Summary
Summary
Violet stores only what is needed for the product to work. We do not share data with advertisers, do not build behavioral profiles, do not use marketing trackers. The full list of sub-processors, retention periods, and your rights as a data subject — below.
The full technical version of the document is available in the repository: docs/PRIVACY.md.
§1. Data operator
At this stage the product is run as a private project by @mishinone. At commercial release, the operator will be a sole proprietor or LLC — details will appear here.
Contact for personal-data questions: Telegram @mishinone.
§2. What data we process
Registration data
- Email — for login, recovery, and important notifications.
- Name — for display in the interface.
- Avatar (optional) — for the UI.
- Password — stored as a scrypt hash with a unique salt. Plaintext is never stored.
- Google OAuth ID — if you signed up via Google.
Content
Databases, tables, records, chats, documents, and uploaded files — everything you create in the product.
Technical data
- IP address — for rate limiting and security logs, retention 7-30 days.
- User-Agent — for displaying active sessions.
- Cookies — only strictly necessary (auth + CSRF). Not advertising, not analytics.
What we do NOT collect
Precise geolocation, biometrics, advertising tracking pixels, behavioral profiles for targeting.
§3. Legal basis for processing
Per 152-FZ art.6 p.1 sub-p.5 — subject's consent (you agree at registration) + p.3 «performance of a contract» (providing the service).
At this stage consent is expressed by conduct — by registering after reading this policy. At commercial release we will add an explicit checkbox.
§4. Retention periods
| Data | Term |
|---|---|
| Account and content | While you are an active user |
| Records in the «trash» (soft-deleted) | 90 days → hard-delete cron |
| Audit log (RecordEvent) | 90 days |
| Database snapshots | Up to 365 days (tiered: 30 daily + weekly + monthly) |
| IP in server logs | 7-30 days |
| IP in Sentry | 90 days |
| Email confirmation code | 1 hour (TTL in DB) |
| Password reset token | 1 hour (TTL in DB) |
After full account deletion (§7) — all your data is deleted or anonymized as part of the operation. Passwords are hashed with scrypt and a salt. Connections — TLS 1.2 and higher only. Internal staff access policies limit the people who can access production data. Details on the security page.
§5. Whom we share with (sub-processors)
We use third-party services for technical operation. Each receives the minimum data required.
| Vendor | What we share |
|---|---|
| Render (hosting) | HTTP requests, content on creation |
| Neon (Postgres) | All data in the DB |
| S3 provider | Uploaded files |
| Sentry | Stack traces, metadata; PII in logs is redacted |
| Google OAuth | OAuth subject ID + email (if you signed in via Google) |
| SMTP provider | Recipient email + content of the email sent |
| Cloudflare (rollout) | HTTP metadata, IP |
§6. Localization and cross-border transfers
Current hosting (Render) and DB (Neon) are in the US (Ohio region). This is a cross-border transfer under 152-FZ art.12. Legal basis — subject's consent to cross-border transfer (given at registration).
Plan as B2B / government segments grow: localize Postgres in Russia (Yandex Cloud / Selectel) and notify Roskomnadzor.
§7. Your rights
Access to data (art.14)
«Download my data» button in Profile → Privacy. Returns JSON of everything we know about you: profile, databases (own and where you participate), chat messages, API key metadata, push tokens, notifications.
Correction (art.14, art.21)
Email / name / avatar — Profile → Edit. Content — you edit yourself in the product.
Deletion / cessation of processing (art.21)
«Delete account» button in Profile → Privacy. Two-step confirmation (typing-confirm + current password). After confirmation — immediate deletion.
What is deleted: account, API keys, push tokens, passkeys, databases where you are the sole owner, avatar in S3.
What is anonymized (for the integrity of shared data): your chat messages remain, but the author becomes «Deleted user». In the audit log the actor identifier is nulled.
Complaint
If you believe we have broken the law — Roskomnadzor or directly to us.
§8. Security
A detailed technical model is on the Security page. Briefly:
- TLS 1.2+ required, HSTS in prod
- Passwords — scrypt with per-user salt, timing-safe comparison
- JWT in httpOnly+secure+sameSite cookies
- CSP per-request nonce, CSRF double-submit, SSRF protection with DNS resolve
- Per-email/IP rate limit + per-account failed-login lockout
- WebAuthn / Passkeys — optional 2FA
- Uploads — magic-byte validation, MIME whitelist, 10MB limit
In case of a data breach — notification to Roskomnadzor within 24 hours, notification to affected users within 72 hours (152-FZ art.21.1).
§9-10. Children and cookies
Age
Minimum age — 18 (full legal capacity under Russian civil law).
Cookies
We use only strictly necessary cookies: token (JWT for authorization, 30 days) and csrf (CSRF protection, 30 days). No marketing / analytics / tracking cookies — separate consent is not required.
§11. Policy changes
For material changes (new sub-processor, change of processing purposes) — email notification + 14 days grace period before taking effect. Current version — 2026-05-15 (draft, to be finalized before public release).
§12. Contacts
- Telegram: @mishinone — the fastest channel
- Email: TBD after registration
privacy@violet.app
Reply within 7 business days (152-FZ art.14.4).