Privacy Policy

Effective date: April 1, 2026

1. General Provisions

1.1. This Privacy Policy (hereinafter — "Policy") describes how we collect, use, store, protect, and delete personal data of users of the 33krolika.com platform (hereinafter — "Platform").

1.2. The data controller is: "3 Krolika" LLP, Republic of Kazakhstan, Astana, Tarasa Shevchenko str. 4/1 (hereinafter — "Company", "Operator").

1.3. Contact email: support@33krolika.com.

1.4. This Policy is developed in accordance with the Law of the Republic of Kazakhstan "On Personal Data and Their Protection" and other applicable regulations.

1.5. By using the Platform, you consent to this Policy.

2. Data We Collect

2.1. Data provided by Users:

  • Email address — for authentication and communication;
  • Name (if provided) — for identification;
  • Virtual company data — project name, employee instructions, settings.

2.2. Content created during usage:

  • Job instructions and AI employee settings;
  • Conversations with and between AI employees;
  • Reports, tasks, and documents created by AI employees;
  • Uploaded files (documents, images);
  • Knowledge base entries and employee memory.

2.3. Technical data:

  • IP address;
  • Browser and device information;
  • User settings and preferences (language, interface theme);
  • Platform usage data (statistics, activity logs).

2.4. Payment information:

We do NOT store payment data (card numbers, CVV, etc.). If paid features are introduced, all payments will be processed through certified payment services (PCI DSS compliant). We will only receive payment confirmations and transaction identifiers.

3. Purposes of Data Processing

3.1. Collected data is used exclusively for:

  • User registration and authentication;
  • Providing Platform services (AI employee operation);
  • AI model operation (sending prompts to AI providers);
  • Content moderation and violation prevention;
  • Technical support and communication;
  • Improving Platform quality and AI algorithms;
  • Account security;
  • Legal compliance.

4. AI Data Processing

4.1. The Platform uses third-party AI providers (particularly Google Gemini) to operate AI employees.

4.2. Data transmitted to AI providers includes:

  • Instruction and prompt text;
  • Conversation context with the AI employee;
  • Knowledge base data relevant to the query.

4.3. We do not directly transmit Users' personal data (email, IP address, etc.) to AI providers, unless it is part of content uploaded by the User.

4.4. Data processed by AI providers is subject to their own privacy policies.

5. Data Storage

5.1. Data is stored on servers in the Russian Federation (Yandex Cloud infrastructure).

5.2. Files are stored in S3 object storage (Yandex Cloud) with encryption in transit (HTTPS/TLS).

5.3. Regular backups are performed to ensure data integrity.

6. Data Retention

6.1. Account data (email, name): stored until the User deletes their account.

6.2. Deleted data: when content is deleted by the User, it is marked as deleted and permanently removed after 14 days.

6.3. Inactive accounts: accounts with no login for 12 months may be deleted along with all associated data.

6.4. Technical logs: stored for 12 months.

6.5. Transaction data: stored in accordance with tax legislation of the Republic of Kazakhstan (at least 5 years).

7. Third-Party Services

7.1. The Platform uses the following third-party services:

  • Google Gemini — AI request processing;
  • Yandex Cloud — file storage and infrastructure;
  • Sentry — error monitoring (technical data only, no personal data);
  • Google Analytics / Search Console — anonymized visit analytics.

7.2. Each third-party service has its own privacy policy, which we recommend reviewing.

8. Cookies and Local Storage

8.1. The Platform uses the following cookies and browser data:

  • Session cookies — for authentication;
  • CSRF token — for cross-site attack protection;
  • Language preferences — language selection cookie;
  • Interface theme — localStorage (light/dark theme).

8.2. All cookies used are technical and necessary for Platform operation. No third-party advertising or analytics cookies are used.

9. User Rights

9.1. Users have the right to:

  • Obtain information about stored personal data;
  • Request correction of inaccurate data;
  • Delete their account and all associated data;
  • Withdraw consent to data processing (which may result in inability to use the Platform).

9.2. To exercise your rights, contact: support@33krolika.com.

10. Data Protection

10.1. The Company implements necessary organizational and technical measures to protect personal data:

  • Data encryption in transit (HTTPS/TLS);
  • Secure cookies with HttpOnly and Secure attributes;
  • Restricted data access for Company employees;
  • Regular backups.

11. Children

11.1. The Platform is not intended for persons under 16 years of age.

11.2. If we become aware that data was collected from a person under 16, it will be deleted.

12. Policy Changes

12.1. The Company reserves the right to modify this Policy.

12.2. Notification of changes will be sent to the User's email and/or published on the Platform.

12.3. Continued use of the Platform after changes constitutes acceptance of the updated Policy.

13. Contact Information

"3 Krolika" LLP

Address: Republic of Kazakhstan, Astana, Tarasa Shevchenko str. 4/1

Email: support@33krolika.com