Personal Data Processing Policy
Effective date: January 1, 2026 Current version: 1.0
1. General provisions
Section titled “1. General provisions”This Personal Data Processing Policy (hereinafter — the “Policy”) is developed in accordance with Federal Law No. 152-FZ “On Personal Data” dated 27.07.2006 and defines the procedure for processing personal data and the measures to ensure their security taken by the administration of the Notifly service (hereinafter — the “Operator”), available at https://notifly.ru and subdomains, including https://app.notifly.ru (hereinafter — the “Service”).
The Operator regards the observance of human and civil rights and freedoms when processing personal data, including the protection of the right to privacy, personal and family secrets, as the most important condition for carrying out its activities.
Use of the Service implies the user’s unconditional consent to this Policy and the conditions for processing their personal data set out herein. If the user does not agree with these conditions, they should refrain from using the Service.
2. Operator contact details
Section titled “2. Operator contact details”- Name: owner and administrator of the Notifly service.
- Contact e-mail: support@notifly.ru
- Website: https://notifly.ru
Details of the legal entity / individual entrepreneur are provided upon request to support@notifly.ru.
3. Categories of personal data processed
Section titled “3. Categories of personal data processed”The Operator may process the following personal data:
- email address (e-mail);
- hashed account password;
- IP address, browser and device technical data (User-Agent), interface language;
- push device identifiers (FCM token, APNs token, Web Push subscription);
- content of notifications and messages sent and received via the Service;
- API request metadata: time, method, status, size;
- client identifiers, application identifiers, access tokens;
- payment details to the extent necessary for processing the payment (provided by the payment provider; the Operator does not store full bank card numbers).
4. Purposes of personal data processing
Section titled “4. Purposes of personal data processing”Personal data are processed for:
- registration, authentication and identification of users;
- providing Service functionality (sending and receiving notifications, monitoring, webhooks, email inbox, MCP, web-script, heartbeat, etc.);
- processing payments and invoicing;
- technical support and correspondence with the user;
- informing about changes to the Service, tariffs, and terms of service;
- ensuring security, investigating incidents, protection against abuse;
- complying with the requirements of Russian Federation law.
5. Legal grounds for processing
Section titled “5. Legal grounds for processing”Personal data processing is carried out on the basis of:
- the user’s consent expressed by registering with the Service and/or continuing to use it;
- a contract to which the user is a party (User Agreement, Offer);
- the requirements of applicable legislation of the Russian Federation.
6. Procedure and conditions of processing
Section titled “6. Procedure and conditions of processing”Personal data processing is carried out using automation tools and without them and includes the following actions: collection, recording, systematization, accumulation, storage, clarification (update, modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion and destruction.
Storage of personal data of users who are citizens of the Russian Federation is carried out in databases located on the territory of the Russian Federation (server infrastructure Yandex Cloud, region ru-central1).
7. Transfer of data to third parties
Section titled “7. Transfer of data to third parties”The Operator may transfer personal data to:
- the cloud infrastructure provider (ООО «Яндекс.Облако», Россия) — for hosting and storage;
- payment providers — to the extent necessary to process the payment;
- push notification delivery services (Apple Push Notification Service, Firebase Cloud Messaging, standard Web Push) — to deliver notifications to the user’s device;
- authorized state bodies — in cases directly provided for by law.
The Operator does not transfer personal data to third parties for marketing purposes.
8. Retention and processing periods
Section titled “8. Retention and processing periods”Personal data are processed for the entire duration of the user’s account and for 1 (one) year after its deletion, unless otherwise required by law. Message content is stored according to the limits set by the selected plan.
9. Rights of the data subject
Section titled “9. Rights of the data subject”The user has the right to:
- obtain information about the processing of their personal data;
- request correction, blocking, or deletion of their personal data if it is incomplete, outdated, inaccurate, or unlawfully obtained;
- withdraw consent for the processing of personal data;
- appeal the actions or inaction of the Operator to Roskomnadzor or in court.
Requests should be sent to support@notifly.ru indicating the account e-mail. A response is provided within 30 days. You can also delete your account yourself in the personal account.
10. Personal data protection measures
Section titled “10. Personal data protection measures”The Operator takes technical and organizational measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, including:
- encrypting data transmission via HTTPS/TLS;
- storing passwords as hashes using bcrypt;
- restricting employee access rights;
- regular backups;
- monitoring suspicious activity.
11. Cookies
Section titled “11. Cookies”The terms of use of cookies and similar technologies are described in a separate Cookie Policy.
12. Changes to the Policy
Section titled “12. Changes to the Policy”The Operator reserves the right to make changes to this Policy. The current version is always available at https://notifly.ru/legal/privacy/. Material changes are additionally communicated to users through the Service interface or by e-mail.