Privacy Policy (Personal Data Processing)
1. General provisions
This Privacy Policy is prepared in accordance with applicable requirements, including Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006 (the “Personal Data Law”) where it applies, and describes how personal data is processed when you use the Impulse Shield mobile application (the “Application”) and related services operated by the Operator.
1.1. The Operator’s priority is to respect human and civil rights and freedoms in processing personal data, including the protection of privacy and confidentiality.
1.2. This Policy applies to all information about users of the Application that the Operator may obtain in connection with providing the service.
2. Key definitions
Terms such as personal data, processing, operator, automated processing, blocking, depersonalization, destruction, and cross-border transfer shall be understood in accordance with applicable law (including the Personal Data Law where relevant).
The “Application” means the Impulse Shield mobile client and related backend services used to provide features such as impulse logging, statistics, goals, notifications, export, and optional analysis features.
3. Operator’s main rights and obligations
3.1. The Operator processes personal data lawfully and implements organizational and technical measures to protect data against unauthorized access, alteration, disclosure, or destruction.
3.2. The Operator responds to data subjects’ requests in accordance with applicable law (including, where applicable, within 30 calendar days for requests under Russian law, unless a different period applies).
3.3. The Operator maintains this Policy in a publicly accessible form (including via stable URLs served by the Application backend).
4. Data subjects’ rights
Depending on your jurisdiction, you may have rights to access, rectify, delete, restrict processing, object, data portability, and to withdraw consent. You may exercise these rights via the Application (where available) and/or by contacting support using the channels indicated in the Application or store listing.
5. Principles of processing
5.1. Processing is lawful, fair, and limited to stated purposes.
5.2. Data is adequate, relevant, and not excessive in relation to the purposes.
5.3. Data is stored no longer than necessary for the purposes, subject to legal retention requirements.
6. Purposes, categories of data, and legal bases
6.1. Purposes may include:
— Creating and maintaining a user account and authentication (including via email/password and/or OAuth providers such as Google, Yandex, VK ID, or similar, depending on the build);
— Providing core features: recording impulses and related details (including categories, optional amounts/currency, descriptions, links, decisions, feedback, and comments/arguments where supported);
— Computing and displaying statistics and motivational aggregates (for example, counts of stopped impulses and “conditionally saved” amounts for personal reflection);
— User goals, reminders, and notifications (including push notifications where enabled);
— Export of your data (for example, CSV) when you initiate export;
— Customer support and handling support tickets;
— Service improvement, security, fraud prevention, and compliance with legal obligations;
— Optional automated or AI-assisted analysis of your entries to generate prompts or summaries for reflection inside the Application.
6.2. Categories of personal data may include:
— Identity and account data: email (if used), display/public name, internal user identifiers;
— Authentication data: password hashes (if applicable), OAuth tokens/identifiers as required by the sign-in provider workflow;
— Impulse-related content: text you enter, optional monetary amounts, categories, decisions, comments;
— Usage and technical data: device/app identifiers, IP address, timestamps, locale/time zone, diagnostic logs as needed for security and reliability;
— Push notification tokens where you enable notifications;
— Payment-related identifiers and subscription status as provided by app stores (Google Play, RuStore, Apple App Store, depending on your build): the stores or their payment partners process card and wallet data; the Operator typically receives purchase/subscription identifiers and status needed to unlock features, not your full card number;
— Support communications: messages you send to support and contact details you provide.
6.3. Legal bases (depending on jurisdiction) may include: performance of a contract (providing the service), consent (where required), legitimate interests (security and service improvement), and legal obligations.
6.4. Profiling: the Application may derive statistics and recommendations for you based on your usage (for example, impulse patterns). This is intended to support self-reflection and is not used to make legally significant solely automated decisions about you without human involvement, except as required by applicable law.
6.5. Artificial intelligence (analysis of your entries): optional analysis of impulses — including free-text descriptions, categories, amounts, and related context you provide — is performed using automated systems based on artificial intelligence, including third-party AI providers (generative / language models) acting as subprocessors. Your content may be transmitted to such providers solely to generate in-app prompts, summaries, structured commentary, or similar outputs intended for personal reflection. These outputs are not produced by a human, may be incomplete or inaccurate, and do not constitute professional medical, psychological, legal, tax, or financial advice. The Operator selects providers and applies contractual and technical safeguards where feasible. Further detail on recipients and international transfers appears in Section 8.
