Privacy Policy of the SHIVA Platform
Effective Date: May 12, 2025
1. Definitions and Terms
Web Service — SHIVA's software tool that operates within an information and
telecommunication network (including, but not limited to, the Internet),
enabling automated data exchange and/or access to certain functional
features or informational resources via a user interface (including web
browser) or through programmatic interaction with other information
systems via open protocols and APIs. The SHIVA Web Service may be
delivered as part of the software platform, a cloud solution, or as a
standalone service, including features like authorization, personalization,
and collection and processing of user data.
Mobile Application — SHIVA software designed for installation and use on
portable computing devices such as smartphones, tablets, and other
mobile devices, operating on systems such as iOS or Android. The
application grants access to specific features, services, or information, and
may collect, transmit, process, and store personal data while interacting
with other components of the SHIVA software platform over the Internet
and/or other communication channels.
Platform — The SHIVA software product, comprising a set of interrelated
intellectual property objects, including (but not limited to) the SHIVA web
service, SHIVA mobile application, official website, and other intellectual
creations owned by the Operator. These include software, audiovisual
works, graphic and textual materials, design elements, names, logos,
interfaces, and other objects protected by intellectual property laws. The
Platform provides access via the Internet and operates on various devices,
including desktops and mobile.
Operator — Limited Liability Company "MCDis," OGRN 1097746452407,
registered at: 19, bldg. 2, Sheremetyevskaya St., apt. 83, Moscow, Russia,
127521.
Personal Data — Any information directly or indirectly related to an identified
or identifiable natural person (data subject).
User — A natural person using the Platform and/or a personal data subject.
Personal Data Processing — Any action (operation) or set of actions
performed on Personal Data using automated tools and/or without them,
including collection, recording, systematization, accumulation, storage,
clarification (updating, changing), extraction, usage, transfer (distribution,
provision, access), anonymization, blocking, deletion, or destruction of
data.
Destruction of Personal Data — Actions making it impossible to restore the
content of personal data within personal data systems and/or resulting in
the destruction of physical data media.
Provision of Personal Data — Actions aimed at disclosing personal data to
a specific individual or a group.
Dissemination of Personal Data — Actions aimed at making personal data
available to an indefinite range of people.
Data Security — Protection of personal data from unlawful and/or
unauthorized access, destruction, modification, blocking, copying,
provision, dissemination, as well as from other unlawful actions.
Website — The website is available at: https://shiva.imbalanced.tech/,
including all pages, subdomains, and components.
2. Purposes and Legal Basis for Personal Data
Processing
2.1. This Privacy Policy (hereinafter the "Policy") sets forth the general
principles, purposes, procedures, and conditions for processing personal
data of Users of the SHIVA Application and/or Web Service by the
Operator.
2.2. The Policy is developed in accordance with Federal Law No. 152-FZ
"On Personal Data" of July 27, 2006, and the General Data Protection
Regulation (EU) 2016/679 ("GDPR").
2.3. The Policy is a publicly available document published at:
https://theplane.world/shiva-task%20tracker/Privacy-Policy.html and within
the Mobile Application.
2.4. The current version of the Policy enters into force from the moment
of its publication. The Operator may amend the Policy. Unless otherwise
specified, new versions become effective upon publication.
2.5. This Policy applies to personal data processing relationships arising
before and after its approval.
2.6. Personal data processing is performed in the territory of the Russian
Federation. Cross-border transfers are not performed. However, the use
of third-party services (e.g., Google Analytics) may involve such transfers.
In such cases, the Operator ensures appropriate safeguards (e.g.,
Standard Contractual Clauses approved by the European Commission).
2.7. In accordance with Federal Law No. 152-FZ, the User has the right
to:
access their personal data.
obtain information regarding data processing.
request rectification, blocking, or deletion of incomplete, outdated,
inaccurate, unlawfully obtained, or unnecessary data.
take legal measures to protect their rights.
exercise other rights granted by data protection laws.
2.8. In accordance with GDPR, the User has the right to:
access their personal data.
request rectification, blocking, deletion ("right to be forgotten").
restrict processing and data portability.
exercise other rights set forth in GDPR.
