Privacy Policy

This Privacy Policy describes what personal data Gcardus collects, how it is used, stored, and protected.

By using the Service, you agree to this Policy. This Policy complies with Russian Federal Law No. 152-FZ "On Personal Data".

Gcardus is the data controller.

Contact: closegamer@mail.ru

Registration: email address (required), display name (optional).

Payment: payment date and selected plan. Card data is processed solely by YooKassa — we never receive or store it.

Technical: IP address, browser User-Agent, login timestamps. Required for security purposes.

We do not use third-party analytics trackers and do not share data with advertising networks.

Contract performance: providing Service access, managing subscriptions, processing payments.

Legitimate interest: account security and fraud prevention.

Legal obligation: retaining payment records as required by law.

We do not use personal data for targeted advertising and do not sell it to third parties.

YooKassa — payment processor. We share: payment amount, order ID, user ID. No card data is shared with us.

Data may be disclosed to government authorities upon lawful request.

No other third-party sharing occurs without your explicit consent.

Account data (email, name): retained until account deletion.

Payment records: retained 5 years per Russian tax law requirements.

Technical logs: retained 90 days, then automatically deleted.

You have the right to: access a copy of your data, correct inaccuracies, delete your account and associated data (except data legally required to be retained), restrict processing, withdraw consent.

To exercise these rights, contact: closegamer@mail.ru. We respond within 30 days.

We use only technically necessary cookies:

NEXT_AUTH_SESSION_TOKEN — authentication session token. Lifetime: 30 days.

NEXT_LOCALE — interface language preference. Lifetime: 1 year.

No marketing, analytics, or advertising cookies are used.

Passwords are stored as bcrypt hashes (cost factor 12). Plain-text passwords are never accessible.

All connections are secured by HTTPS/TLS.

In the event of a data breach, users will be notified within 72 hours as required by applicable law.

We may update this Policy with 10 days' notice via the Service interface or email.

closegamer@mail.ru