Privacy Policy

This document describes which personal data the okk service processes, on what legal grounds, to whom and in which cases it is transferred, how it is protected, and what rights the personal data subject has.

Versionv1.2
UpdatedJuly 17, 2026
Effective fromJuly 17, 2026
JurisdictionRussian Federation

01General provisions

This Personal Data Processing Policy (the «Policy») has been developed in accordance with the requirements of Russian Federal Law No. 152-FZ «On Personal Data» dated 27 July 2006 and defines the procedure for processing personal data and the measures to ensure their security taken by the operator — Dialogue Solutions LLC (TIN 7813692865; the «Operator»).

The Policy applies to personal data that the Operator may obtain from a personal data subject (the «User») when using the okk service, available through the web interface and accompanying applications (the «Service»).

02Terms and definitions

For the purposes of uniform interpretation of this Policy, the following terms are used with the meanings established by Federal Law No. 152-FZ:

  • Personal data — any information related to a directly or indirectly identified or identifiable natural person.
  • Processing of personal data — any action or set of actions performed on personal data, whether or not by automated means.
  • Operator — Dialogue Solutions LLC, which organises and carries out the processing of personal data and determines the purposes and composition of the data processed.
  • Personal data subject — the natural person to whom the personal data relate; for the purposes of this Policy — the User of the Service.
  • Dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons.

03Personal data processed

The Operator processes only such personal data as are necessary to provide the Service and fulfil obligations to the User. No excessive data are collected.

Account data

  • Mobile phone number — for authentication via a one-time code (OTP) and for contact on material service matters.
  • First name and last name — displayed in the interface and used in reports.
  • Email address (when provided) — for notifications and access recovery.
  • Role in the organisation and membership of a working group — to control access rights.

Service usage data

  • Audio recordings of dialogues and their text transcripts uploaded by the User or the User's organisation.
  • Dialogue metadata: date, time, location, list of participants.
  • Interface actions: scores, comments, tags, status changes.
  • Technical data: IP address, device type, session identifier, sign-in and sign-out log.

04Simulator trial on the website

This section applies to website visitors who start the voice simulator trial without creating an account (the personal data subject is a website visitor). Consent to processing is given by ticking the checkbox in the form before the trial conversation starts.

  • Form data — company name and phone number — is processed to contact the visitor about their request and follow up on the trial conversation.
  • The visitor's speech in the trial conversation is automatically converted into a text transcript to produce the review; the voice audio recording is not stored.
  • The text transcript of the trial conversation is stored for 30 days from the conversation and then deleted.
  • A third-party voice AI service is engaged to convert speech and produce the review (see the "Transfer to third parties" section).

You can withdraw consent or request data deletion via the Operator's contacts listed in the "Operator contacts" section.

05Processing purposes

Personal data are processed exclusively for the purposes listed below. Use of the data for any other purposes without separate consent of the User is not permitted.

  • Creation and maintenance of the User's account, authentication on sign-in.
  • Provision of Service features: recording and transcription of dialogues, analytics and reporting.
  • Notifying the User about changes to the Service, maintenance and material terms of service.
  • Compliance with the requirements of the laws of the Russian Federation, including tax and accounting laws.
  • Investigation of security incidents and prevention of unauthorised access to data.

08Retention periods and procedure

Personal data are stored for the period necessary to achieve the processing purposes, but no longer than the period set by the laws of the Russian Federation.

  • Account data — for the duration of the account's existence; after the account is deleted, the Operator destroys or de-identifies the associated personal data within a reasonable period required to complete operational processes, or stores them within the periods set by the laws of the Russian Federation.
  • Audio recordings and dialogue transcripts — for the period set by the agreement with the customer organisation, or until the processing purposes are achieved or the User withdraws consent — whichever occurs earlier.
  • Technical logs and security logs — for the period required to investigate incidents and ensure Service security, but no longer than required by the laws of the Russian Federation.
  • Data that must be retained by law (accounting, tax) — for the periods set by the applicable laws.

