ЗСЗемельный Сервисbeta
Contact us
HomeServicesHow it worksRegionsPrototypeFor investorsAboutContact us
Documents

Personal Data Processing Policy

Version: 1.1
Date: 2026-05-09
Legal basis: Federal Law 152-FZ on Personal Data (as amended by Federal Law 420-FZ of 30.11.2024), FSTEC Order No. 21, Federal Law 242-FZ on Localisation
Operator (working name): КОМПАНИЯ "ЗС" (KOMPANIYA "ZS")
Document status: DRAFT. The final version will follow lawyer review and the filing of the operator notification with Roskomnadzor (Article 22 of Federal Law 152-FZ on Personal Data).

1. General provisions

1.1. This Policy sets out the rules for the processing of personal data within the "Zemelny Service" mobile and web application.

1.2. The personal data operator is КОМПАНИЯ "ЗС" (KOMPANIYA "ZS") (working name; the OGRN and the registration number in the Roskomnadzor Register of Personal Data Operators will be inserted after registration of the legal entity and the filing of the operator notification).

1.3. The Policy is published in open access within the Service and on the Operator's website in accordance with Article 18.1 of Federal Law 152-FZ on Personal Data.

2. Categories of data we process

Category Composition Purpose
IdentificationFull name, passport (SHA-256 hash), SNILS (hash), INN (hash)Sign-up, ESIA, document execution
ContactsPhone, emailAuthentication, notifications
Land plotCadastral number, address, ownership rights (USRN extract)Risk diagnostics, case execution
Case documentsUser-uploaded PDFs, photographs, actsCase support, transfer to the lawyer
TechnicalIP, User-Agent, time of operationsSecurity, the SES signing log

3. Processing purposes

  • Provision of information and consulting services for the protection of owner's rights.
  • Preparation of procedural documents using AI features (AI-1 to AI-7).
  • Transfer to an accredited lawyer for case support (only with separate consent).
  • User authentication and account protection.
  • Compliance with statutory requirements (Federal Law 149-FZ, Federal Law 63-FZ on Electronic Signatures, Federal Law 115-FZ).

4. Consent to processing

4.1. Consent is given separately by purpose:

  • Core — processing for the provision of the service (the Service does not function without it).
  • Transfer to a lawyer — given when a lawyer is engaged.
  • Marketing — optional.
  • Special categories — where required (disability as a basis for benefits, criminal record).

4.2. Consent may be withdrawn at any moment via "Profile → Privacy".

5. Localisation and storage

5.1. All personal data is stored exclusively within the territory of the Russian Federation in Yandex Cloud (Article 18 of Federal Law 152-FZ on Personal Data).

5.2. Sensitive data (passport, SNILS, INN) is stored as a SHA-256 cryptographic hash with a per-user salt.

5.3. User documents are stored in Yandex Object Storage with client-side encryption.

5.4. The target information security class is IS Class 2 under FSTEC Order No. 21. Certification is scheduled for M11 (March 2027).

6. Transfer to third parties

6.1. Transfer to a partner lawyer occurs only with the user's separate consent for the specific case.

6.2. Transfer to state authorities takes place only in cases expressly provided for by law (FSB requests under Federal Law 149-FZ, the Federal Tax Service, courts).

6.3. No other transfers to third parties are made. Marketing partners — only with separate consent.

7. Retention period

  • Active personal data — for the duration of the account's activity.
  • After account deletion — a 30-day grace period followed by full deletion of personal data.
  • SES signing log — 5 years (a requirement of Federal Law 63-FZ on Electronic Signatures).
  • Audit log — 1 year (Article 10.1 of Federal Law 149-FZ, ORI regime).

8. Protective measures

  • MFA for administrators and lawyers; SMS OTP for users on sensitive operations.
  • TLS 1.3+ on all communication channels.
  • Encryption at rest (LUKS) on the disks; client-side encryption for documents in S3.
  • Logging of user and administrator actions.
  • SAST/DAST in CI; external pentest before the prod release.
  • Hardened Linux (Astra Linux SE 1.8+) on prod nodes.

9. Incident response

9.1. Notification to Roskomnadzor of a personal data breach or unlawful transfer is sent within 24 hours; a follow-up notification with the results of the investigation — within 72 hours (Article 21.1 of Federal Law 152-FZ on Personal Data, as amended by Federal Law 420-FZ).

9.2. Notification of personal data subjects is made in the cases expressly provided for by law.

10. Rights of the personal data subject

10.1. You have the right to:

  • obtain a copy of all your personal data (Article 14 of Federal Law 152-FZ on Personal Data) — via "Profile → Export data";
  • delete your account — via "Profile → Deletion";
  • withdraw any consent — via "Profile → Privacy";
  • file a complaint with Roskomnadzor — rkn.gov.ru.

11. Personal data contact

The Data Protection Officer (DPO) responsible for the processing of personal data will be appointed by an internal order of КОМПАНИЯ "ЗС" (KOMPANIYA "ZS") after registration of the legal entity. As at the date of publication, the DPO functions are performed by the project owner.

  • Name: Abdul-Khakim A. Kagirov
  • Email: aslankaa@yandex.ru (working)
  • Phone: +7 (969) 795-55-55

The full version is held in 04_legal/v1.0/policy_personal_data_v1.0.md.