1. General Provisions
This Privacy Policy governs the procedures for collecting, storing, processing, and protecting personal data of Users of the website discuss.rabkesov.ru (hereinafter — the Site).
The purpose of processing data is to ensure the Site’s functionality, provide access to services, interact with Users, improve UX, and comply with the requirements of Russian legislation, including:
- Federal Law No. 152-FZ “On Personal Data”,
- Federal Law No. 149-FZ “On Information…” (as amended on 27.07.2006),
- draft federal law No. 1069392-8 of 14.11.2025 (Art. 13.53, 13.54 of the Administrative Code of the Russian Federation — under consideration).
Processing of personal data is carried out on the basis of User consent, as well as in cases explicitly provided by law (including to fulfill obligations, ensure security, prevent bypassing of blocks).
2. Definitions
- Personal Data — any information relating to an identified or identifiable physical person (User), including:
- email, phone number, IP address, login, password hash, user-agent, device ID,
- content published by the User,
- preferences (likes, views, subscriptions).
- Processing of Personal Data — collection, recording, systematization, accumulation, storage, updating, extraction, use, transmission, anonymization, blocking, deletion, destruction.
- User in Russia — a person whose IP address, upon login, is geolocated within the territory of the Russian Federation (according to public MaxMind and ipapi.co databases). This definition may be manually refined in profile settings.
- Recommendation Technologies — algorithms using User preference data (views, likes, subscriptions) to personalize content (topics, posts, users).
3. Composition and Sources of Collected Data
| Identifiers (email, login, password hash/email+OAuth token) | Registration / login | Yes | Until account deletion (see section 7) |
| Phone | For SMS-based authentication | Only for Users in Russia | Until account deletion |
| IP address, user-agent, device ID | Automatically collected on each login | Yes | 365 days (security logs); 3 years — upon blocking for violations |
| User content (posts, comments, private messages) | Published by User | No | Until account deletion / upon request |
| Preferences (likes, views, subscriptions) | Interaction with the Site | No | Until disabling recommendations or account deletion |
| Data from IdP (Google, GitHub, VK, “Gosuslugi”, etc.) | OAuth/OpenID Connect | Only upon choosing login method | Only session identifier (token); personal data (name/email) — stored within account |
Important:
— When logging in via Google / GitHub / Apple ID for Users outside Russia — onlysub(unique identifier) and email are collected, if permitted in IdP settings.
— For Users in Russia, login via Google/GitHub is allowed only upon additional linking to a Russian phone number or “Gosuslugi” (Art. 10, Sec. 8 of Law No. 149). In this case, the following are stored:
• email from IdP,
• Russian phone number (or ЕСИА ID),
• verified link between them.
4. Age Restrictions and Parental Consent
To comply with requirements of Art. 9 of Law No. 152 and the draft law on digital identification:
|||||
| — | — | — |
|16–17 years|Registration allowed with oral consent from one parent|email, login, date of birth (optional)|
|14–15 years|Requires written consent from one parent, sent to 14🌀rabkesov.ru|scan/photo of consent + parent’s email + child’s email|
|Under 14 years|Registration prohibited. Anonymous reading of public content is allowed|Not collected (only temporary session cookies)|
The Administration may request age verification if there are doubts.
Parental data (email, consent scan) is stored for 3 years or until the User turns 18 — whichever comes later.
5. Purposes of Processing Personal Data
Personal data is processed for:
- Authentication and access to services — in accordance with requirements of Law No. 149:
- For Users in Russia — via Russian phone number / “Gosuslugi” / Russian IdP (VK, Yandex, etc. with phone/ЕСИА linkage),
- For Users outside Russia — via email, Google, GitHub, and other IdPs without restrictions.
- Forum functionality — publishing, moderation, notifications.
- Security — preventing spam, bots, bypassing blocks (storing IP/device ID during bans).
- Recommendation Technologies (Art. 13.54 of the Administrative Code):
- Personalizing feed (topics, posts, users),
- Improving UX based on preference analysis.
→ User may disable personalization inSettings.
- Compliance with legislation — fulfilling requests from authorized bodies (Roskomnadzor, MVD, etc.).
6. User Rights
The User has the right to:
- Obtain a copy of their data (including login logs, publications, preferences);
- Request correction, blocking, or partial deletion (avatar, biography, private messages);
- Withdraw consent for processing — via email
book🌀rabkesov.ruor via personal account; - Object to processing (including recommendation technologies);
- Request anonymization of public content (posts/comments) upon account deletion.
Exceptions during blocking for violations:
— Administration may retain a minimal set of identifiers (email, IP, device ID, date of last violation) for 3 years — to prevent re-incarnation and ensure security.
— Full deletion of such data is possible only by Administration decision (e.g., upon expiration of statute of limitations or lifting of block).
— Deletion request does not lift the block.
During external blocking (provider, sanctions, local legislation):
— Administration will try to comply with the request, but cannot guarantee execution if technically impossible or contrary to requirements of competent authorities.
7. Use of AI and Content Processing
- Content from public topics may be indexed by search engines. Removal from index — via corresponding services (Google Search Console, etc.).
- In private topics and private messages, a local language model (LLM) is used for:
- Generating moderator-bot responses,
- Semantic search,
- Tone analysis.
Model is local, does not transmit data to vendors (Google, OpenAI, etc.).
Exception: if the User explicitly permits sending a query to the internet (e.g., /search in Google) — such a query may be sent to an external API. Administration does not bear responsibility for consequences of such actions.- AI and forum logs are rotated daily, stored up to 30 days, used only for debugging.
8. Security and Data Protection
- Passwords are stored as bcrypt hashes (cost=12).
- OAuth tokens are encrypted and stored in secure variables.
- Data is transmitted via TLS 1.3.
- Regular security audits and patching of vulnerabilities.
- In case of a leak — notification to Users and Roskomnadzor within 24 hours.
9. Data Sharing with Third Parties
|||||
| — | — | — |
|Russian IdPs (“Gosuslugi”, VK, Yandex, etc.)|Technical integration (OAuth 2.0 / OpenID Connect)|Only session identifier and agreed fields (email, name, avatar, gender, date of birth — by consent)|
|Hosting / CDN (timeweb.cloud)|Ensuring availability|IP, user-agent, temporary logs (up to 30 days)|
|Russian Authorities|Legal requirement (Art. 11 of Law No. 152)|Minimal necessary data upon request|
|Forum Users|Publication in open access|Only what User has publicly posted|
Important: Administration does not sell or monetize personal data.#### 10. Recommender Technologies (Art. 13.54 of the Code of Administrative Offenses)
The site uses recommender technologies only for Users who have given consent to personalization.
You have the right to:
- disable recommendations →
Settings; - obtain a description of the algorithms;
- submit a legal request →
book🌀rabkesov.ru(as specified in paragraph 3 of Art. 13.54 of the Code of Administrative Offenses).
When disabled, content is displayed in chronological order.
11. Changes to the Policy
The Administration reserves the right to make changes. The current version is published at:
Significant changes (e.g., new processing methods) are accompanied by notifications on the Site and/or via email.