Skip to content
SYMPTOMATICA logo
RU EN

Privacy Policy of the Symptomatica Service

Version: 1.6
Effective Date: March 7, 2026

1. General Provisions

1.1. This Privacy Policy (hereinafter "Policy") describes the procedures for the collection, processing, and storage of data pertaining to Users of the Symptomatica service (hereinafter "Service").

1.2. The personal data controller is the sole proprietor Tatyana Vasilyevna Mikhailova (hereinafter "Operator"), who provides access to the Service pursuant to a license agreement with the copyright holder of the computer program "Symptomatica."

1.3. Personal data is processed in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data." The User's consent to data processing is expressed through an affirmative act — clicking the "Confirm and Continue" button upon commencing use of the Service.

2. Data Collected

2.1. The Service collects and processes the following data:

  • Telegram user identifier (numeric ID);
  • Telegram username (if applicable);
  • name provided by the User upon registration;
  • country code selected by the User;
  • Telegram interface language;
  • content of the User's messages within the Service dialogue;
  • attached files (photos, documents) submitted by the User;
  • Service responses to User messages;
  • the fact and timestamp of consent to the Terms of Service;
  • payment data (top-up amount, transaction identifier).

2.2. The Service does not collect:

  • full legal name (surname, given name, patronymic) in the documentary sense;
  • passport or government-issued identification data;
  • residential address;
  • telephone number (except where it forms part of the User's Telegram account);
  • bank card details (payment processing is performed by the payment provider).

3. Purposes of Processing

3.1. Data is processed solely for the following purposes:

  • providing the informational and reference services of the Service;
  • retaining dialogue history to maintain conversational context;
  • operating the payment system;
  • improving the quality of the Service;
  • security purposes (logging warnings related to urgent symptoms).

4. Legal Basis for Processing

4.1. Data processing is carried out on the basis of the User's consent, expressed through an affirmative act — clicking the "Confirm and Continue" button upon commencing use of the Service.

4.2. The User's messages within the Service dialogue may contain information concerning the User's health condition, which, pursuant to Article 10 of Federal Law No. 152-FZ of July 27, 2006, constitutes a special category of personal data. By clicking the "Confirm and Continue" button upon commencing use of the Service, the User provides explicit written consent to the processing of information regarding their health condition, to the extent necessary for the provision of the informational and reference services of the Service, in accordance with Clause 1, Part 2, Article 10 of Federal Law No. 152-FZ.

4.3. The fact of consent (clicking the "Confirm and Continue" button) is recorded automatically with reference to the User's identifier, the version of this Policy, and the event timestamp. This record constitutes evidence of the receipt of the User's consent to data processing.

4.4. The User has the right to withdraw consent at any time by submitting a request via the /help command or by email to inform@symptomatica.tech. Withdrawal of consent shall result in the termination of data processing and the inability to continue using the Service.

5. Disclosure to Third Parties

5.1. In order to operate the Service, the content of User messages is automatically transmitted to the servers of OpenAI, L.L.C. (United States) for the purpose of processing requests using artificial intelligence technologies. Such transmission is carried out pursuant to a Data Processing Agreement with OpenAI and constitutes a technical necessity for the functioning of the Service. OpenAI acts as a data processor on behalf of the Operator in accordance with Part 3, Article 6 of Federal Law No. 152-FZ and is obligated to maintain the confidentiality of the transmitted data.

5.2. Data transmission to OpenAI is carried out in accordance with OpenAI's Privacy Policy (https://openai.com/policies/privacy-policy) and the terms of OpenAI's Data Processing Addendum (https://openai.com/policies/data-processing-addendum). OpenAI does not use data transmitted via the API to train its models without separate consent.

5.3. For the purpose of processing User payments, transaction data is transmitted to YooKassa (Yandex.Kassa LLC). Bank card details are not transmitted to the Operator and are not stored by the Operator.

