Skip to main content
Revision dated 11.05.2026.
This English version is provided for convenience. The Russian version available at https://wowweb.app/privacy is the official text and prevails in case of any discrepancy.

1. General provisions

1.1. This Personal Data Processing Policy (hereinafter, the “Policy”) has been drawn up in accordance with the requirements of Federal Law No. 152-FZ of 27.07.2006 “On Personal Data” (hereinafter, the “Personal Data Law”) and defines the procedure for processing personal data, as well as the measures to ensure their security, undertaken by individual entrepreneur K. A. Shturman (Taxpayer ID (INN) 615011690083), hereinafter the “Operator”. 1.2. The Operator considers it the most important goal and condition of its activity to observe the rights and freedoms of the individual and citizen when processing personal data, including the protection of the rights to inviolability of private life, personal, and family secrets. 1.3. This Policy applies to all information that the Operator may obtain about Users of the WowWeb AI service available at https://wowweb.app (hereinafter, the “Site” or “Service”), including its sub-services: the personal account, builder, admin panel, Telegram bot @WowWebBot, and related interfaces. 1.4. This Policy does not apply to third-party sites that the User may navigate to via links from the Site or that the User has connected as integrations (payment systems, CRM, analytics, messengers, domain registrars, etc.). Such third parties are independent operators of personal data processing within the framework of the services they provide.

2. Main concepts

2.1. Automated processing of personal data, processing using computer technology. 2.2. Blocking of personal data, temporary cessation of the processing of personal data (except where processing is necessary for their clarification). 2.3. Website or Service, the hardware and software complex available on the internet at https://wowweb.app, as well as related interfaces and the Telegram bot. 2.4. Personal data information system, the set of personal data contained in databases and the information technologies and technical means ensuring their processing. 2.5. De-identification of personal data, actions as a result of which it is impossible, without the use of additional information, to determine the attribution of personal data to a specific subject. 2.6. Processing of personal data, any action or set of actions, performed using automation tools or without them, with personal data, including collection, recording, systematization, accumulation, storage, clarification, retrieval, use, transfer (distribution, provision, access), de-identification, blocking, erasure, and destruction. 2.7. Operator, a person which, independently or jointly with others, organises or carries out the processing of personal data and determines the purposes of processing, the composition of data, and the operations performed. 2.8. Personal data, any information relating directly or indirectly to a specific or identifiable User of the Service. 2.9. User, any visitor of the Site or Service, whether registered or unregistered. 2.10. Generated content, sites, texts, images, source code, and other materials created by the Service at the User’s request using artificial intelligence technologies. 2.11. Cookie files, small text fragments saved by the User’s browser when visiting the Site. 2.12. Cross-border transfer of personal data, the transfer of personal data to the territory of a foreign state to a foreign individual, legal entity, or foreign state authority.

3. Composition of processed personal data

The Operator may process the following categories of data on the User: 3.1. Identification and contact data:
  • email address;
  • first and last name (if provided);
  • Telegram username and Telegram ID (when authorising via Telegram);
  • Google account identifier (when authorising via Google);
  • user identifier within the Service.
3.2. Authorisation and security data:
  • IP address;
  • information about the browser and device (User-Agent);
  • dates and times of sessions;
  • access logs and security logs;
  • technical session tokens.
3.3. Payment and settlement data:
  • fact, date, amount, and status of payment transactions;
  • payment transaction identifiers;
  • the payment method in de-identified or tokenised form provided by the payment provider.
The Operator does not receive or store full bank card details, CVV codes, or other critical payment data. Such data is processed directly by the payment provider (YooKassa) in accordance with PCI-DSS requirements. 3.4. Referral data:
  • the identifier of the referrer whose link was used to invite the User;
  • the list of referrals invited by the User and their subscription statuses;
  • the balance of referral credits and the history of referral transactions.
3.5. Service usage data:
  • actions in the personal account and the builder;
  • requests to the AI builder (prompts, site descriptions);
  • materials uploaded by the User (images, logos, documents, files), only within the User’s specific project;
  • the content of the project rules and knowledge base set by the User;
  • parameters of connected integrations (without disclosure of secret keys);
  • the XP balance, history of credits and debits;
  • metadata of generated projects;
  • settings of custom domains linked by the User.
3.6. Support enquiry data:
  • correspondence content;
  • problem descriptions;
  • attachments, diagnostic information, screenshots.
3.7. De-identified technical data:
  • cookie files;
  • data from internet statistics services (Yandex.Metrika, Google Analytics, and others).
3.8. The Operator does not process special categories of personal data relating to racial or ethnic origin, political views, religious or philosophical beliefs, state of health and sex life, biometric data, or data on minors. The User undertakes not to post such data in the Service.

