Privacy Policy - makeui.dev

1. General Provisions

1.1. This Privacy Policy (hereinafter — "Policy") defines the procedure for processing and protecting personal data of users of the website https://makeui.dev/ (hereinafter — "Website").

1.2. The Personal Data Operator is:

Individual Entrepreneur Andreevsky Alexey Alexandrovich
OGRNIP: 323547600205874
INN (Tax ID): 540823009255
Address: Novosibirsk, Russia
Email: andreewsky.alexey@gmail.com
Telegram: @AlexeyTripleA

(hereinafter — "Operator")

1.3. This Policy has been developed in accordance with:

Federal Law No. 152-FZ "On Personal Data";
Federal Law No. 149-FZ "On Information, Information Technologies and Information Protection".

1.4. The Policy applies to all personal data that the Operator may receive from the User when using the Website.

1.5. Use of the Website means the User's unconditional consent to this Policy and the terms of personal data processing specified herein.

2. Terms and Definitions

2.1. Personal data — any information relating to a directly or indirectly identified or identifiable individual (personal data subject).

2.2. Operator — an individual entrepreneur who independently or jointly with other persons organizes and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.

2.3. User — an individual using the Website.

2.4. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.5. Confidentiality of personal data — a mandatory requirement for the Operator or other person who has gained access to personal data not to allow their distribution without the consent of the personal data subject or other legal grounds.

3. Composition of Personal Data

3.1. The Operator processes the following categories of personal data:

3.1.1. Data provided by the User during registration:

Email;
Password (in encrypted form, PBKDF2-SHA256).

3.1.2. Data automatically collected when using the Website:

Date and time of visit;
Pages of makeui.dev that the User visited.

3.1.3. Data related to the use of the service:

Text prompts for style guide generation;
Order history;
Payment information (transaction number, amount, date).

Important: Full bank card data is NOT collected or stored by the Operator.

3.1.4. Data stored locally (browser localStorage):

Authorization tokens (JWT access/refresh tokens);
UI settings (theme, language, display preferences);
Incomplete prompts for generation;
Data cache (project list, style guide previews for fast loading).

3.2. The Operator does NOT collect special categories of personal data (racial, ethnic origin, political views, religious or philosophical beliefs, health status, intimate life).

3.3. The Operator does NOT collect biometric personal data.

4. Purposes of Personal Data Processing

4.1. The Operator processes personal data for the following purposes:

4.1.1. Providing access to the Website and its functionality:

User registration and authorization;
User identification;
Ensuring the operation of the personal account.

4.1.2. Providing style guide generation services:

Order processing;
Generating style guides based on prompts and references;
Providing results to the User;
Storing order history.

4.1.3. Payment processing:

Conducting financial transactions;
Generating and sending electronic receipts (54-FZ);
Accounting for paid services.

4.1.4. Communication with the User:

Sending notifications about order status;
Technical support;
Responding to requests;
Informing about changes in the Website operation.

4.1.5. Improving service quality:

Analyzing Website usage (anonymized statistics);
Identifying and eliminating technical problems;
Developing new features.

4.1.6. Compliance with legal requirements:

Compliance with 54-FZ requirements (online cash registers);
Compliance with tax legislation requirements;
Providing information at the request of authorized bodies.

4.2. Personal data processing is carried out on the basis of:

User consent (by accepting the offer and using the Website);
The necessity of contract (offer) performance;
Legitimate interests of the Operator.

5. Methods and Terms of Personal Data Processing

5.1. Personal data processing is carried out using automation tools and includes the following actions:

Collection;
Recording;
Systematization;
Accumulation;
Storage;
Clarification (updating, modification);
Extraction;
Use;
Depersonalization;
Blocking;
Deletion;
Destruction.

5.2. Personal data is processed using databases located on the territory of the Russian Federation (TimeWeb Cloud hosting).

