1. Personal data operator
Operator: Top5Top10 LLC (hereinafter — the “Operator”).
INN 7702738264, OGRN 1107746628440.
Registered address: 107031, Moscow, Rozhdestvenka st., bld. 20/8, b. 5, premises II, Russian Federation.
Platform: Prompt Page, available at https://promptpage.site and related subdomains.
Contact for personal data requests: support@promptpage.site.
2. Key definitions
Personal data (PD) — any information relating to a directly or indirectly identified or identifiable individual (the data subject).
Processing — any operation with PD including collection, recording, systematization, accumulation, storage, clarification, retrieval, use, transfer, anonymization, blocking, deletion, and destruction.
User — an individual using the Service.
Cookies — a small piece of data sent by the web server and stored on the User's device.
3. Legal bases for processing
PD is processed on the bases set out in Art. 6 of 152-FZ:
— consent of the data subject (given upon registration on the Service);
— performance of the contract to which the data subject is a party (the Public Offer);
— exercise of the Operator's rights and legitimate interests, provided the rights and freedoms of the data subject are not violated.
User consent is expressed by conclusive actions: ticking the “I accept the terms” checkbox during registration and continued use of the Service.
4. Scope of processed data
At registration the User provides: surname, given name (optional), email address, password (stored as a cryptographic hash).
During use we collect: contents of the sites you build, prompts to the AI agent, uploaded files and images, selected tariff.
Automatically collected: IP address, browser type and version, operating system, country by IP, in-app actions for analytics, cookie identifiers.
At payment: payer's name, email, contact phone (if provided), payment amount and currency. Bank card data is processed exclusively by the YuKassa payment service (see section 6); the Operator does not store card numbers.
5. Purposes of processing
— Conclusion and performance of the Public Offer (granting access to the Service);
— identifying the User in the personal account;
— processing payments and issuing fiscal receipts under 54-FZ;
— responses to inquiries and technical support;
— Service security: fraud detection, protection against automated attacks;
— informational and service notifications by email (you can opt out via profile settings or an “unsubscribe” link);
— Service improvement (anonymized usage analytics).
6. Sharing with third parties
The Operator shares the minimum necessary set of PD with the following counterparties:
— YuMoney NCO LLC (YuKassa brand, INN 7750005725) — for payment acceptance and issuing fiscal receipts under 54-FZ;
— cloud hosting and file storage providers — for hosting and delivering content;
— AI service providers (including Anthropic PBC, OpenAI OpCo) — for executing site and image generation requests;
— email delivery providers — for sending transactional and service messages;
— web analytics providers — in an anonymized form.
The Operator does not share PD with third parties for marketing purposes and does not sell it. Transfer to government authorities is made only on grounds established by the legislation of the Russian Federation.
7. Cookies and automated collection
The Service uses:
— functional cookies (session, language and theme) — required for operation;
— analytical cookies — to understand usage patterns;
— technical identifiers — to protect against automated attacks.
Third-party marketing cookies are not set without User consent. Cookies can be managed via browser settings; disabling functional cookies may limit access to the personal account.
8. Retention periods
PD is processed until the purposes of processing are achieved or until the data subject withdraws consent.
After account deletion, PD is removed within 30 (thirty) calendar days. Backup copies may be retained for up to 90 (ninety) days from creation.
Accounting and tax records are retained for the periods set by Russian law (as a general rule — 5 (five) years).
9. Rights of the data subject
Under Chapter 3 of 152-FZ the User has the right to:
— receive information about the fact, purposes, sources, and methods of PD processing;
— require clarification, blocking or destruction of incomplete, outdated, inaccurate, or unlawfully obtained PD;
— withdraw consent to PD processing (this may result in termination of services);
— appeal the Operator's actions to Roskomnadzor or in court.
Requests are sent to support@promptpage.site indicating the method of identity verification. Review period — 30 (thirty) days.
10. Security measures
The Operator applies legal, organizational and technical PD protection measures:
— data transmission encryption via HTTPS (TLS);
— password storage as a cryptographic hash (bcrypt);
— differentiation of employee access on a need-to-know basis;
— regular infrastructure updates and action logging.
In the event of an incident resulting in unauthorized access to PD, the Operator notifies Users and Roskomnadzor within the periods established by Art. 18.1 and 21 of 152-FZ.
11. Cross-border data transfers
Part of the infrastructure (including AI providers) is located outside the Russian Federation. PD is transferred to countries providing adequate protection, or with the data subject's written consent.
The list of providers may change; an up-to-date list is provided upon request to support@promptpage.site.
12. Policy updates
The Operator may update this Policy. The current version is published at https://promptpage.site/privacy. Material changes are communicated to the User by email or in the personal account at least 7 (seven) days before they take effect.
The last update date is shown at the beginning of the document.