4. Purposes of processing personal data

4.1. The Operator processes personal data for the following purposes:
  • registration and identification of the User in the Service;
  • creation and maintenance of the account;
  • providing access to the functions of the Service in accordance with the chosen plan;
  • generation of sites and processing of requests to the AI builder;
  • accounting for the XP balance, billing, settlements, subscription renewals;
  • processing of payments via payment partners;
  • operation of the referral program (crediting rewards, accounting for referrals, calculating payouts);
  • sending informational and service notifications to the User related to the provision of services;
  • sending marketing and advertising messages to the User (with separate consent);
  • ensuring the security of the Service, detecting abuse, investigating incidents;
  • technical support of Users, diagnostics, and troubleshooting;
  • improving the quality of the Service (analysis of de-identified and aggregated data);
  • performance of obligations to the User and third parties under concluded agreements;
  • performance of obligations established by the laws of the Russian Federation (accounting and tax records, responses to requests from state authorities).
4.2. The User may at any time opt out of receiving marketing messages by sending a corresponding notice to support@wowweb.app marked “Unsubscribe from notifications” or by using the relevant option in the personal account. 5.1. The legal grounds for the Operator’s processing of personal data are:
  • the data subject’s consent to processing, including consent expressed by accepting the Public Offer, filling in forms on the Site, or using the Service;
  • the necessity of performing the contract to which the User is a party (the Public Offer);
  • the necessity of performing obligations imposed on the Operator by the laws of the Russian Federation;
  • the exercise of the rights and legitimate interests of the Operator (protection of the Service from abuse, ensuring information security, anti-fraud) provided that the rights and freedoms of the User are not infringed.
5.2. The Operator processes de-identified data about the User provided that this is permitted by the User’s browser settings (cookie storage and JavaScript enabled). 5.3. The User independently decides on the provision of their personal data and consents freely, by their own will, and in their own interest.

6. Principles of processing

6.1. The processing of personal data is carried out on a lawful and fair basis. 6.2. Processing is limited to the achievement of specific, predetermined, and lawful purposes. Processing incompatible with the purposes of collection is not permitted. 6.3. Only personal data that corresponds to the purposes of their processing is subject to processing. The volume of data must not be excessive. 6.4. The accuracy of the data, their sufficiency, and, where necessary, currency, is ensured during processing. 6.5. Personal data is stored in a form that allows the subject to be identified for no longer than the purposes of processing require.

7. Procedure for collection, storage, transfer, and other processing

7.1. The Operator ensures the safety of personal data and takes all possible organisational and technical measures to prevent access by unauthorised persons, including:
  • access control to information systems;
  • logging and accounting of actions of users of the Operator’s internal systems;
  • the use of secure communication channels (HTTPS, TLS);
  • the storage of passwords in encrypted (hashed) form;
  • restriction of employee access to payment and identification data;
  • regular infrastructure updates and the use of current information security tools.
7.2. Storage of personal data of Users who are citizens of the Russian Federation is primarily carried out on servers located on the territory of the Russian Federation, in accordance with the requirements of Part 5 of Article 18 of the Personal Data Law. 7.3. Transfer of personal data to third parties is permitted only in the following cases:
  • transfer to processors (partners, service providers) to the extent necessary to provide services to the User (see clause 7.4);
  • upon requests of authorised state authorities of the Russian Federation in the manner established by law;
  • with the explicit consent of the User;
  • in the event of reorganisation, merger, or sale of the business, subject to confidentiality and the preservation by the legal successor of the terms of this Policy.
7.4. Categories of data recipients (processors):
  • Payment providers (YooKassa, SBP operators), for processing settlements and sending fiscal receipts;
  • Hosting and infrastructure providers, for hosting the Service and generated sites;
  • AI model providers, for processing requests to the AI builder (prompt text and the site development context may be transmitted to model providers to the extent minimally necessary to generate a result);
  • Email and SMS providers, for sending service and system notifications;
  • Analytics services, Yandex.Metrika, Google Analytics (for de-identified data);
  • Anti-fraud and bot protection services, to ensure security;
  • Integration partners connected by the User on their own initiative, AmoCRM, YClients, Telegram Bot API, and similar (data is sent there solely at the User’s initiative and to the extent determined by the User).
7.5. The Operator requires processors to observe the confidentiality and security of the transferred data in accordance with this Policy and applicable law. 7.6. Personal data is not transferred to third parties for advertising or marketing purposes without the User’s consent. 7.7. Materials uploaded by the User and generated content are processed solely to provide services to that User. The Operator does not use the User’s materials or content to train its own or third-party artificial intelligence models. 7.8. Clarification and deletion of data: the User may update their personal data via the personal account settings or by sending a notice to support@wowweb.app marked “Update of personal data”. 7.9. Withdrawal of consent: the User may at any time withdraw their consent to the processing of personal data by sending a notice to support@wowweb.app marked “Withdrawal of consent to personal data processing”. In that case, the Operator ceases data processing, except where processing is necessary for the performance of obligations to the User or is provided for by law. 7.10. Account deletion: the User may send a request to delete the account and related data to support@wowweb.app. Deletion is performed within 7 (seven) business days after confirmation of the request. Some data may be retained longer in cases provided for by law (for example, for accounting and tax purposes).

