FZ) — to ensure security and stable operation of the Service.
6. Data retention periods
| Data | Retention period |
|---|---|
| Account (email, password hash) | Until the User requests deletion |
| access_token (JWT, not stored in the database) | 15 minutes |
| refresh_token (hash in the database) | 30 days from issuance; on rotation the old one is marked revoked |
| Technical logs (IP, User-Agent) | Up to 90 days |
| Push tokens | Until revoked by the User or sign-out |
After an account is deleted, the data associated with it is deleted within 30 days, except where required by law.
7. Analytics
As of the last update of this Policy, the Service does not use third-party analytics systems (Google Analytics, Yandex.Metrica, etc.).
In the future the Service may add a web analytics system (likely Yandex.Metrica) to analyze traffic and improve functionality. When added:
- this Policy will be updated to indicate the specific service and the data it collects;
- an analytics cookie consent banner will be displayed on the site;
- the User will be able to opt out of analytics without losing core functionality.
8. Transfer of data to third parties
The Operator does not transfer the User's personal data to third parties, except:
- to the hosting provider — on whose servers the Service is hosted (acts as a processor on the Operator's instructions);
- in cases provided by law — upon a justified request from authorized authorities.
The Service does not transfer data to betting organizations, marketing agencies, advertising networks, or any other commercial partners.
9. User rights
The User has the right to:
- obtain information about the data processed — by sending a request to support@software-analytics.bet;
- request correction or deletion of inaccurate data;
- delete the account and the data associated with it — by request to support@software-analytics.bet;
- withdraw consent to data processing — this will entail termination of the Service;
- appeal the Operator's actions to Roskomnadzor or to a court at their place of residence.
Requests are processed within 30 days of receipt.
10. Data security
The Operator applies technical and organizational data protection measures:
- data transmission over a secure HTTPS connection (TLS);
- passwords stored only as bcrypt hashes;
- use of HttpOnly/Secure/SameSite cookies to protect against XSS and CSRF;
- rotation of refresh tokens and their hashing in the database;
- logging of suspicious activity.
Despite the measures taken, no system can be 100% secure. The User must safeguard their password and use trusted devices.
11. Changes to the Policy
The Operator may change the Policy. The current version is always available at /legal/privacy.
For material changes the User will be notified through the site or by email.
By continuing to use the Service after changes, the User confirms acceptance of the new version.
12. Contact
For personal data processing inquiries: support@software-analytics.bet.