Version: 1.0 Effective date: [[EFFECTIVE_DATE]] Applicable law: Russian Federal Law No. 152-FZ on Personal Data; Regulation (EU) 2016/679 (GDPR); California Consumer Privacy Act (CCPA / CPRA).

TL;DR

This summary does not replace the full text below. The detailed provisions in §§ 1–14 are legally binding.

We are LoveBooster, an AI service helping users better understand their relationships and the psychology of communication.
We process your profile, your conversations with AI, your photos and psychological inferences. This is special category data — we ask you for separate explicit consent.
Some of this processing is performed by third-party AI providers (Google, OpenAI, and others). Before transmission, we pseudonymise names, phone numbers, e-mails, links and (when enabled) names and locations of third parties.
We do not sell your data and we do not use it to train AI models.
You can at any time download your data, correct it, or delete your account — cascading across all our storage.
The service is not available to minors. The age threshold is 18 years.
Contact: privacy@lovebooster.ru, DPO: dpo@lovebooster.ru.

1. Who we are and who is responsible for your data

1.1. Operator / Controller

The Operator (under 152-FZ) and Controller (under GDPR / CCPA) of personal data is:

Legal name: [[CONTROLLER_LEGAL_NAME]]
Registration number: [[CONTROLLER_REG_NUMBER]]
Registered address: [[CONTROLLER_ADDRESS]]
E-mail: privacy@lovebooster.ru
Service domain: lovebooster.ru

1.2. Person responsible for processing (152-FZ Art. 22.1)

[[RESPONSIBLE_PERSON_NAME]], contact: dpo@lovebooster.ru.

An external DPO has been appointed. Contact: dpo@lovebooster.ru. Requests are handled within the GDPR-mandated time limits (1 month, extendable to 3 months for complex requests with prior notice).

[[EU_REP_NAME]], address: [[EU_REP_ADDRESS]], e-mail: [[EU_REP_EMAIL]]. Data subject access requests and complaints from EU/EEA residents may be addressed directly to the representative.

1.5. Contact for CCPA / California residents

California residents may exercise their rights under the CCPA / CPRA by emailing privacy@lovebooster.ru or by using the form at lovebooster.ru/legal/ccpa. See the separate Privacy Notice for California Residents.

2. Scope of this Policy

This Policy applies to processing carried out in connection with:

The use of the lovebooster.ru web application and all subdomains.
The use of the LoveBooster Telegram bot (@lovebooster_bot or equivalent).
Any other communication channels (email support, contact forms, technical requests).

This Policy does not cover third-party services (such as Telegram, Apple, Google as app store platforms), which are governed by their own privacy policies that we do not control.

3. Categories of data we collect and process

We apply the principle of data minimisation: we collect only what is necessary for the specific stated purpose.

3.1. Data you provide directly

Category	Composition	When collected
Account	E-mail, name/nickname, password (stored as argon2id hash), time zone, interface language.	Registration.
Age and 18+ confirmation	Date of birth or explicit confirmation of majority.	Registration.
Profile	Gender, orientation (optional), brief self-presentation, goals of using the service.	Onboarding, optional.
Conversations with AI	Text of your messages to the AI assistant, context of discussed situations, quotes from your real conversations (if you upload them for analysis).	Use of chat and analysis features.
Photographs	Profile photo, intro photo, photos for vision analysis features (if you provide them).	At your initiative.
Third-party data	Names, descriptions, quotes from messages of your contacts, friends, partners (when you add them for relationship analysis). See § 3.4.	At your initiative.
Payment data	We do not store full card details — these are processed by the payment provider (YooKassa and/or equivalent). We retain: transaction ID, amount, currency, date, masked card number (****1234), payment method.	When subscribing.

3.2. Data we receive automatically

Category	Composition	Purpose
Technical data	IP address (pseudonymised after geolocation), device type, OS, browser, screen resolution, session identifier.	Security, anti-fraud, analytics.
Behavioural data	Actions in the interface (clicks, screen transitions, time on page), without recording the content of your messages.	Product improvement, debugging.
Cookies and similar technologies	See the separate Cookie Policy.	Authentication, analytics (with consent), functional settings.
Security logs	Login/logout events, password recovery attempts, suspicious activity.	Account protection.

