Privacy Policy

Last updated: 25.04.2026

1. General

This Privacy Policy is drafted under Federal Law of 27.07.2006 № 152-FZ "On Personal Data" (the "152-FZ"), Decree of the Government of the Russian Federation of 01.11.2012 № 1119, Order of FSTEC of 18.02.2013 № 21, Order of Roskomnadzor of 14.11.2022 № 187 and other applicable acts.

2. Operator

Personal-data Operator:

Sole Proprietor Kostin Gleb Yurievich INN 784001826750, OGRNIP 318784700122070 E-mail: legal@solu.id

3. Categories of personal data processed

The Operator processes a closed list of personal-data categories:

3.1. On registration / use of the Service: e-mail, name/nickname, password (as a hash), device identifiers, IP address, browser and OS data.

3.2. When the User builds a Profile and an ID-card (optional): first name, last name, patronymic, date of birth, place of birth, sex, photo, signature image, profession, place of work, city, links to external resources, skills and descriptions.

3.3. When the Service is in use: action history, page-visit data, aggregated statistics on click-throughs from the User's Public Profile.

3.4. On payment (when paid plans launch): the fact and amount of the payment; full card credentials are not processed by the Operator and remain on the acquirer's side.

Biometric personal data and special categories of personal data (race, political views, health, etc.) are not processed.

Note on the signature image. The signature image stored as part of the Profile data is a decorative graphic element of the digital ID card (see clause 5.5 of the Terms of Service). It is not used or treated by the Operator as biometric personal data within the meaning of art. 11 of 152-FZ, as a handwritten signature within the meaning of art. 160 GK RF, or as an electronic signature within the meaning of Federal Law 63-FZ. It carries no legal weight. The Operator does not subject the signature image to the special-category processing regime.

4. Purposes and legal grounds

Purposes and the corresponding legal ground (under art. 6 of the 152-FZ — closed list):

  • registering and identifying the User, providing the Service — clause 5 of part 1 of art. 6 (performance of a contract to which the data subject is a party);
  • information security — clause 7 of part 1 of art. 6;
  • compliance with statutory duties (tax, accounting, child-protection, anti-prohibited-information) — clause 2 of part 1 of art. 6;
  • publication of the Public Profile and other data the User permits to be disseminated — separate consent under art. 10.1 of the 152-FZ;
  • service notifications and (with separate consent) marketing — clause 1 of part 1 of art. 6 (consent).

The Operator does NOT rely on the GDPR ground of "legitimate interest"; the list of grounds in Russian law is closed.

5. Retention

  • Account data — until Account deletion or until consent is withdrawn, but no longer than five (5) years after the User's last sign-in;
  • Public Profile data — until consent to dissemination is withdrawn or the Account is deleted;
  • payment and receipt records — five (5) years (art. 23 Tax Code);
  • security logs — six (6) months;
  • backups — thirty (30) days after deletion.

6. Third parties. Transfer of data

6.1. Processors. On the basis of an agreement and an assignment under clause 3 of part 1 of art. 6 of 152-FZ, certain categories of data may be processed by:

  • a hosting provider (Russian data centre), Russian Federation;
  • Selectel LLC (INN 7704800054), Russian Federation — S3-compatible object storage for user-uploaded photos and signature images, hosted in a Russian data centre (Saint Petersburg, ru-3 region);
  • an acquirer (payment institution), Russian Federation — when paid plans launch;
  • the PhotoRoom image service (only when the User uses the background-removal feature) — data are sent in real time and not stored by the Operator;
  • a fiscal-data operator (OFD) — when paid plans launch and cashier receipts are issued under 54-FZ.

6.2. Cross-border transfer. As of the date of this Policy, the Operator does not engage in cross-border transfer of personal data. Before any such transfer the Operator will notify Roskomnadzor no later than ten (10) business days in advance (part 4 of art. 12 of 152-FZ as amended by Federal Law 266-FZ of 14.07.2022) and will update this Policy accordingly.

6.3. State authorities. Disclosure to authorised state bodies follows the law of the Russian Federation.

7. Database location

Initial recording and updating of personal data of citizens of the Russian Federation is performed using databases located on the territory of the Russian Federation (part 5 of art. 18 of the 152-FZ as amended by Federal Law 23-FZ of 28.02.2025).

Production infrastructure and backups are hosted in a Russian data centre (Saint Petersburg).

8. Security measures

The Operator applies legal, organisational and technical measures necessary to protect personal data from unauthorised or accidental access, destruction, modification, blocking, copying, dissemination, and other unlawful actions (art. 19 of the 152-FZ):

  • TLS 1.3 channel encryption;
  • at-rest database encryption;
  • password hashing;
  • staff and contractor access controls;
  • security event logging;
  • two-factor authentication for administrative access;
  • internal incident response regulation.

The protection level of the personal-data information system is set in accordance with Government Decree № 1119 and FSTEC Order № 21.

9. Incident notification

On detection of an incident leading to unlawful transfer (dissemination, access) of personal data, the Operator notifies Roskomnadzor:

  • of the fact within twenty-four (24) hours;
  • of the investigation outcome within seventy-two (72) hours

(part 3.1 of art. 21 of 152-FZ; Order of Roskomnadzor № 187 of 14.11.2022).

10. Subject rights

10.1. Under arts. 14, 20, 21 of the 152-FZ, the data subject may:

  • obtain information regarding the processing of his/her data;
  • demand correction, blocking or destruction of personal data that are incomplete, outdated, inaccurate, unlawfully obtained or excessive;
  • withdraw consent to processing;
  • appeal the Operator's acts or omissions to Roskomnadzor or in court.

10.2. Subject requests are answered within ten (10) business days from receipt. The deadline may be extended once by up to five (5) business days with prior notice.

10.3. Account deletion in the Account area automatically deletes the associated personal data save for data the Operator must retain by law.

11. Minors

The Service is information product category 18+ (Federal Law 436-FZ). The Operator does not knowingly collect personal data of persons under eighteen (18). On becoming aware of any such collection the Operator deletes the data without delay.

12. Cookies and similar technologies

The use of cookies and other local-storage means is described in a separate Cookie Policy at https://solu.id/legal/cookies.

13. Language versions

This Policy is published in Russian and English. The Russian version is the legally authoritative one for data subjects located in the Russian Federation.

14. Amendments

The Operator may amend this Policy. The new version is published at https://solu.id/legal/privacy and is effective from publication. Material changes are also shown to Users on the next sign-in.

Last revised: 1 May 2026.

All legal documents