Privacy Policy

Last updated: 12 April 2026

1. General provisions

This Privacy Policy (the “Policy”) describes what personal data the “Shkiper AI” service (the “Service”) collects, how we use, store and protect it. Use of the Service constitutes the user’s agreement with this Policy.

Personal-data operator: IP Morev Valentin Valentinovich (the “Operator” or “we”). Contact for personal-data inquiries: hello@shkiper.app.

The Policy is drawn up in accordance with Federal Law of 27 July 2006 No. 152-FZ “On Personal Data” and applies to all users, including citizens of the Russian Federation. For users from the European Union we additionally observe the requirements of the General Data Protection Regulation (GDPR, Regulation EU 2016/679).

2. What data we collect

We collect the minimum data set required for the Service to operate:

• Registration data: email address, name (optional). The password is stored as an irreversible hash and is not accessible even to the Operator’s staff.
• Learning data: topic progress, mock-exam results, history of mastered concepts, repetition marks. This data is used to personalise learning and show your path to the exam.
• AI chat history: the questions you ask and the answers received. We store them so that you can return to explanations and so we can improve AI answer quality.
• Technical data: device model, operating-system version, app version, install identifier, IP address, request timestamps. Used for fault diagnostics and abuse protection.
• Anonymous product analytics: aggregated usage events (which screens are opened, which features are used) via PostHog. The data is depersonalised and not linked to your email.
• Payment data: processed exclusively by payment providers (YooKassa, Apple App Store, Google Play). We do not receive or store bank card numbers.

3. What we use the data for

Collected data is used solely for the following purposes:

• Providing the functionality of the Service (AI answers, progress saving, sync across devices).
• Personalising learning: building the prep plan, hints on weak topics, the spaced-repetition algorithm.
• Account security, detection of fraudulent activity and automated scraping.
• Improving product and AI-model quality. For model training we use only fully anonymised and depersonalised question samples that contain no personal identifiers.
• Technical support and user-correspondence handling.
• Sending service notifications (email confirmation, password reset, plan changes). Marketing emails are sent only with your explicit consent.

4. Legal grounds for processing

Processing of your personal data is carried out on the following legal grounds:

• Performance of the contract (public offer) for access to the Service.
• Legitimate interests of the Operator (security, abuse protection, product improvement).
• User consent (for optional actions, e.g. marketing communications).
• Compliance with the legislation of the Russian Federation.

5. Sharing data with third parties

We do not sell or share your personal data with third parties for advertising or commercial purposes. A limited data set is shared with the following processors solely for the Service to function:

• OpenAI, Inc. — for AI answer generation. Only the question text is sent, with no email, name or other identifiers. Requests pass through the Operator’s backend and are pre-cleaned of personal data.
• Amazon Web Services (AWS) — hosting infrastructure: Lambda, API Gateway, DynamoDB, S3, Cognito. Data is stored encrypted.
• YooKassa (NPO YooMoney LLC), Apple, Google — payment processing. We only receive the fact of a successful payment and a transaction identifier.
• PostHog — anonymous product analytics. Only depersonalised events are sent, with no personal identifiers.

All processors operate under contracts with data-protection obligations and have no right to use the data for their own purposes.

6. Retention periods

Personal data is stored while your account is active. After account deletion, data is kept for another 12 months for the purposes of resolving possible disputes and complying with tax and accounting requirements, after which it is irreversibly deleted. Backups are rotated and fully overwritten within 90 days.

Payment documents are stored for the periods set by Russian Federation law (up to 5 years).

7. Your rights

You have the right at any time to:

• Obtain information about which of your data we process.
• Demand correction of inaccurate data.
• Demand deletion of your account and the related data (the “right to be forgotten”).
• Withdraw consent to data processing (for processing based on consent).
• Restrict data processing.
• Receive a copy of your data in a machine-readable format (right to portability).
• File a complaint with Roskomnadzor or another supervisory authority.

To exercise any of these rights, write to hello@shkiper.app from the address used at registration. We reply within 30 days.

8. Data protection

We apply modern technical and organisational protection measures:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Storage of passwords only as hashes (bcrypt).
• Minimisation of staff access to personal data on a need-to-know basis.
• Regular backups and backup rotation.
• Logging of administrative actions.

Despite the measures taken, absolute security on the internet is not achievable. If we detect an incident affecting your data, we will notify you and, if necessary, the supervisory authority within the deadlines set by law.

9. Cookies and tracking technologies

Our website uses only functional cookies (for session state) and anonymous analytics cookies. We do not use ad trackers, social-network pixels or share data with ad networks. You can disable cookies in your browser settings; some site functionality may then become unavailable.

10. Children

The Service is intended for users aged 16 and over. We do not knowingly collect data of minors. If you become aware that a child under 16 has registered for the Service, please write to us — we will delete the account.

11. Changes to the Policy

We may update the Policy as the Service evolves. Substantial changes will be announced to users by email and/or in the app at least 14 days before the changes take effect. Continued use of the Service after the update constitutes acceptance of the new version.

12. Contacts

For any personal-data questions, write to hello@shkiper.app. We reply within 3 working days.