7. Cookies and similar technologies
The Application may use local storage on the device and similar mechanisms to keep you signed in and store preferences. Website properties (if any) may use cookies as described in their respective notices.
8. Sharing and subprocessors
8.1. The Operator does not sell your personal data.
8.2. Personal data may be disclosed to third parties only where necessary to provide the service or comply with law, including:
— Infrastructure and hosting providers;
— Authentication providers (OAuth) as chosen by you;
— App store platforms for purchases and subscription status;
— Analytics or reliability tools acting on the Operator’s instructions, subject to contractual safeguards where required;
— Third-party generative AI providers that process the text and context of your impulse entries to deliver analysis, prompts, or summaries inside the Application (typically as subprocessors under written terms).
8.3. Payment card processing is performed by app stores/payment platforms under their terms; the Operator does not receive your full card number for store purchases in the typical model.
9. International transfers
If data is processed in countries other than your country of residence, the Operator will apply appropriate safeguards as required by applicable law (including contractual clauses where applicable).
10. Retention and account deletion
10.1. Personal data is stored as long as your account is active and as needed to provide the service, unless a longer retention period is required by law.
10.2. When you delete your account using the in-app deletion feature (where available), the Operator applies anonymization and/or deletion measures described in internal procedures (including revoking sessions and replacing identifiers where needed). Some records may be retained in aggregated or depersonalized form where permitted by law.
10.3. Backups may persist for a limited period consistent with security practices.
11. Security and breaches
The Operator implements administrative, technical, and organizational measures to protect personal data. In case of a personal data breach likely to affect your rights, the Operator will notify you and/or regulators as required by applicable law.
12. Children
The service is not directed to children under the age required by these Terms (typically 16+). If you believe we have collected data from a child without appropriate consent, contact support.
13. Sources of personal data
13.1. Directly from you: account registration, profile fields, impulse entries, goals, support messages, and any consents or preferences you set in the Application.
13.2. Automatically: technical logs, device/app identifiers, approximate location derived from IP where processed for security, timestamps, crash or diagnostic data limited to what is needed to operate and secure the service.
13.3. Third parties: when you sign in with an OAuth provider, we receive identifiers and profile elements permitted by that provider’s consent screen. App stores may provide subscription status, transaction identifiers, and refund/chargeback signals needed for billing support and fraud prevention.
13.4. We do not require you to disclose special categories of data (health, political opinions, etc.). If you voluntarily include such information in free-text fields, you do so under your control; we process it only to provide the service you requested and recommend avoiding unnecessary sensitive details.
14. Marketing communications
Unless you opt in where required, the Operator does not use your personal data to send third-party marketing. Service-related messages (security alerts, subscription receipts via the store, critical product notices) may be delivered as part of providing the service. You can manage push notifications in device settings and in-app toggles where available.
15. Automated processing and human review
Analytics, statistics, and optional AI summaries are intended to support self-reflection. They do not replace professional advice. Where the law grants you rights related to solely automated decisions with legal or similarly significant effects, the Application is not designed to make such decisions without appropriate human involvement, except where required by law.
16. Regional rights (EEA/UK and similar)
If you are in the European Economic Area, the United Kingdom, or other regions with comprehensive privacy laws, you may have additional rights (including to lodge a complaint with a supervisory authority). Nothing in this Policy limits mandatory consumer rights in your country. The Operator will respond to verifiable requests in line with applicable law and may need to confirm your identity before disclosing or deleting data.
17. U.S. state privacy (summary)
Depending on your U.S. state of residence, you may have rights to know, delete, correct, and opt out of certain “sales” or “sharing” for cross-context behavioral advertising. The Operator does not sell personal data for money as a business model. For rights requests, use the support channel in the Application; we may verify your request as permitted by law.
18. Changes to this Policy
The Operator may update this Policy. The current version is published at Privacy Policy. Material changes may be communicated via the Application or other reasonable means.
19. Contact and supervisory complaints
Operator: Sole Proprietor LATAREVICH YAUHENI IOSIFOVICH, UNP 591378924. Contact email: contact@speakylex.com.
Support: use the contact method indicated in the Application and/or the official app store listing.
If you believe processing infringes applicable law, you may also contact your local data protection authority where such a right exists.