Privacy Policy

Effective date: 2026-06-09 Last updated: 2026-06-08

This Privacy Policy explains what personal data Individual Entrepreneur Prusov Dmitry Aleksandrovich (Russian: ИП Прусов Дмитрий Александрович, INN 504212647947, OGRNIP 318500700004187) — referred to below as "we", "us" — collects from users of the voxite service (the "Service"), how we use it, and your rights regarding that data.

It is part of our Terms of Service.

1. Who is the data controller

Individual Entrepreneur Prusov Dmitry Aleksandrovich, INN 504212647947, OGRNIP 318500700004187, registered at 127221, Russia, Moscow, Shokalskogo passage, bld. 37, building 1, apt. 69, is the data controller for personal data processed in connection with the Service.

If you have questions, contact us at privacy@voxite.app.

2. What we collect

2.1 — Provided by you via Telegram

Telegram user ID (numeric)
Telegram username (if you have one set)
First name (as visible to Telegram bots)
Messages you send to the bot, including:
- Brief text describing the business / website you want
- Voice messages (transcribed to text via Whisper)
- Photos and attached documents (PDFs, brand assets)
- URLs you ask us to redesign
- Edits, change requests, and feedback

2.2 — Generated by the Service

Site identifiers, subdomains, and port assignments
Generated TSX files, assets, and version history
Operation logs (which AI models were used, costs, timestamps, durations)
Job queue records (status, retries, error messages)

2.3 — Provided by you via payment processors

We use three payment processors. We never see your card number, crypto wallet seed, or banking info — each processor handles the entire payment flow.

YooMoney (ЮKassa) — for top-ups via Russian cards, СБП (Faster Payments System), YooMoney wallet. We receive: payment ID, status, amount, currency (RUB), and (if collected by YooMoney) your billing email.
NowPayments — for crypto top-ups (BTC, ETH, USDT, USDC, and 350+ other currencies). We receive: invoice ID, amount in USD-equivalent, payment status, transaction hash, crypto currency code, and the crypto address used to pay. No personal identity data is shared — NowPayments operates pseudonymously, but the transaction hash is public on the blockchain.
Stripe — currently in test mode only, not active for live top-ups. When activated (for non-RU users): session ID, payment status, amount, currency, and billing email if Stripe collects it.

2.4 — Automatically collected (server logs)

IP address of requests to your generated sites (nginx access logs)
User agent strings
Request paths and response codes
Timestamps

These logs are kept for 30 days for operational and security purposes.

3. What we DO NOT collect

We do not collect your card details, CVV, or banking info (the payment processor handles this entirely)
We do not collect your crypto wallet seed or private keys (NowPayments operates as a custodial gateway)
We do not use tracking cookies on the landing page beyond what is strictly necessary
We do not use third-party advertising trackers (no Google Ads, Facebook Pixel, etc., as of the effective date)
We do not buy or sell personal data

4. How we use your data

We use personal data only to provide the Service:

| Purpose | Data used | Legal basis | |---|---|---| | Generating your website | Brief text, photos, URLs | Contract (performance) | | Charging your balance | Telegram ID, operation records | Contract | | Processing payments | Payment-processor session data, balance | Contract | | Communicating with you | Telegram ID | Contract / Legitimate interest | | Improving the Service | Aggregated, anonymised usage stats | Legitimate interest | | Preventing fraud / abuse | All of the above | Legitimate interest | | Legal compliance | Records, logs | Legal obligation |

We do not use your brief content or generated sites for training AI models.

5. Third parties we share data with

We share necessary data with the following processors and providers:

5.1 — Anthropic (AI provider)

Data shared: your brief text, photos (as base64), URLs you submitted, and intermediate prompts.
Purpose: generating your website.
Their policy: Anthropic does not train on API data by default (as of their stated policy). See https://www.anthropic.com/legal/privacy
Location: USA.

5.2 — YooMoney (ЮKassa) — payment processor for RUB

Data shared: Telegram ID (as client_reference_id), top-up amount, currency.
Purpose: processing your RUB / СБП payment securely.
Their policy: https://yookassa.ru/legal/privacy_policy
Location: Russia.

5.3 — NowPayments — crypto payment processor

Data shared: Telegram ID (as order_id), top-up amount in USD-equivalent.
Purpose: generating crypto invoices and confirming on-chain payments. Operates in custody+auto-conversion mode — NowPayments holds funds briefly, converts to our settlement currency, and forwards to our wallet. The blockchain transaction itself is public.
By starting a crypto top-up, you explicitly consent to the transfer of your Telegram ID and amount to NowPayments and to the on-chain visibility of the transaction (required by NowPayments merchant agreement).
Their policy: https://nowpayments.io/privacy-policy
Location: NowPayments OÜ, Estonia (EU).

5.4 — Stripe — payment processor (currently test-mode only)

Data shared (when active): Telegram ID (as client_reference_id), top-up amount.
Purpose: processing card payments for non-RU users.
Their policy: https://stripe.com/privacy
Location: USA (with EU subprocessors).
Status: test-mode only as of the effective date; not used for live charges.

5.5 — Telegram (interface)

Data shared: all messages you send to and receive from our bot pass through Telegram.
Their policy: https://telegram.org/privacy
Location: various.