Upon expiry of the retention period, personal data are subject to destruction or de-identification in a manner that precludes their recovery, confirmed by a corresponding act.

Personal data of citizens of the Russian Federation are stored on servers located within the territory of the Russian Federation.

09Transfer to third parties

The Operator does not transfer personal data to third parties, except where expressly provided by this Policy or required by law.

  • Infrastructure providers (hosting provider, telecom provider) — to the extent necessary for the operation of the Service, under contracts requiring confidentiality.
  • SMS gateway operators — for delivery of one-time authentication codes (phone number and code).
  • The voice AI service provider — to convert the speech of a simulator trial visitor into a text transcript and produce the review (see the "Simulator trial on the website" section).
  • Authorised government bodies — in cases expressly provided for by the laws of the Russian Federation.

10Cookies and similar technologies

The Service uses technologies that store service data on the User's device, solely to ensure the operation of the Service.

  • Session cookies and tokens in localStorage / sessionStorage — to maintain an authenticated session and store interface settings.
  • Device identifier (device fingerprint) — to distinguish active sessions and protect against unauthorised access.

Third-party web analytics systems (Google Analytics, Yandex.Metrica and the like) are not used by the Service at the time of publication of this Policy. Should they be connected, this Policy will be updated to indicate the composition of the transferred data.

The User can manage permissions for storing service data through browser settings; restricting these technologies may make individual features of the Service unavailable.

11Age restrictions

The Service is intended for professional use by employees of client organisations and is addressed to adult users. Registration and use of the Service are permitted from the age of 18.

The Operator does not knowingly collect personal data of minors. If the Operator becomes aware that an account has been created by a person under the age of 18, such account and the personal data associated with it shall be deleted within a reasonable period.

12Rights of the personal data subject

In accordance with Articles 14, 20 and 21 of Federal Law No. 152-FZ, the User has the right to:

  • Obtain information regarding the processing of their personal data, including the purposes, methods and composition of the data processed.
  • Demand the clarification, blocking or destruction of personal data where they are incomplete, inaccurate or unlawfully obtained.
  • Withdraw previously given consent to the processing of personal data at any time.
  • Appeal against actions or omissions of the Operator to the authorised body for the protection of the rights of personal data subjects (Roskomnadzor) or in court.

To exercise the rights listed, the User shall send a written request to dialogue.solutions@yandex.ru or to the postal address 50 Chkalovsky pr-t, Lit. B, Saint Petersburg, 197136, Russia. The Operator is obliged to provide a reasoned response within thirty days from the date of receipt of the request.

13Security measures

The Operator takes the technical and organisational measures necessary and sufficient to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying or dissemination.

Technical measures

  • Encryption of transferred data over TLS no lower than version 1.2.
  • Encryption of stored data using the infrastructure provider's tools.
  • Access control to data at the level of roles and organisation membership.
  • Logging of data actions and regular audit of security logs.

Organisational measures

  • Appointment of a person responsible for organising the processing of personal data.
  • Adoption of internal regulations for the processing and protection of personal data.
  • Restriction of employee access to personal data on a need-to-know basis (least privilege).
  • Non-disclosure agreements with employees and contractors.

14Changes to this Policy

The Operator reserves the right to amend this Policy. The current version is posted at /privacy-policy and takes effect from the date indicated in the document details («Effective from»).

Users will be notified of material changes affecting the composition of the data processed, the purposes or the legal grounds for processing no later than 15 calendar days before the changes take effect, through the Service interface or by the email address indicated in the account.

Continued use of the Service after the changes take effect constitutes the User's consent to the new version of the Policy. If the User disagrees, they may stop using the Service and request deletion of their personal data.

15Operator contacts

For any matters related to the processing of personal data, the User may contact the Operator:

  • Name: Dialogue Solutions LLC
  • TIN: 7813692865
  • OGRN: 1267800005285
  • Registered address: 50 Chkalovsky pr-t, Lit. B, Saint Petersburg, 197136, Russia
  • Email for data protection requests: dialogue.solutions@yandex.ru
  • Support email: dialogue.solutions@yandex.ru