The service, by its very nature, processes data that GDPR treats as special categories:

Psychological profile: attachment style, dominant emotions, communication patterns;
Proxy data on sexual orientation (through your indication of the gender of partners you seek — seeking);
Information on psychological well-being;
Biometric data when processing photographs of faces (see § 3.5).

These data are processed solely on the basis of your explicit consent (GDPR Art. 9(2)(a)), which you provide as a separate action upon registration and which you may withdraw at any time (with corresponding features ceasing to be available).

We do NOT directly collect data on:

religious or political beliefs,
trade union membership,
medical diagnoses,
racial or ethnic origin.

If you mention such information in free text, we apply a technical filter that removes such fragments before they are saved into your long-term psychological portrait (see § 7.4).

3.4. Third-party data

When you add to the service information about your contacts (names, message fragments, descriptions), these persons also become data subjects.

We apply the following minimisation measures:

Pseudonymisation of the contact's name in storage: the name is stored in a protected form; the clear name is visible only to you in your interface;
Replacement of direct identifiers (name, phone, e-mail, @username) with placeholders before transmission to the AI provider;
Pseudonymisation of names and places in free text (when the NER feature is active — see § 7.3) with rehydration that takes place only locally, without transmitting real names to external providers;
The principle of «observed behaviour, not personality labels»: psychological inferences about third parties are framed as descriptions of patterns you observe, not as diagnoses.

You are responsible for having an appropriate legal basis for adding third-party data (GDPR Art. 6; 152-FZ Art. 6). The third party may approach us with requests under their rights (§ 9) — we will review the request and, where appropriate, delete the data.

3.5. Biometric data (photographs of faces)

If you upload photographs of faces (your own or — with their permission — those of other persons) for vision analysis features, this data is classified as biometric.

Separate explicit consent is requested before the first such processing.
Photographs are transmitted to the AI provider for analysis and deleted from temporary storage within 24 hours of processing.
Biometric vectors / embeddings (mathematical representations of faces) are not retained in our systems after the analysis result has been produced.
Uploading photographs of faces of minors is strictly prohibited.
You may disable vision features in settings at any time, which will end further biometric processing.

4. Purposes of processing and legal bases

Each category of data is processed for a specific stated purpose and on a specific legal basis.

4.1. Purpose — category — basis table

Purpose	Data used	GDPR basis	152-FZ basis
Registration and identification	Account, age	Art. 6(1)(b) — performance of contract	Art. 6(1)(5) — contract performance
Core service functionality (chat, sections, recommendations)	Profile, conversations	Art. 6(1)(b)	Art. 6(1)(5)
Psychological analysis, attachment style assessment, relationship recommendations	Special categories (§ 3.3)	Art. 9(2)(a) — explicit consent	Art. 10(2)(1) — written consent
Vision analysis of photographs	Biometrics (§ 3.5)	Art. 9(2)(a) — separate explicit consent	Art. 11(2) — biometric consent
Payments and compliance with accounting law	Payment data	Art. 6(1)(b) + Art. 6(1)(c) — legal obligation	Art. 6(1)(2) — fulfilment of obligations
Security, anti-fraud, abuse prevention	Technical, behavioural, logs	Art. 6(1)(f) — legitimate interest (LIA performed, balancing test passed)	Art. 6(1)(7) — legitimate interests of the operator
Marketing communications (product news, recommendations)	E-mail, name, behavioural	Art. 6(1)(a) — consent (separate opt-in)	Art. 6(1)(1) — consent
Analytics and marketing cookies	See Cookie Policy	Art. 6(1)(a) — consent + ePrivacy	Art. 6(1)(1)

4.2. Prohibition of incompatible use

We do not use your data for purposes other than those stated above without obtaining new consent or another legal basis. In particular:

❌ We do not transfer your data to third parties for their own marketing;
❌ We do not sell your data (for CCPA purposes this means: No sale of personal information, No sharing for cross-context behavioural advertising);
❌ We do not use your data to train AI models (neither ours nor those of our AI providers — see § 5.3).

4.3. Automated decision-making and profiling

The service builds a psychological portrait based on your input (profiling within the meaning of GDPR Art. 4(4)). This portrait is used for:

individual recommendations (what to discuss, which exercises to try),
adapting the AI assistant's style to your emotional tone.

