Privacy Policy
_Effective date: ⟦TODO: date⟧_
This Privacy Policy explains what data the IT Abyss platform ("the Service", "we"), available at itabyss.pro, processes and how we use it.
Operator: ⟦TODO: operator legal name and status, e.g. sole proprietor / individual⟧. Privacy contact: ⟦TODO: email, e.g. privacy@itabyss.pro⟧.
1. Data we collect
a password hash. We never store your password in plain text.
the provider a unique account identifier, email address, name, and (for Google/Telegram) an avatar URL. See Section 4.
membership check against our private Telegram subscriber group.
statistics. Free-text answers are sent to an AI provider for grading (see Section 4).
leak protection.
- Account data. On registration — your email address, display name, and (for password login)
- Third-party sign-in data. When you sign in with Google, Apple, or Telegram we receive from
- Subscription & access. Your subscription level and payment status, including the result of a
- Interview simulator. Your answers, their evaluation results, session history, and usage
- Content & activity. Comments on posts, saved materials.
- Technical logs. When downloading protected materials we record IP address and user agent for
- Newsletter. Your email address, if you subscribe.
2. How we use data
We use data to: provide and operate the Service; authenticate you and keep your session; determine your access level by subscription; grade answers in the simulator; send service emails (email confirmation, password reset) and, with consent, the newsletter; and protect the Service against abuse and content leaks.
3. Legal bases
We process data to perform our contract (providing the Service), on your consent (newsletter, third-party sign-in), and on our legitimate interests (security, abuse prevention). ⟦TODO: adjust the legal bases for your jurisdiction if needed.⟧
4. Third-party services (sub-processors)
To operate the Service we share the minimum necessary data with:
Google user data complies with the Google API Services User Data Policy.
(including an Apple private relay address) and name (first sign-in only).
evaluation; we do not send your credentials.
⟦TODO: confirm/adjust the payment provider.⟧
- Google — Sign in with Google. We receive your account ID, email, name, and avatar. Our use of
- Apple — Sign in with Apple. We receive your account ID and, when provided, your email
- Telegram — sign-in and bot, subscriber-group membership check.
- AI provider (OpenAI) — grading of free-text simulator answers. Your answer text is sent for
- Payment provider (Tribute) — subscription checkout and verification.
- File storage (Cloudflare R2) — storage of PDF materials.
- Email provider (SMTP) — sending service emails.
- Hosting (Vercel, Railway) — hosting the web app and the backend/database.
We do not sell your personal data.
5. Cookies and local storage
We use the browser's local storage (localStorage) to keep your session token (JWT) and profile so you stay signed in. This is technically necessary for the Service to function.
6. Data retention
We retain data for as long as your account is active and as needed for the purposes above, or as required by law. ⟦TODO: state specific retention periods if needed.⟧
7. Your rights
You can: view and update your profile; unlink third-party sign-in methods (Google, Apple, Telegram) in account settings; and delete your account. ⟦TODO: add the rights applicable in your jurisdiction (access, rectification, erasure, portability, withdrawal of consent) and how to exercise them.⟧ Use the contact above for requests.
8. Security
Passwords are stored hashed (scrypt), API access is token-protected, and data is transmitted over HTTPS. No method of transmission or storage is perfectly secure, but we apply reasonable safeguards.
9. Children
The Service is not intended for individuals under ⟦TODO: age, e.g. 16⟧, and we do not knowingly collect their data.
10. Changes to this policy
We may update this Policy. We will signal material changes by updating the effective date on this page.
11. Contact
For privacy inquiries: ⟦TODO: contact email⟧.