1. Scope & Controller

This policy applies to Admin Desk and all related services and websites operated by Medvedev IT. For the purposes of the General Data Protection Regulation (GDPR), Medvedev IT is the data controller of your personal data processed under this policy.

Controller: Medvedev IT
Address: Saint-Petersburg
Email: nikita@medvedev-it.com

2. Data We Collect

We collect the following categories of information, depending on how you use the Service:

• Account Data: Name, email address, login identifiers, role/permissions, and organization details.
• Service Usage Data: Feature usage, clicks, navigation paths, timestamps, and performance metrics.
• Device & Log Data: IP address, device identifiers, browser/OS type, language, referral URLs, error logs.
• Content You Provide: Files, documents, comments, metadata, and other content uploaded or entered by you.
• Support & Communications: Messages, tickets, attachments, and contact details used to respond to you.
• Cookies & Similar Technologies: Please see Cookies below.
• Third-Party Sources: If you connect integrations (e.g., directory/SSO, calendars), we may receive necessary data to enable those features.

We collect data directly from you, automatically when you use the Service, and from third parties where you have enabled integrations.

3. Legal Bases (GDPR)

We process personal data under one or more of the following legal bases:

• Contract: Processing necessary to provide the Service you requested.
• Legitimate Interests: To operate, secure, and improve the Service (balanced against your rights).
• Consent: Where required (e.g., certain cookies or marketing). You can withdraw consent at any time.
• Legal Obligation: To comply with applicable laws and regulations.
• Vital Interests: To protect life or safety, in rare cases.

4. How We Use Your Data

• Provide & Operate the Service: Account creation, authentication, core features, and workflows.
• Support: Diagnose issues, respond to requests, and provide customer success.
• Security: Monitor, detect, prevent, and investigate fraud, abuse, and security incidents.
• Improve: Analyze usage and feedback to enhance performance, reliability, and UX.
• Communications: Service notices, updates, and essential announcements.
• Compliance: Enforce terms, exercise legal rights, and meet regulatory requirements.

5. Sharing & Disclosures

We do not sell your personal data. We may share information as follows:

• Service Providers (Processors): Trusted vendors who process data on our behalf under written contracts.
• Business Transfers: In a merger, acquisition, or asset sale, data may be transferred to the new entity.
• Legal Requirements: When required to comply with the law or respond to lawful requests.
• With Your Direction: When you connect integrations or otherwise instruct us to share.

6. International Transfers

If we transfer personal data outside your jurisdiction, we implement appropriate safeguards (such as Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms) to protect your information in accordance with applicable law.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, including providing the Service, complying with legal obligations, resolving disputes, and enforcing agreements. Retention periods may vary by data category and legal requirements.

8. Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

Subject to applicable law, you may have the right to:

• Access your personal data and obtain a copy.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten").
• Restrict or object to certain processing.
• Data portability.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a supervisory authority.

To exercise your rights, contact us at nikita@medvedev-it.com. We may need to verify your identity before responding.

10. Cookies & Similar Technologies

We use cookies and similar technologies to operate and secure the Service, remember preferences, and measure performance. You can control cookies through your browser settings. Disabling certain cookies may affect functionality.

11. Mobile App Permissions

If you use our mobile applications, we may request permissions (e.g., camera for QR codes, notifications for alerts). You can change permissions in your device settings. We only request permissions needed to provide features you use.

12. Children’s Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us and we will take appropriate steps to remove it.

13. Changes to This Policy

We may update this policy from time to time. We will post the new version with a revised “Last updated” date and, where appropriate, notify you through the Service or by email.

14. Contact Us

If you have questions or concerns about this policy or our data practices, contact us:

• Email: nikita@medvedev-it.com
• Address: Saint-Petersburg