We do not make any decisions with legal effects based on this profiling (no automated decisions on credit, insurance, employment, etc.). You may at any time:

request details of the profiling logic (§ 9),
restrict or disable profiling, which is equivalent to withdrawing consent for special-category processing (with the relevant features ceasing).

5. Recipients of your data (sub-processors)

We engage third-party data processors (processors / sub-processors) only where necessary to provide the service. The full register is kept up to date and published below.

5.1. AI providers (text and image processing)

Provider	Legal entity	Jurisdiction	What is transferred	Transfer basis
Google (Gemini API via Vertex AI)	Google LLC / Google Ireland Ltd	USA / Ireland	Prompt text after pseudonymisation; images for vision features. Primary AI provider.	SCC Module 2 (Controller → Processor) + Google Cloud DPA + EU Data Boundary where available.
OpenAI	OpenAI, L.L.C.	USA	Prompt text after pseudonymisation. Fallback and specialised chains.	SCC Module 2 + OpenAI Data Processing Addendum + zero-retention endpoint.
DeepSeek (status: under review — see STRATEGIC_DECISIONS.md SD-3)	Hangzhou DeepSeek Artificial Intelligence Co., Ltd.	PRC	If used — prompt text after pseudonymisation.	SCC Module 2 + supplementary measures; currently use may be suspended for EU/EEA residents.

5.2. Infrastructure

Purpose	Provider	Jurisdiction	What is processed
Backend hosting	`[[HOSTING_PROVIDER]]`	`[[HOSTING_REGION]]` (for personal data of Russian citizens — Russian Federation; see § 3.3 of 152-FZ)	All server-side data.
Postgres database	self-hosted	as above	Structured data.
Object storage for media (MinIO, S3-compatible)	self-hosted	as above	Photos, audio, export artifacts.
Cache and queues (Redis)	self-hosted	as above	Sessions, task queues (Celery).
CDN / DDoS protection	`[[CDN_PROVIDER]]` (if applicable)	global	Technical request metadata.

5.3. What we do NOT do with your data

❌ We do not train AI models on your data — neither ours nor providers'. With Google Vertex AI and OpenAI API we use settings that exclude data from training; with other providers we require equivalent guarantees in the DPA.
❌ We do not sell personal data to third parties under any circumstances (for CCPA this includes share for cross-context behavioural advertising).
❌ We do not transmit data to ad networks, data brokers, or analytics aggregators.
❌ We do not use data for targeted advertising outside our service.

5.4. Disclosure required by law

We may disclose data to authorised state bodies if expressly required by law applicable to us (e.g., court order, lawful enforcement request following due procedure).

In such cases we:

verify the legitimacy of the request;
where possible, notify you (unless prohibited by law);
provide the minimum necessary scope of data;
maintain a public transparency report (lovebooster.ru/legal/transparency).

6. International data transfers

6.1. Principle

Some of our processors are located outside the Russian Federation and the European Economic Area (EEA). Transfers of data to such jurisdictions (transfer to third country) are carried out on the following bases.

6.2. Transfers to the USA (Google, OpenAI)

GDPR basis: Standard Contractual Clauses (SCC) Module 2 (Controller → Processor) under Implementing Decision (EU) 2021/914 + supplementary technical measures (pseudonymisation at the transfer boundary). The EU-US Data Privacy Framework adequacy decision applies to Framework participants.
152-FZ basis: Art. 12 — transboundary transfer to a country providing adequate protection, with the consent of the subject; with notification of Roskomnadzor (Art. 12(4)).
Transfer Impact Assessment has been performed — see TIA Schrems II.

6.3. Transfers to the PRC (DeepSeek, if used)

The use of DeepSeek for EU/EEA residents may currently be suspended following DPO recommendations; see STRATEGIC_DECISIONS.md SD-3.
If used — on the basis of SCC Module 2 + enhanced supplementary measures + explicit disclosure in this Policy.
The current status of DeepSeek in our infrastructure is always reflected in the current version of this Policy and in the recipients register.

6.4. Right to request a copy of SCC

You may request a copy of the SCC and a description of supplementary measures by emailing dpo@lovebooster.ru.