8. Retention periods

8.1. Personal data is stored for no longer than the purposes of processing require. 8.2. Payment data and related documents are stored for the periods established by accounting, tax, and other legislation of the Russian Federation (as a rule, at least 5 years). 8.3. Access logs and security events are stored for no more than 1 year, unless a longer period is required for incident investigation. 8.4. The content of the User’s projects is stored throughout the period of active account use and for a reasonable period after the cessation of use (to enable recovery). After the User’s account is finally deleted, the content of the projects is deleted within 30 (thirty) calendar days, except for backup copies, which are deleted under the general rotation cycle (up to 90 days). 8.5. Referral data is stored for the period of the User’s active participation in the referral program and for at least 3 (three) years from the moment of the last referral transaction, for the purposes of confirming paid-out rewards and processing possible refunds.

9. Cross-border transfer of personal data

9.1. Part of the technical and user data may be transferred outside the Russian Federation to the extent necessary to execute user commands and provide the functionality of the Service. In particular, this concerns:
  • requests to AI models hosted in foreign jurisdictions;
  • the use of third-party analytics services (for example, Google Analytics);
  • the use of third-party CDNs or infrastructure providers;
  • integrations connected by the User (for example, Google OAuth).
9.2. Prior to the start of cross-border transfer, the Operator takes reasonable measures to verify that the foreign recipient state ensures an adequate level of protection of the rights of personal data subjects. Otherwise, cross-border transfer is carried out on the basis of the User’s consent or for the performance of the contract. 9.3. Notification of the intention to carry out cross-border transfer of personal data is sent to Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media) in the manner established by the laws of the Russian Federation.

10. Rights of the personal data subject

10.1. The User has the right to:
  • receive information regarding the processing of their personal data in the manner established by the Personal Data Law;
  • request the clarification, blocking, or destruction of their personal data in cases provided for by law;
  • require prior consent for the processing of personal data for the purposes of promoting goods, works, and services;
  • withdraw consent to the processing of personal data;
  • appeal to the authorised body for the protection of the rights of personal data subjects (Roskomnadzor) or in court against unlawful actions or inaction of the Operator;
  • exercise other rights provided for by the laws of the Russian Federation.
10.2. Requests and enquiries from Users for the exercise of the said rights are sent to the email address support@wowweb.app. 10.3. Requests are considered within a period not exceeding 30 (thirty) calendar days from the moment of their receipt. 11.1. Cookie files and similar technologies are used on the Site, including:
  • strictly necessary (for session function, authorisation, security), used at all times;
  • functional (for remembering User preferences);
  • analytical (Yandex.Metrika, Google Analytics), for understanding usage statistics.
11.2. The User may manage cookie files via their browser settings. Disabling cookies may limit the functionality of the Service.

12. Use of data when authorising via Google and Telegram

12.1. When the User chooses to authorise via Google or Telegram, the Operator obtains from the respective provider only the minimum amount of data necessary to identify the User:
  • from Google: email address, name, account identifier;
  • from Telegram: Telegram ID, username, name.
12.2. The Operator does not request access to the contents of correspondence, contacts, files, or other personal data of the User in the said services. 12.3. The received data is used solely for authentication and communication with the User as part of providing the Service. 12.4. The User may request the deletion of the received data by sending a letter to support@wowweb.app. After confirmation of the request, the data is deleted from active systems and backup copies within a reasonable time, unless otherwise required by law. 12.5. The Operator does not sell or transfer data obtained via Google or Telegram authorisation to third parties for commercial or advertising purposes.

13. Changes to the Policy

13.1. The Operator reserves the right to make changes to this Policy. 13.2. The current revision of the Policy is always published at: https://wowweb.app/privacy. 13.3. The Policy is valid indefinitely until replaced by a new version. 13.4. The Operator additionally notifies Users of material changes affecting their rights via the personal account or by email at least 30 (thirty) calendar days before the changes take effect.

14. Final provisions

14.1. The User may obtain any clarifications on the issues relating to the processing of their personal data by contacting the Operator: 14.2. Operator details: Individual entrepreneur K. A. Shturman
  • Taxpayer ID (INN): 615011690083
  • State registration number (OGRNIP): 326619600064464
14.3. Supervisory authority: the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), https://rkn.gov.ru.

What’s next

Terms of use

Platform usage rules.

Public offer

Payment and service terms.