Privacy Policy

Issued 2025-09-01 · Permanent URL https://tolstoycomments.com/en/legal/privacypolicy/

Operator: Sole Proprietor Sergey Kovalenko (OGRNIP 318715400085779, INN 711612172010). Address: РФ, Тульская область, г. Новомосковск, ул. Московская, д. 4/24, кв. 14. Contact: help@tolstoycomments.com. Trade name: TLST Comments.

1. Overview

This Privacy Policy describes personal data processing in TLST Comments. Site Administrators act as independent controllers for PD they process on their sites.

2. Purposes & Legal Bases

registration/authentication; publishing & displaying comments;
reply notifications; account administration;
service operation & security;
product analytics (Yandex Metrica).

Bases: contract (acceptance of Terms), service functionality, and separate consent (checkbox) for registration/social login/e‑mail notifications.

3. Data Processed

account data: e‑mail, display name, avatar;
technical data: IP address, user‑agent, timestamps, cookies/device IDs;
social‑login IDs/tokens where used.

Guest mode: minimal technical data and comment content.

4. Cookies

Technical cookies for auth/session only. No advertising/personalization cookies.

5. Processing Activities

Collection, recording, storage, updating, use, provision (access), anonymization, blocking, deletion, destruction as needed for the above purposes.

6. Localization, Storage & Security

Primary recording/storage of Russian citizens’ PD in Russia at Selectel (data centers in RF).
CDN: DDoS‑GUARD for protection/content delivery.
E‑mail delivery: in‑house SMTP infrastructure. No cross‑border transfer.
Analytics: Yandex Metrica (aggregated usage metrics).
Security: TLS; at‑rest encryption partially; access controls (raw data accessible only to the CTO).

7. Cross‑Border Transfers

No cross‑border transfer of PD.

8. Retention

account & comments — until account deletion/on request;
logs (IP, events) — 6 months;
backups — 6 months.

9. Data Subject Rights

Users may request information, rectification, blocking or deletion; and withdraw consent. Response within 7 days; deletion on withdrawal within 7 days unless law dictates otherwise. Requests: help@tolstoycomments.com.

10. Security Incidents

Users will be notified without undue delay, generally within 24 hours after confirmation of an incident.

11. Updates

Current version at https://tolstoycomments.com/en/legal/privacypolicy/. Material changes to purposes require renewed consent.

12. Site Administrator Obligations

Site Administrators must: publish a privacy policy; ensure lawful bases and localization when applicable; fulfill data subject requests; ensure PD security/access control; notify TLST Comments about PD incidents and cooperate; not interfere with consent collection/mandatory legal elements of the Widget; meet complaint timelines: reply within 48h, removal/blocking within 72h.