This Privacy Policy describes how Zhukov Vadim (hereinafter referred to as "we," "us," or "our") collects, uses, and protects the personal data of users (hereinafter referred to as "you" or "users") of our blog, Zh Blog (hereinafter referred to as the "Blog"), available at zhblog.ru. We are committed to protecting your privacy and ensuring the security of your personal data in accordance with the General Data Protection Regulation (GDPR) and the Russian Federal Law No. 152-FZ "On Personal Data."

1. Data Controller

The data controller is:

Zhukov Vadim
Email for privacy inquiries: zhblog.ru@yandex.ru
Country of residence: Russia

2. Data Collection and Purposes

We collect the following types of information:

• Information provided by you during registration and in your profile:

• Username (nickname): To identify you on the Blog.
• Email address: To communicate with you, confirm registration, and send important notifications.
• Password (stored in encrypted form): To protect your account.
• Profile photo (optional): To personalize your profile.
• Status (optional): To provide additional information about yourself to other users.

• Use of Yandex SmartCaptcha:

• To protect against spam and automated registrations, we use Yandex SmartCaptcha.
• Yandex may process user data (e.g., IP address, browsing behavior) in accordance with its Privacy Policy.
• We do not receive personal data from Yandex—only the verification result (passed/failed captcha).

• Automatically collected information:

• Cookies: We use cookies necessary for the Blog's functionality, including:
  • JWT (JSON Web Token): For user authentication after login. Storage duration: 7 days.
  • X-CSRF-Token: For protection against cross-site request forgery (CSRF). Storage duration: Until browser closure.
  • Locale: To save the user's selected interface language. Storage duration: Indefinitely.
  • We do not use tracking cookies to monitor your activity on other websites.

  You can disable cookies in your browser settings, but this may affect the Blog's functionality.

• Core Web Vitals: We collect anonymous performance data about our Blog (LCP, CLS, FID) for analysis and improving user experience. This aggregated data is stored on the server and contains no personal information.

• Information provided by you when commenting:

• Comment text: To publish your thoughts and ideas on the Blog.
• Username (nickname): To identify you as the comment author.
• Profile photo (if available): To identify you as the comment author.

• Like information:

• We store the fact that a user liked an article. We do not store information about who specifically liked it. This allows us to display article popularity.

3. Legal Basis for Data Processing

We process your personal data on the following legal grounds:

• Consent: You consent to the processing of your personal data when registering on the Blog and providing additional information in your profile.
• Contract: Processing is necessary to fulfill the contract between you and us (providing access to the Blog's features).
• Legitimate interests: We process your data for our legitimate interests, such as:
  • Ensuring Blog security and preventing abuse.
  • Analyzing Blog performance using Core Web Vitals.
  • Enabling users to comment and like posts.

4. Data Retention Period

We retain your personal data as long as your account remains active. User comments are stored until either deleted by the user or until the user account is deleted. Likes are removed along with the user account or when the like is revoked by the user. Core Web Vitals data is stored in aggregated form and is not associated with specific users.

Data Replication

To ensure fault tolerance, we use synchronous PostgreSQL replication. This means your data is duplicated on additional servers in real-time.

Important: When you delete your account, your data is immediately removed from both the primary database and all replicas. We do not maintain data backups, therefore recovery of deleted information is impossible.

5. Data Sharing with Third Parties

We do not share your personal data with third parties, except when required by law (for example, in response to a court order). Please note that our cloud hosting provider may collect technical data as part of their services, but we do not control this activity. We recommend reviewing Selectel's Privacy and Data Protection Policy.

6. Cross-Border Data Transfers

Your personal data is stored on servers located in the Russian Federation. No cross-border data transfers occur.

7. Your Rights and How to Exercise Them

You have the following rights:

• Right to access: Request information about your personal data we store.
• Right to rectification: Correct inaccurate or incomplete personal data.
• Right to erasure: Delete your personal data (delete your account).
• Right to restriction of processing: Restrict processing of your personal data under certain circumstances.
• Right to data portability: Receive your personal data in a structured format.
• Right to object: Object to processing of your personal data under certain circumstances.
• Right to withdraw consent: Withdraw your consent to processing at any time by deleting your account.

Exercising your rights:

• Access, rectification, account deletion: You can modify or delete your personal data, including deleting your account, in your profile settings. Account deletion will immediately remove all your data (comments, likes) without recovery options.
• Other rights: To exercise other rights (restriction, portability, objection), contact us at zhblog.ru@yandex.ru. We will respond within 30 days and may request identity verification.

8. Cookies

We use the following necessary cookies:

• JWT: For authentication (7 days).
• X-CSRF-Token: For attack protection (until browser closure).
• Locale: For language preference (indefinitely).

Disabling cookies in your browser may affect the Blog's functionality.

9. User Age

The Blog is available to users of all ages. We do not knowingly collect personal data from children under 13. If we become aware of such data collected without parental consent, we will take steps to delete it.

10. Account Deletion or Suspension

We reserve the right to delete or suspend your account if you violate our blog's Terms of Use, including but not limited to the following reasons:

• Posting offensive, discriminatory, or illegal content
• Creating multiple accounts
• Attempting to hack or harm the blog
• Violating applicable laws and regulations

If your account is deleted or suspended, all your data including comments and likes will be permanently removed. No backup copies exist, making data recovery impossible.

11. Data Security

We implement the following security measures:

• HTTPS encryption for data transmission.
• Regular software updates and vulnerability checks.
• Restricted data access to authorized personnel only.

12. Subprocessors

We use the following providers for data processing:

• Hosting: Selectel, country: Russia

13. Data Breach Procedures

In case of a data breach, we will:

• Address the breach within 72 hours.
• Notify Roskomnadzor (for users in Russia).
• Notify affected users if there is a high risk to their rights.

14. Policy Changes

We may update this Privacy Policy. Changes will be announced via:

• A notice on the Blog's homepage.
• Email (if subscribed).

Changes take effect 30 days after publication.

15. Contact Information

For Privacy Policy inquiries: zhblog.ru@yandex.ru

16. Complaints

If you believe your rights have been violated, you may:

• Email us at zhblog.ru@yandex.ru.
• File a complaint with Roskomnadzor (for users in Russia).
• Contact your local supervisory authority (for EU users).