2.9. By registering, authorizing, or using the Platform, the User gives
explicit, informed, and specific consent for their personal data to be
processed. This consent may be withdrawn at any time without affecting
the lawfulness of prior processing.
2.10. Purposes of Processing Personal Data:
providing a demo of the Platform or its components upon request.
entering into an Agreement for the use of the Platform or its components.
registering a User on the Platform.
enabling Platform functionality.
sending event notifications within the Platform.
providing technical support.
sending informational newsletters.
maintaining statistics on Platform usage.
2.11. Personal data is processed:
with the User's consent.
when necessary to fulfill an Agreement in which the User is a party.
2.12. Personal data is destroyed upon achieving the processing goals or
upon withdrawal of consent, unless:
otherwise required under the Agreement with the User.
processing without consent is allowed by law;
otherwise agreed between the Operator and the User.
2.13. Personal data is processed automatically using computing devices,
databases, and similar tools.
3. Types of Personal Data We Collect
Users of the SHIVA Platform may provide various categories of personal data
as part of their interaction with the service. The Operator collects and
processes the following types of data:
3.1. Data collected during registration and authentication via the OAUTH
protocol. When registering or verifying a user through OAUTH-based
authorization (e.g., via Google or other identity providers), we request
permission to access and store the following data:
userInfo (unique ID)
Full name
Email address
Profile photo
3.2. Data collected upon file attachment or upload. When users attach or
upload files through the Platform, we may request access to the following
metadata:
File/document content
File name
File icon URL
Access URL
File size in bytes
3.1. Additional categories of data we collect may include:
Contact details (e.g., email address, phone number)
Professional information (e.g., job title, company name)
Technical information such as browser type, operating system, device
identifiers
3.2. Interaction data, including pages visited, features used, and activity
logs within the Platform
4. Cookies and Automated Data Collection
4.1. Internal Analytics
The Platform uses cookies — small data fragments stored in the User's
browser — for internal analytics, including collection of anonymized usage
data on the Website and/or Mobile App. This data helps improve
performance, usability, and error detection. Cookies are not used to identify
Users and are not shared with third parties, unless required by law or this
Policy.
4.2. Google Analytics
The Website may use Google Analytics, provided by Google Ireland Limited
(Gordon House, Barrow Street, Dublin 4, Ireland). It collects data on site
usage, frequency of visits, pages viewed, and referrers. Google sets
persistent cookies to identify returning users. These cookies are only
accessible by Google. The Operator uses this data to improve the
Platform. Users may manage cookie preferences via their browser.
4.3. Yandex Metrica
The Website may use Yandex Metrica (https://yandex.ru/), provided by
Yandex LLC (16 Leo Tolstoy St., Moscow, Russia, OGRN 1027700229193,
INN 7736207543). Data collected via cookies is processed by Yandex to
analyze site usage, generate reports, and provide services. Details on
cookies used are available at:
https://yandex.ru/support/metrica/general/cookie-usage.html. Users can
opt out via browser settings.
5. Sharing of Personal Data with Third Parties
The Operator may share personal data with third parties bound by
confidentiality and data protection agreements.
6. Updates, Deletion, and Access to Personal Data
6.1. Requests to Stop Processing
Data subjects may submit requests to modify or stop the processing of their
personal data by contacting: valery.neuman@oneblending.com
The Operator will confirm the processing, legal grounds, and purposes within
10 business days of receiving the request, extendable by 5 days with
notice. Requests must include:
ID details of the requester.
proof of relationship with the Operator (e.g., contract number).
signature (electronic signatures are accepted under Russian law).
If the request is incomplete or unauthorized, the Operator will issue a
reasonable refusal. The right to access may be limited under Article 14(8)
of Federal Law No. 152-FZ.
Upon a legitimate request to stop processing, the Operator will cease
processing unless otherwise required by law.
Personal data will be deleted from information systems.
6.2. User-Managed Updates
Users may update their personal data:
in the Mobile App under "Profile".
in the Web Service under "Profile".
7. Data Protection Measures
The Operator implements adequate and sufficient measures to fulfill
obligations under Federal Law No. 152-FZ, the GDPR, and related
regulations.
Questions may be addressed to: valery.neuman@oneblending.com
