Privacy Policy

Operator: Cotasky.tech Team

Website: https://cotasky.tech

Contact: support@cotasky.tech

1. Terms and general provisions

This Privacy Policy explains how Cotasky.tech processes user data when users access the website, its subdomains, API and related online services.

The data controller/operator is the Cotasky.tech Team. The website is https://cotasky.tech, including piconvi.cotasky.tech, doconvi.cotasky.tech, musiconvi.cotasky.tech, api.cotasky.tech and other related project sections.

By using the website, creating an account, signing in via Telegram, uploading files, buying credits, subscribing to a paid plan or using the API, the User confirms that they have read this Policy.

This Policy is intended for worldwide use and is prepared with regard to the principles of Russian Federal Law No. 152-FZ “On Personal Data”, GDPR and other applicable data protection rules to the extent they apply to a specific User and Cotasky’s actual service model.

If a specific legal entity, individual entrepreneur or other organization becomes the operator in the future, the operator details will be updated in this Policy without changing the actual data processing model.

2. Data we process

Account data: internal user_id, Telegram chat_id, Telegram username, Telegram display name/nickname, session information, registration date, account status and selected plan.

Authentication and security data: one-time login codes, HttpOnly session cookie, IP address, user-agent, technical login/logout/error events and account activity.

Payment and billing data: selected plan or credit pack, amount, currency, payment/order identifier, payment status and confirmation data from Cardlink or another payment provider. Cotasky does not directly store or process full bank card details.

Wallet/credits data: balance, accruals, debits, ledger transaction history, idempotency keys, service charged and technical operation metadata.

User files and results: uploaded images, documents, audio, projects, previews, page/segment order, conversion settings, temporary access tokens, processing results and downloads.

API data: API keys in hashed form, key prefix shown to the User, key status, creation date, last usage date, limits, requests, errors and technical API logs.

Technical data: cookies, local browser project identifiers, server logs, requested URLs, response statuses, operation duration, file format and size, diagnostic events and errors.

Analytics and advertising data: page events, traffic sources, campaign parameters, device/browser information, cookie/advertising identifiers and other technical data that may be processed via Google Analytics, Yandex Metrica, advertising pixels and similar tools.

3. Purposes of processing

Registering users, authenticating them and maintaining sessions.

Providing Cotasky services, file processing, project creation, previews, exports and result downloads.

Accruing and charging credits, managing plans, providing API access, processing payments and payment statuses.

Protecting accounts, preventing abuse, limit bypassing, fraud, unauthorized access and infrastructure attacks.

Providing support, investigating errors, restoring access, reviewing disputed operations and auditing service quality.

Complying with applicable legal, accounting, tax, payment and claims-handling obligations.

Product analytics, advertising measurement, interface improvements, growth analysis, fraud prevention and marketing optimization without selling personal data to third parties.

4. Legal bases and consent

Data is processed based on the User’s consent, use of the website, performance of the Terms of Service and paid subscription agreement, payment processing, Cotasky’s legitimate interests and legal obligations.

The User may stop using the website and send a data-related request to support. Deleting or restricting certain data may make the account, paid functions, API, operation history or processing results unavailable.

Cotasky does not request special categories of personal data, biometric data, passport data or health information. Users should not upload such data in files unless necessary and legally justified.

5. Sharing with third parties and international transfers

Data may be shared with Cardlink, banks and payment systems to the extent necessary for payment processing, refunds, anti-fraud and transaction confirmation.

Data may be processed by infrastructure providers such as hosting, data centers, domain/SSL providers, monitoring, logging, email/notification and other technical vendors required for Cotasky to operate.

Data may be stored and processed both inside and outside the Russian Federation, including mixed infrastructure, where necessary for service operation, payments, analytics, security and content delivery.

When analytics and advertising tools are used, data may be shared with analytics and advertising providers, including Google, Yandex and other services connected to the website.

Telegram login uses data received via Telegram and the Cotasky authorization bot. Telegram user data is also governed by Telegram’s own rules.

Data may be disclosed to public authorities, courts or other authorized persons only where there is a legal basis. Cotasky does not sell users’ personal data.

6. User files

Uploaded files are used to perform the selected operation: conversion, preview, editing, assembling results, downloading and technical support.

Files, projects, previews and results are user-owned: before login, access may be provided through a temporary project token; after account binding, access is available only to the account owner or through their API key.

Temporary Doconvi and Musiconvi projects are stored for up to 24 hours unless otherwise stated in the interface. Piconvi results are available for about 15 minutes in free mode and within the period shown on the pricing page or service interface in paid mode.

Cotasky may delete files and results earlier for technical necessity, exceeded limits, security threats, rule violations or processing errors. The User must download and save required results in time.

7. Cookies and local storage

Cotasky uses cookies and browser local storage for authentication, language selection, project state, interface operation, security and technical diagnostics.

Cotasky may also use cookies, pixels, tags and similar technologies for web analytics, product analytics, advertising attribution, retargeting and marketing performance measurement.

The User can restrict cookies in browser settings, but this may affect authentication, projects, payments, state saving and access to results.

The HttpOnly session cookie is used for secure server-side sessions and is not intended to be read by client-side scripts.

8. International users and GDPR

Cotasky is intended for users from different countries. If GDPR, UK GDPR, CCPA/CPRA or other local data protection rules apply to the User, the User may exercise the rights provided by such rules where applicable.

For users in the European Economic Area and similar jurisdictions, legal bases may include consent, contract performance, Cotasky’s legitimate interests, legal obligations and legal claims.

Cross-border transfers may occur when using mixed infrastructure, payment providers, analytics, hosting, Telegram and other vendors. By using the service, the User understands that data may be processed in countries other than their country of residence.

9. Retention

Account data, wallet/credits data, payment events, subscriptions, API keys and operation audit records are kept while the account exists and further as necessary for rights protection, dispute resolution, accounting/tax records and legal obligations.

Technical logs are kept for a limited period needed for security, diagnostics and support.

User files and temporary projects are stored according to the rules of the specific service described in this Policy and/or in the service interface.

10. Security

Cotasky applies reasonable technical and organizational safeguards: access control, sessions, API keys, API-key hashing, operation audit, restricted access to user artifacts and server-side permission checks.

No internet service can guarantee absolute security. The User must protect access to their Telegram account, device and API keys and must not share them with third parties.

11. User rights and requests

The User may request information about data processing, correction of inaccurate data, restriction of processing, account deletion or withdrawal of consent where applicable.

Data requests should be sent to support@cotasky.tech. Cotasky may ask the User to confirm account ownership or clarify operation details.

If data deletion is impossible due to legal, payment, security or rights-protection reasons, such data may be retained for the necessary period in a limited scope.

12. Age

Cotasky does not set a special age restriction. If the law of the User’s country requires consent of a parent, guardian or legal representative for online services, the User must obtain such consent independently.

13. Changes

Cotasky may update this Policy. The new version takes effect once published on the website unless a different date is stated.

The current version is available at https://cotasky.tech/privacy.