Privacy Policy

This policy complies with Russian Federal Law 152-FZ «On Personal Data» and governs the processing of personal data of users of card-center.ru.

1. Data operator

Sole Proprietor Aleksandr Sergeevich Filchikov, TIN 366219887398. The website question form is used for inquiries.

2. Data collected

• Order data: name, phone, email, passport details, registration address, delivery address, and optional comment;
• Account data: email, password hash (scrypt);
• Technical data: session cookie, referral code, UTM tags, CPA click_id, server-log IP (30 days);
• When analytics is enabled: visit identifiers, sanitized public-page views, CTA click events, and Microsoft Clarity recordings only on public marketing pages; Yandex Webvisor is disabled on the site;
• Document data provided outside the website as part of the fulfilment route, where required for shipment;
• When using the special group offer: organizer details, group size, participant descriptions, and the handoff plan for the shared document batch;
• Order and referral records.

Payment card data is not requested through the website forms. Passport details entered in the order form are used only to prepare the invoice contract and to perform the service.

3. Purpose

• Providing the card-assistance service;
• Authenticating users;
• Fulfilling the public offer;
• Referral accounting;
• Processing questions submitted through the website form and replying to the provided email;
• Measuring traffic sources, UX quality, and form conversion;
• Compliance with law (tax reporting, authority requests).

4. Data sharing

We do not sell data or pass it to marketing third parties. Technical processors: hosting provider (backups), and postal / courier operators where required to deliver documents and cards. If the relevant counters are enabled, the website may also send technical visit events to Yandex Metrica and Microsoft Clarity. Admin, account, status, and other sensitive routes are excluded from marketing page views or masked at DOM level. Data is shared only to the extent necessary.

5. Retention

Data is kept until the order is fulfilled plus 3 years for accounting and tax purposes, then irrevocably erased or anonymized. Inactive accounts are deleted after 3 years.

6. Security

• TLS for transport;
• scrypt password hashes;
• public invoice-contract PDF links are protected by a per-order token;
• HMAC-SHA256 signed referral cookies;
• admin sessions separated from user sessions;
• access limited to authorized staff.

7. Your rights

• Access your data;
• Request correction, blocking, or deletion;
• Withdraw consent.

Requests submitted through the website question form are processed within 30 days. You may also contact Roskomnadzor.

8. Cookies

We use technical cookies (session, theme, referral code, CPA attribution). When counters are enabled, analytics cookies from Yandex Metrica and Microsoft Clarity may also be used to measure traffic sources, on-site behavior, and conversion quality. No advertising or third-party social trackers.

9. Changes

The current version is available here. Last updated: 2026-04-24.