7. How we protect your data

7.1. Technical measures

TLS 1.2+ for all connections with users and between services (HSTS, certificate pinning where applicable).
Encryption at rest for the database and object storage.
Passwords — argon2id (memory-hard hashing).
Sessions — HttpOnly + Secure + SameSite=Lax cookies; no tokens in URLs or localStorage.
Least-privilege database access (separate roles for application and migrations).
Rate limiting at the NGINX layer and at the application layer (targeted for sensitive endpoints).
Regular security audit of dependencies (pip-audit, npm audit).

7.2. Organisational measures

Access to production data — on a least-privilege basis, with logging.
Team training on data minimisation and security-by-design.
Non-disclosure agreements (NDA) with all employees and contractors.
Regular internal audit checks (at least annually).

7.3. Pseudonymisation before the AI provider

Before sending text to third-party AI providers, we apply multi-layer pseudonymisation:

Structural identifiers (e-mail, phone, @username, links, known contact names): replaced with placeholders [User], [Contact], [Name].
Names and places in free text (when the NER feature based on Microsoft Presidio is active): replaced with reversible tokens with grammatically correct morphological inflection for Russian; the real name is restored locally only on receipt of the response.
Protection against leakage: in the event of a failure of the pseudonymisation module, the request is not transmitted to the provider (fail-safe rather than fail-open).

Important clarification. These measures constitute pseudonymisation (GDPR Art. 4(5)), not anonymisation. Locally (in our systems) the possibility of restoring the link is preserved. For the AI provider the data do not identify you directly through structural identifiers, but we do not claim that re-identification is impossible by other means (e.g., through context).

7.4. Filtering of special categories

Before saving the long-term psychological portrait, an automatic filter is applied that removes fragments relating to religious beliefs, political views, medical diagnoses, and direct statements about orientation.

7.5. Incident response

In the event of a leak or unauthorised access to personal data we:

Notify the relevant supervisory authority within 72 hours (Roskomnadzor for Russia; competent DPA for GDPR — through our EU representative);
Notify affected users where the incident creates a significant risk to their rights and freedoms (GDPR Art. 34);
Document the incident and measures taken in an internal breach log;
Publish a post-mortem (without disclosing sensitive details) where the incident is material.

8. Retention periods

Data category	Retention period	Basis
Account and profile	Until deletion by you or until 365 days of inactivity (with 30-day prior warning).	Storage limitation.
Soft-delete (after deletion request)	14 days grace period, then irreversible deletion.	Protection against accidental data loss.
Conversation history with AI	90 days rolling window, then automatic purge.	Storage limitation.
Psychological portrait	365 days of last activity → degradation → 30 days warning → deletion.	Storage limitation; T-071.
Photographs for vision analysis	Up to 24 hours in temporary storage; then deletion. Vectors / embeddings are not retained.	Biometric minimisation.
Payment data (for accounting)	5 years after transaction.	Russian Tax Code Art. 23; equivalent EU member-state requirements.
Security logs	90 days.	Balance of security and minimisation.
Cookie consent log	Duration of consent + 3 years audit trail.	Consent proof (GDPR Art. 7(1)).
DSAR / erasure request log	3 years.	Audit trail.
Marketing engagement	2 years after last engagement.	Minimisation.
Anonymised analytical data (after account deletion)	Indefinite, but without user_id, in anonymised form.	No longer personal data after irreversible anonymisation.

9. Your rights

You have the following rights with respect to your personal data.

We apply the GDPR standard to all users, regardless of their place of residence.

Right	Description	How to exercise
Access (Art. 15)	Confirmation of whether we process your data and obtaining a copy.	Settings → "Export data" or request to `privacy@lovebooster.ru`.
Rectification (Art. 16)	Correction of inaccurate or incomplete data.	Profile settings; for system fields — by request.
Erasure ("right to be forgotten", Art. 17)	Deletion of all your data, save for those we are required to retain by law.	Settings → "Delete account". Cascading deletion.
Restriction of processing (Art. 18)	Temporary freeze of processing in disputed situations.	Request to `privacy@lovebooster.ru`.
Data portability (Art. 20)	Receiving your data in a machine-readable format (JSON).	Settings → "Export data".
Object (Art. 21)	Objection to processing based on legitimate interest (e.g., marketing).	Settings → "Notifications"; email unsubscribe.
Not be subject to automated decision-making (Art. 22)	Right not to be subject to a decision based solely on automated processing producing legal effects.	Request to `privacy@lovebooster.ru` (see § 4.3).
Withdraw consent	Withdrawal of explicit consent for special category or marketing.	Settings → "Privacy" (separate toggles).
Complaint (Art. 77)	Complaint to a supervisory authority.	See § 10.

