1. General Provisions
This Privacy Policy (hereinafter — "Policy") describes how Flick Soft (hereinafter — "Company", "we", "us") collects, uses, stores, and protects information obtained from users (hereinafter — "User", "you") of the SanderMan platform (hereinafter — "Service"), available at sanderman.flick-soft.tech.
By using the Service, you consent to the collection and processing of your information as described in this Policy. If you do not agree with this Policy, please do not use the Service.
2. Information We Collect
2.1. Information you provide directly:
- Email address — for authentication, account recovery, and communication
- Telegram account data (phone number, session tokens) — for Service functionality
- Payment information — processed by third-party payment providers; we do not store card details
- Campaign content — messages, templates, and settings you create within the Service
- Audience data — contact lists and prospect information you upload or collect
2.2. Information collected automatically:
- IP address and approximate geolocation
- Browser type, operating system, and device information
- Pages visited, features used, and actions taken within the Service
- Cookies and similar tracking technologies
- Error logs and performance metrics
3. Purposes of Data Processing
We process your data for the following purposes:
- Providing and maintaining Service functionality
- User authentication and authorization
- Processing payments and managing subscriptions
- Providing customer support and responding to inquiries
- Improving the Service, fixing bugs, and developing new features
- Preventing fraud, abuse, and ensuring Service security
- Complying with legal obligations
- Sending service-related notifications (not marketing)
4. Legal Basis for Processing
We process your personal data based on:
- Contract performance — processing necessary to provide the Service you requested
- Legitimate interest — improving Service quality, preventing fraud, ensuring security
- Legal obligation — compliance with applicable laws and regulations
- Consent — where you have given explicit consent for specific processing activities
5. Data Security
We implement industry-standard technical and organizational measures to protect your data, including:
- Encryption of data in transit (TLS/SSL) and sensitive data at rest
- Secure token storage using HttpOnly cookies with SameSite protections
- Encrypted storage of Telegram session data
- Database access controls and network segmentation
- Regular security audits and vulnerability assessments
- Rate limiting and brute-force protection mechanisms
Despite our best efforts, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.
6. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We may share your information with:
- Payment processors — for processing subscription payments (e.g., YooKassa)
- Infrastructure providers — hosting and cloud services necessary for Service operation
- AI service providers — for processing message personalization and classification (message content only, not personal data)
- Analytics tools — aggregated, anonymized usage data for Service improvement
- Law enforcement — when required by applicable law, court order, or legal process
7. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. After account deletion:
- Account data is deleted within 30 days
- Telegram session data is deleted immediately
- Payment records are retained for the legally required period (typically 3-5 years)
- Anonymized usage statistics may be retained indefinitely
- Backup copies are purged within 90 days
8. Cookies and Tracking
We use the following types of cookies:
- Essential cookies — required for authentication and Service functionality (session tokens, locale preference)
- Security cookies — for fraud prevention and account protection
We do not use third-party advertising or marketing cookies. You can manage cookies through your browser settings, but disabling essential cookies may affect Service functionality.
9. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Right of access — request a copy of your personal data
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data
- Right to data portability — receive your data in a machine-readable format
- Right to restriction — request limitation of data processing
- Right to object — object to certain types of data processing
- Right to withdraw consent — where processing is based on consent
To exercise any of these rights, contact us at support@flick-soft.tech. We will respond to your request within 30 days.
10. International Data Transfers
Your data may be stored and processed on servers located in the European Union (Latvia). By using the Service, you consent to the transfer and processing of your data in these locations. We ensure appropriate safeguards are in place for any international data transfers.
11. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always available at this page. Material changes will be communicated through the Service or via email. Continued use of the Service after changes constitutes acceptance of the updated Policy.
13. Contact Information
For questions regarding the processing of your personal data or to exercise your rights, contact us at:
- Email: support@flick-soft.tech
- Company: Flick Soft
- Location: Republic of Latvia