5.6 — Cloudflare (DNS / SSL for apex domain)

Data shared: apex domain DNS requests, traffic to voxite.app.
Purpose: DNS resolution, SSL termination, basic DDoS protection.
Their policy: https://www.cloudflare.com/privacypolicy/
Location: Global.

5.7 — VDSina (server hosting)

Data shared: server-stored data including generated sites, briefs, version archives, operation logs.
Purpose: hosting our infrastructure.
Location: Russia (server in St. Petersburg).

5.8 — Resend (transactional email delivery)

Data shared: email content of lead notifications submitted via forms on sites generated through the Service. This includes name, phone, email, message and any custom fields filled in by the visitor of a generated site.
Purpose: delivering form submissions to the site owner and the platform admin via email.
Location: Resend, Inc. (USA); processing region eu-west-1 (Ireland).
Retention by Resend: message logs are kept up to 30 days in Resend's interface.
Our access: as the operator of the Resend account, we can see metadata (sender, recipient, status) of all transactional emails sent via our infrastructure. We use this only for diagnostics, abuse prevention, and billing validation.
Their policy: https://resend.com/privacy
Note for site visitors: when you submit a form on any site generated via voxite, your form data passes through Resend's servers en route to the site owner. The site owner remains responsible (as data controller) for how they use your data after receiving it.

6. Where data is stored

Operational database, source files, logs: on our VDS server at IP 89.124.89.55 (VDSina, St. Petersburg, Russia).
AI processing: Anthropic infrastructure (USA).
Payment data: YooMoney infrastructure (Russia), NowPayments infrastructure (Estonia/EU + blockchain), Stripe infrastructure (USA/EU) when active.
Backups: stored on our infrastructure with the same retention as the source.

We do not store payment card data, crypto seeds, or banking credentials anywhere — the respective payment processors handle these end-to-end.

7. How long we keep your data

| Data | Retention | |---|---| | Account record (Telegram ID, balance) | Until account deletion + 30 days | | Brief text and submitted assets | Until you delete the corresponding site, or 12 months after last activity | | Generated sites and version history | Until account deletion or you request removal | | Server logs (nginx, bot) | 30 days | | Payment records (YooMoney / NowPayments / Stripe) | 5 years (Russian tax law / accounting requirement) | | Operation logs in our DB | 12 months |

8. Your rights

If you are in the EU/EEA, UK, Russia, or other jurisdiction granting similar rights (e.g., California), you have the following rights:

Access: Request a copy of the data we hold about you.
Rectification: Ask us to correct inaccurate data.
Erasure ("right to be forgotten"): Ask us to delete your data. Subject to legal retention obligations (payment records: 5 years under Russian law).
Restriction: Ask us to limit how we process your data.
Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Withdraw consent: Where processing is based on consent.

To exercise any right, email privacy@voxite.app with subject Data request — [Telegram username]. We respond within 30 days.

9. Children

The Service is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe we have, contact us at privacy@voxite.app and we will delete it.

10. Security

We protect data with:

HTTPS / TLS 1.2+ for all external connections
SSH key-only access to the server
Filesystem permissions limiting access to operator accounts
File-based 600-permission credentials (Cloudflare token, payment-processor API keys, IPN secrets)
No password authentication exposed to the public internet
HMAC-SHA512 signature verification on payment-processor webhooks (NowPayments)

Despite these measures, no system is 100% secure. If you discover a vulnerability, please report it to security@voxite.app before disclosing publicly.

11. International data transfers

By using the Service, you understand that your data may be transferred to and processed in:

Russia (VDSina hosting, YooMoney)
USA (Anthropic, Stripe when active, Resend)
Estonia / EU (NowPayments, Resend processing region)
Public blockchains (NowPayments crypto transactions — irreversibly public)
Other jurisdictions where our third-party providers operate

If you are in the EU/EEA, transfers outside the EU are based on Standard Contractual Clauses where applicable, or based on your explicit consent given by use of the Service.

12. Cookies

The landing page at voxite.app may use a minimal set of strictly necessary cookies (session tokens for the bot login, if implemented). We do not use marketing or analytics cookies as of the effective date.

If we add analytics cookies in the future (e.g., Yandex.Metrica, Google Analytics), we will update this Policy and ask for your consent via a cookie banner.

13. Automated decision-making

The Service uses AI to generate websites from your input. This is automated processing but does not produce legal or similarly significant effects on you — the output is a creative artefact, not a binding decision. You always have the option to discard, edit, or not use the generated result.

14. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be announced on voxite.app and via Telegram bot with at least 14 days' notice.

15. Complaints

If you are not satisfied with our handling of your data, you may lodge a complaint with the data protection authority in your country.

EU users: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Russian users: Roskomnadzor (Федеральная служба по надзору в сфере связи, информационных технологий и массовых коммуникаций) — https://rkn.gov.ru/

16. Contact

Privacy: privacy@voxite.app Security: security@voxite.app Support: support@voxite.app Postal address: 127221, Russia, Moscow, Shokalskogo passage, bld. 37, building 1, apt. 69 Entity: Individual Entrepreneur Prusov Dmitry Aleksandrovich (INN 504212647947, OGRNIP 318500700004187)