9.2. Rights under 152-FZ (for subjects in the Russian Federation)

Correspond to GDPR rights (see Arts. 14, 20, 21 of 152-FZ). Additionally:

Right to require clarification of personal data, blocking or destruction in case of unlawful processing (Art. 14(1)).
Right to obtain information on the composition of processed personal data (Art. 14(7)) — implemented through export.

9.3. Rights under CCPA / CPRA (for California residents)

See the separate Privacy Notice for California Residents. In brief: Right to Know, Right to Delete, Right to Correct, Right to Opt Out of Sale / Sharing (we do not sell — "Do Not Sell My Personal Information" is not applicable, but the right is declared), Right to Non-Discrimination for exercising rights.

9.4. How we handle requests

Response time: 30 calendar days (may be extended up to 90 days for complex requests with prior notice).
Identification: we ask you to confirm that you are the data subject (through your account or alternative means; we do not request excessive data).
Free for the first request per year; for repetitive, manifestly unfounded, or excessive requests — we may charge a reasonable fee or refuse with reasons given.
If refused — we state the reason and the right of complaint to the supervisory authority.

9.5. Irreversibility of transfer

If your data has already been transmitted to an AI provider and processed on their side, we are unable to revoke the transmission. However:

We require providers to apply zero-retention or no-training settings limiting retention and use on their side;
On account deletion we delete all data on our side;
In the event of a data breach at the provider — we act in accordance with § 7.5.

10. Complaints and supervision

You may lodge a complaint with:

Russian Federation: Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) — rkn.gov.ru.
European Union / EEA: the supervisory authority of your habitual residence, place of work, or the place of the alleged infringement. The list is available on the European Data Protection Board's website (edpb.europa.eu). Through our EU representative — see § 1.4.
California: California Privacy Protection Agency (cppa.ca.gov).

We recommend first contacting us (dpo@lovebooster.ru) — most issues are resolved without regulatory involvement.

11. Minors

The service is not intended for persons under 18 years of age. We do not knowingly collect data from such persons. On discovery that a minor has registered:

The account is blocked;
All data is deleted within 30 days;
Where a legal guardian is identifiable — a notification is sent to them (if the contact is available).

If you are a parent or legal guardian and believe that your child has registered with the service, please contact us: privacy@lovebooster.ru.

12. Cookies and similar technologies

See the separate Cookie Policy.

In brief: we use strictly necessary cookies (for authentication, without which the service does not function) and (with your consent through the cookie banner) cookies for analytics and product improvement. Marketing cookies — only on explicit opt-in.

13. Changes to this Policy

We may update the Policy. Principles of change:

Material changes (new recipient of data, change of processing purposes, expansion of categories collected): notice 30 days prior to entry into force via email + in-app notification + re-consent where required.
Non-material changes (clarification of wording without expansion of processing): in-app notification, no re-consent required.
The full version history — see Changelog.
Previous versions are archived and available on request.

14. Contacts

Type of request	Contact
Privacy requests (DSAR, deletion, rectification)	`privacy@lovebooster.ru`
Data Protection Officer	`dpo@lovebooster.ru`
Security incidents, responsible disclosure	`security@lovebooster.ru`
General support	`support@lovebooster.ru`
EU representative	`[[EU_REP_EMAIL]]`, address: `[[EU_REP_ADDRESS]]`
Controller's postal address	`[[CONTROLLER_ADDRESS]]`

This Policy is drafted in Russian and English. The versions are synchronised. In case of discrepancies — the Russian version prevails for residents of the Russian Federation; the English version prevails for residents of the EU/EEA. For other jurisdictions — the version in the language in which consent was obtained.