5.3. Personal data processing terms:

5.3.1. Account data:

Stored during the period of account existence;
Upon account deletion — deleted immediately.

5.3.2. Order and payment history:

Stored for 5 years (tax legislation requirement).

5.3.3. Technical logs:

Stored for 90 days.

5.3.4. Prompts and generated style guides:

Stored indefinitely (as long as the User's account exists).

5.4. After the expiration of storage periods, personal data is deleted or anonymized.

6. Use of Local Data Storage Technologies

6.1. To ensure the operation of the Website, local data storage technology in the User's browser is used — localStorage.

6.2. localStorage — is a client-side data storage built into the browser. Data is stored exclusively on the User's device.

6.3. What is stored in localStorage:

Authorization tokens (JWT access/refresh tokens) — to maintain the session;
User interface settings (theme, language);
Data cache for faster operation;
Incomplete prompts.

6.4. The Operator does NOT have direct access to data stored in localStorage on the User's device.

6.5. Data in localStorage is tied to the Website domain and is not accessible to other websites.

6.6. The User can delete data from localStorage at any time through browser settings:

Chrome: Settings → Privacy and Security → Clear browsing data;
Firefox: Settings → Privacy & Security → Clear Data;
Safari: Settings → Privacy → Manage Website Data;
Edge: Settings → Privacy → Clear browsing data.

6.7. Deleting data from localStorage will result in logging out of the account and resetting user settings.

6.8. Cookies: The Website uses only technical cookies (session cookies for authorization, CSRF tokens):

HttpOnly: Yes;
Secure: Yes (HTTPS only);
SameSite: Lax;
Expiration: Session cookies (deleted when browser is closed).

7. Transfer of Personal Data to Third Parties

7.1. The Operator transfers personal data to the following third parties:

7.1.1. Robokassa payment service:

Data transferred: Email, payment amount, order number, IP address;
Purpose: payment processing;
Legal basis: necessity for contract performance;
Privacy Policy: https://robokassa.com/privacy-policy/

7.1.2. Receipt fiscalization (built into Robokassa):

Service: Built-in Robokassa fiscalization;
Data transferred: Email (for sending receipt), payment data;
Purpose: compliance with 54-FZ requirements;
Note: Robokassa independently provides fiscalization and data transfer to OFD.

7.1.3. TimeWeb Cloud hosting provider:

Server location: Russia (data centers in the Russian Federation);
Role: Providing server infrastructure;
Data access: Technical (physical access to servers without processing personal data);
Stored data: Database, uploaded reference files, style guides, backups.

7.1.4. Anthropic Claude API AI provider:

Country: USA;
Data transferred: Text prompts for style guide generation, anonymized user UUID, project ID;
Purpose: Generating style guides using artificial intelligence;
Privacy Policy: https://www.anthropic.com/privacy
Note: Data is used only for request processing and is not stored by Anthropic.

7.2. The Operator does NOT sell, exchange, or transfer personal data to third parties for marketing purposes.

7.3. The Operator may transfer personal data at the request of authorized government bodies in cases provided by the legislation of the Russian Federation.

7.4. When transferring data to third parties, the Operator requires them to ensure the confidentiality and security of personal data.

8. Cross-Border Transfer of Personal Data

8.1. To ensure the operation of the style guide generation service, the Operator uses APIs of third-party services located outside the Russian Federation.

8.2. Data transferred:

Text prompts (style guide descriptions);
Anonymized user identifier (UUID);
Project ID.

8.3. Data recipients:

Anthropic Claude API;
Country: USA;
Purpose: generating style guide using artificial intelligence.

