Privacy Policy
Last updated: May 6, 2026
1. Data Controller
The data controller is IE Bulitko Andrey Viktorovich, INN: 745604136907, OGRNIP: 324508100646384, registered in Moscow Region, Russia.
Data Protection Officer (DPO): privacy@teacherdesk.ru.
This Policy complies with Federal Law No. 152-FZ "On Personal Data" (Russian Federation).
2. Data We Collect
We process the following categories of personal data:
| Category | Data |
|---|---|
| Identity | First name, last name; gender; date of birth (for students) |
| Contact | Email address, phone number, Telegram username (optional) |
| Educational | Subject, grade/year, lesson schedule, homework, grades, learning materials |
| Financial | Payment amounts and statuses between tutor and student (we do not process bank card details — payments are made directly between parties) |
| Technical | IP address, browser type, OS, device type, visit timestamps |
| Cookies | Session identifiers, interface preferences (language, theme), analytics identifiers |
We do not process special categories of personal data (racial origin, political views, health, etc.).
3. Purposes and Legal Basis
| Purpose | Legal Basis |
|---|---|
| Account registration and authentication | Performance of contract (Art. 6(5) FZ-152) |
| Service functionality (schedule, homework, finance) | Performance of contract |
| Payment processing | Performance of contract; legal obligation |
| Lesson and homework notifications | Consent; legitimate interest |
| Marketing communications | Separate consent |
| Analytics and service improvement | Legitimate interest |
| Compliance with Russian law | Legal obligation |
4. Third-Party Data Processors
We share data with third parties solely for service delivery. All data is stored and processed within the Russian Federation. Processors:
| Processor | Purpose | Data | Jurisdiction |
|---|---|---|---|
| Selectel (hosting) | Server infrastructure (VPS) | All data (storage) | Russia, St. Petersburg |
| SMS.ru | Phone number verification via SMS | Phone number | Russia |
| GigaChat (Sberbank) | AI assistant for tutors | Student names, schedule, homework descriptions (in request context) | Russia |
| Yandex 360 | Corporate email (SMTP) | Recipient email address | Russia |
| PostHog (self-hosted) | Usage analytics | Depersonalized data: page URLs, action types | Russia (self-hosted on Selectel) |
| Redis (self-hosted) | Rate limiting | IP address (temporary, TTL up to 60 min) | Russia (self-hosted on Selectel) |
We do not sell or transfer personal data to advertising networks. No cross-border data transfers are made.
For document editing we use SuperDoc (AGPLv3) — an open-source library that runs in your browser. Source code is available at github.com/superdoc-dev/superdoc.
5. Data Storage Location
In accordance with Article 18.1 of Federal Law No. 152-FZ, all personal data of Russian citizens is recorded, systematized, stored, updated, and retrieved using databases located within the Russian Federation.
Data center: Selectel, St. Petersburg, Russia.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion by user. After deletion — 30 days (recovery period), then permanent deletion |
| Verification codes (OTP) | 10 minutes (code TTL), records cleared after 24 hours |
| Student invitations | 48 hours (validity), cleared after 7 days |
| Financial records | Until account deletion (anonymized upon deletion) |
| Learning materials and files | Until account deletion, then removed from storage |
| Technical logs | Rotation: 50 MB × 3 files (Docker logging) |
| Rate-limit data (Redis) | 1 to 60 minutes (automatic TTL) |
7. Your Rights
Under Chapter 3 of FZ-152, you have the right to:
- Access — obtain confirmation of processing and a copy of your data.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your data where there is no legal basis for retention.
- Restriction — request suspension of processing in cases provided by FZ-152.
- Portability — receive your data in a structured format (JSON/CSV).
- Withdrawal of consent — at any time, without affecting lawfulness of prior processing.
- Complaint — file a complaint with Roskomnadzor (rkn.gov.ru).
To exercise your rights, contact privacy@teacherdesk.ru. Response time: 30 days.
You can delete your account yourself in Settings → Delete Account. After email confirmation, your account is deactivated immediately and data is permanently deleted after 30 days. Recovery is possible during this period via support.
8. Children's Data
Processing of personal data of persons under 14 is carried out exclusively with written consent of parents or legal guardians in accordance with Article 9 of FZ-152.
Persons aged 14 to 18 may independently consent to the processing of their personal data.
If we discover that data of a person under 14 was processed without a legal guardian's consent, we will immediately delete such data.
To submit guardian consent, contact privacy@teacherdesk.ru.
9. Cookies and Analytics
We use cookies for service functionality, analytics, and personalization. See our Cookie Policy for details.
We use PostHog analytics hosted on our own servers in the Russian Federation (self-hosted). No data is transferred outside Russia. We collect depersonalized data: pages visited, action types, error information.
You may disable analytics cookies via browser settings or the consent mechanism on the site. Disabling essential cookies may impair service functionality.
10. Contact
For questions about personal data processing: privacy@teacherdesk.ru
Data Controller: IE Bulitko Andrey Viktorovich, Moscow Region, Russia
Regulator: Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor), rkn.gov.ru.