Spodi Privacy Policy
Effective date: February 15, 2026
This Privacy Policy explains how Spodi collects, uses, and protects your personal data when you use our website (spodi.ru), iOS and Android applications, macOS app, and Telegram bot.
Data Controller
Individual Entrepreneur Gulyaev Maksim Yuryevich
OGRNIP: 326527500032500
INN: 524613147662
Address: 606440, Russia, Nizhny Novgorod region, Bor
Data privacy contact: privacy@spodi.ru
General support: support@spodi.ru
1. Data We Collect
| Category | Data | Purpose |
|---|---|---|
| Registration | Name, email, phone, password (hashed) | Account management |
| Profile | Avatar, gender | Personalization |
| Workout data | Exercises, sets, weight, duration, notes, body weight | Core functionality |
| Technical | IP address, device type, cookies | Service operation, security |
| Auth providers | External IDs (VK ID, Yandex ID, Telegram, Apple ID) | Third-party auth |
Data sources: provided by you during registration and service usage, received from connected authentication providers (your choice), and collected automatically from your device and browser.
2. How We Use Your Data
- Providing Service functionality
- Account management
- Authentication
- Cross-device sync
- Workout reminders (with consent)
- Marketing communications (with separate consent)
- Improving the Service
- Security and fraud prevention
- Legal compliance
3. Legal Basis
- Consent — explicit consent at registration
- Contract performance — delivering Service functionality
- Legal obligation — compliance with applicable laws
Processing methods: collection, recording, systematization, accumulation, storage, clarification (update/change), retrieval, use, transfer (provision/access), depersonalization, blocking, deletion, and destruction of personal data. Processing is performed both with and without automation tools.
4. Data Sharing
We do not sell your data. We share with:
- Yandex Cloud (Russia) — hosting and storage
- Yandex Postbox — transactional email delivery
- VK ID / Yandex ID / Telegram — authentication (your choice)
- Apple ID — authentication (your choice)
Cross-border transfer of personal data is not performed.
5. Storage and Security
- Data stored in the Russian Federation (Yandex Cloud)
- HTTPS/TLS, bcrypt passwords, AES-256-GCM for 2FA secrets
- Data retained 30 days after account deletion, then permanently removed
6. Your Rights
- Access your data
- Request corrections
- Request deletion (via settings or support)
- Withdraw consent (results in account deletion)
- Opt out of marketing
Privacy contact: privacy@spodi.ru
7. Cookies
Session management (required), language preferences (required), analytics (with consent).
8. Changes
Significant changes will be communicated through the Service.
9. Contact
Data privacy: privacy@spodi.ru
General support: support@spodi.ru
10. Data Subject Request Handling
You can submit a request to privacy@spodi.ruwith the subject line "Data Subject Request".
- Response time: up to 10 business days from receipt of the request
- The term may be extended by up to 5 business days with prior notice to the requester
- We may request additional information to verify the requester's identity