8.4. The Operator ensures an adequate level of personal data protection during cross-border transfer.

8.5. By using the Website, the User consents to the cross-border transfer of the specified data.

9. Personal Data Protection

9.1. The Operator takes the necessary and sufficient legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions.

9.2. Technical protection measures:

SSL/TLS encryption (HTTPS) for data protection during transmission;
Password encryption using PBKDF2-SHA256 (600,000 iterations);
SQL injection protection (Django ORM with parameterized queries);
XSS protection (SECURE_BROWSER_XSS_FILTER, SECURE_CONTENT_TYPE_NOSNIFF, automatic template escaping);
CSRF protection (CsrfViewMiddleware, CSRF_TRUSTED_ORIGINS, secure cookies);
Clickjacking protection (XFrameOptionsMiddleware);
HSTS (HTTP Strict Transport Security, 1 year);
Uploaded file validation (type/size checks, PIL image verification);
Regular data backup (once a month).

9.3. Organizational measures:

Limiting the number of persons with access to data;
Access control for personal data.

9.4. Legal measures:

Contracts with personal data processors;
Documentation of data processing procedures.

9.5. The Operator does not control and is not responsible for third-party websites that the User may visit via links available on the Website.

10. User Rights

10.1. The User has the right to:

10.1.1. Receive information regarding the processing of their personal data:

Confirmation of processing;
Legal grounds for processing;
Processing purposes;
Applied processing methods;
Name and location of the Operator;
Persons to whom personal data may be disclosed;
Processing terms.

10.1.2. Require clarification, blocking, or deletion of personal data if it is incomplete, outdated, inaccurate, or obtained illegally.

10.1.3. Withdraw consent to personal data processing.

10.1.4. Receive a copy of their personal data in a structured, machine-readable format.

10.1.5. Appeal the actions or inaction of the Operator to Roskomnadzor or in court.

10.2. To exercise their rights, the User sends a written request to email: andreewsky.alexey@gmail.com

10.3. The request must contain:

Email specified during registration;
The essence of the requirement.

10.4. The Operator reviews the request and sends a response within 30 days from the date of receipt of the request.

10.5. Upon withdrawal of consent to personal data processing, the Operator ceases their processing and deletes personal data within a period not exceeding 30 days, unless otherwise provided by contract or legislation of the Russian Federation.

10.6. Deletion of personal data may make further use of the Website and its services impossible.

11. Personal Data of Minors

11.1. The Website is not intended for persons under 18 years of age.

11.2. The Operator does not intentionally collect personal data of minors.

11.3. If the Operator becomes aware that personal data of a minor has been collected without the consent of parents or legal representatives, such data will be deleted immediately.

11.4. If parents or legal representatives discover that a minor has provided personal data without their consent, they should contact: andreewsky.alexey@gmail.com

12. Changes to the Privacy Policy

12.1. The Operator has the right to make changes to this Policy unilaterally.

12.2. The new version of the Policy takes effect from the moment it is posted on the Website, unless otherwise provided by the new version.

12.3. The current version of the Policy is always available at: https://makeui.dev/privacy

12.4. The User is recommended to regularly check the terms of the Policy for changes.

12.5. Continued use of the Website after changes are made means the User's agreement with the new version of the Policy.

13. Contact Information

13.1. For all questions related to personal data processing, the User may contact:

Email: andreewsky.alexey@gmail.com
Telegram: @AlexeyTripleA
Response time: up to 24 hours (Mon-Fri 12:00-20:00 Moscow time)

Individual Entrepreneur: Andreevsky Alexey Alexandrovich
OGRNIP: 323547600205874
INN (Tax ID): 540823009255
Address: Novosibirsk, Russia

13.2. Authorized body for the protection of personal data subjects' rights:

Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)
Address: 109074, Moscow, Kitaygorodsky proezd, 7, building 2
Phone: 8 (800) 707-77-07
Website: https://rkn.gov.ru

14. Final Provisions

14.1. This Policy has been developed in accordance with the legislation of the Russian Federation.

14.2. All disputes arising from relations regulated by this Policy shall be resolved in accordance with the legislation of the Russian Federation.

14.3. The law of the Russian Federation applies to this Policy and relations between the User and the Operator.

Last updated: January 17, 2026

Version: 2.0