5.4. The copyright holder of the program (Author) may have access only to anonymized technical data regarding the operation of the Service for the purposes of ensuring its functionality and improving the quality of the program. The Author is not granted access to Users' personal data.

5.5. Except as set forth in Sections 5.1, 5.3, and 5.4, the Operator does not disclose User data to third parties, except as expressly required by the laws of the Russian Federation.

5.6. By clicking the "Confirm and Continue" button, the User expressly consents to the cross-border transfer of their personal data, including special categories (health-related information), to the servers of OpenAI, L.L.C. (United States) to the extent necessary for the operation of the Service, in accordance with Article 12 of Federal Law No. 152-FZ. The User acknowledges that the United States is not included by Roskomnadzor in the list of countries providing adequate protection of personal data and provides such consent knowingly.

6. Data Storage and Security

6.1. The primary personal data database of Users is stored on servers located within the territory of the Russian Federation, in accordance with the requirements of Part 5, Article 18 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data."

6.2. Data is protected by technical means against unauthorized access, including encryption in transit (TLS) and encryption at rest.

6.3. Data retention periods by category:

  • correspondence (message content, attached files) — for the duration of Service use and no longer than twelve (12) months following its termination;
  • payment data (top-up amounts, transaction identifiers) — four (4) years from the date of the transaction, in accordance with Article 23 of the Tax Code of the Russian Federation;
  • record of the fact and timestamp of the User's consent — five (5) years following the termination of Service use, as evidence of the lawfulness of data processing;
  • other data (identifiers, technical parameters) — for the duration of Service use and no longer than twelve (12) months following its termination.

6.4. Access to User data is restricted to authorized personnel of the Operator to the extent necessary to ensure the operation of the Service.

7. User Rights

7.1. The User has the right to:

  • request information regarding the composition of stored personal data;
  • receive a copy of their personal data in electronic format;
  • request the correction of inaccurate data;
  • request the deletion of their data;
  • withdraw consent to data processing.

7.2. To exercise the foregoing rights, the User may submit a request via the /help command within the Service or by email to inform@symptomatica.tech.

7.3. The Operator is obligated to provide the requested information or fulfill the User's request within thirty (30) calendar days from the date of receipt of the request, in accordance with Part 1, Article 20 of Federal Law No. 152-FZ.

8. Data Deletion

8.1. Upon receipt of a deletion request, the Operator shall delete the User's personal data within thirty (30) calendar days.

8.2. Anonymized statistical data may be retained for the purpose of improving the Service, without the ability to identify the User.

8.3. Data deletion does not apply to records whose retention is required by law (payment data — 4 years; consent record — 5 years following termination of Service use, in accordance with Section 6.3 of this Policy).

9. Security Incident Notification

9.1. In the event of the discovery of an unauthorized disclosure of personal data or any other security breach, the Operator undertakes to:

  • within twenty-four (24) hours of discovery, submit an initial notification to Roskomnadzor in accordance with the requirements of Article 21 of Federal Law No. 152-FZ;
  • within seventy-two (72) hours, submit to Roskomnadzor a detailed notification describing the nature of the incident, the estimated number of affected data subjects, and the measures taken;
  • notify affected Users through the Service interface or by email within a reasonable period following identification of the affected individuals.

10. Policy Amendments

10.1. The Operator reserves the right to update this Policy. Users shall be notified of changes that affect User rights or data processing procedures through the Service interface no less than seven (7) calendar days prior to the changes taking effect.

10.2. The current version, bearing a version number and effective date, is published in the Service documentation. Continued use of the Service following the effective date of any changes constitutes the User's acceptance of the revised Policy.

11. Operator Contact Information

Sole Proprietor Tatyana Vasilyevna Mikhailova
OGRNIP: 325784700285322
INN (Tax ID): 780409600060
Address: Saint Petersburg, Vavilovykh Street, Building 3, Unit 1, Liter A
Person Responsible for the Organization of Personal Data Processing: Tatyana Vasilyevna Mikhailova
Email: inform@symptomatica.tech
Website: https://symptomatica.tech/