Privacy Policy

Last updated: May 29, 2026

1. Data Controller

The data controller for Site Metrics Tool is:

Spiridonov Dmitry Vadimovich (Individual Entrepreneur, Russian Federation)
OGRNIP: 324762700012347 · INN: 760806658219
Registered address: 12-20 Krasnoekhovskaya str., Pereslavl-Zalessky, Yaroslavl Region, 152020, Russia
Email: info@sitemetricstool.com

2. Data We Collect

We collect the following categories of personal data:

Account data: email address (required), display name (optional).
OAuth tokens: access and refresh tokens from Google OAuth API and Yandex OAuth API when you authenticate via those providers. Tokens are stored encrypted using AES-256 and used solely for authentication and accessing linked account data within the Platform.
Technical data: IP address, browser User-Agent, session cookies, request logs with timestamps.
Payment data: we do not store card numbers. Payments are processed by PCI-DSS certified third-party payment processors. We store only the transaction identifier, amount, date, and chosen plan.

3. Purposes and Legal Basis for Processing

Purpose	Legal Basis (GDPR)
Providing the service / account management	Performance of a contract (Art. 6(1)(b))
Authentication and security	Legitimate interests (Art. 6(1)(f))
Transactional email notifications	Performance of a contract (Art. 6(1)(b))
Customer support	Legitimate interests (Art. 6(1)(f))
Product improvement (aggregated analytics)	Legitimate interests (Art. 6(1)(f))

4. Data Storage and Transfers

Personal data is stored on servers physically located in the Russian Federation, complying with Russian data localisation requirements (Federal Law No. 152-FZ).

When you sign in via Google or Yandex, authentication requests are sent to those providers' servers. These providers have their own privacy policies: Google's Privacy Policy and Yandex's Privacy Policy. We do not sell or share your data with third parties for advertising purposes.

5. Data Retention

Account data: retained for the lifetime of your account. Deleted within 30 days of account closure.
Transaction records: retained for 5 years as required by applicable accounting regulations.
Technical logs: retained for up to 12 months for security and diagnostic purposes.

6. Cookies

We use cookies for the following purposes:

Strictly necessary: session authentication, CSRF protection. These cannot be disabled without breaking the Platform.
Functional: language preferences and UI settings.
Analytics: aggregated usage statistics to improve the Platform. Not shared with advertising networks.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: obtain a copy of your personal data.
Rectification: correct inaccurate or incomplete data.
Erasure: request deletion of your data ("right to be forgotten").
Restriction: restrict processing in certain circumstances.
Portability: receive your data in a machine-readable format (GDPR).
Objection: object to processing based on legitimate interests (GDPR).

To exercise any of these rights, contact us at info@sitemetricstool.com. We will respond within 30 days. If you believe we have violated your rights, you may lodge a complaint with your local data protection authority.

8. Security

We protect your data using industry-standard measures including AES-256 encryption at rest, TLS 1.2/1.3 in transit, least-privilege access controls, regular backups, and continuous security monitoring. OAuth tokens are stored exclusively in encrypted form and never logged in plaintext.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at sitemetricstool.com/privacy. We will notify you of material changes by email. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

Contact

Data Controller: Spiridonov Dmitry Vadimovich (Individual Entrepreneur)
General enquiries: info@sitemetricstool.com
Support: support@sitemetricstool.com