Privacy Policy

Last updated: May 11, 2026 · Effective immediately

This Privacy Policy describes how Individual Entrepreneur Roman Blokhin ("pingplex", "we", "us"), address: Georgia, Batumi city, Giorgi Leonidze street, N 4e, collects, uses, stores, and discloses personal data when you use the pingplex platform ("Service"). This policy applies to all users of the Service regardless of location.

We process personal data in accordance with applicable data protection legislation, including where applicable the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Federal Law No. 152-FZ "On Personal Data" (Russian Federation).

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

2.1 Account Data

When you register, we collect:

• Email address — used for authentication, service communications, and support;
• Username (optional) — display name within the platform;
• Password — stored as a one-way bcrypt hash; we never store the plaintext password;
• Google account ID and profile email — if you register via Google OAuth.

2.2 Profile Data

• Avatar image — uploaded voluntarily; stored on our servers;
• Account settings and preferences.

2.3 Usage and Generation Data

• Prompts and source files submitted for image, video, audio, and text generation;
• Generated outputs temporarily cached or stored to serve them to you;
• Credit balance, transaction history, and subscription status;
• Tool usage logs (metadata queries, unicalize operations, downloads).

2.4 Payment Data

We do not store full card numbers or bank account details. Payments are processed by third-party processors (Stripe, YooKassa, Cryptomus). We receive and store:

• Payment confirmation identifiers;
• Subscription plan and billing cycle information;
• Transaction amounts for accounting and dispute resolution.

2.5 Technical and Log Data

• IP address and approximate geographic location;
• Browser type and version, operating system;
• Referring URL, pages visited, time spent;
• API request logs (endpoint, timestamp, response code) — retained for up to 30 days for security and debugging.

3. Legal Bases for Processing (GDPR)

4. How We Use Your Data

• To create and manage your account;
• To process and fulfill your AI generation requests;
• To bill you and manage subscriptions;
• To send service-related notifications (password resets, billing receipts, policy updates);
• To detect and prevent fraud, abuse, and violations of our Terms;
• To improve the platform through aggregated, anonymized analytics;
• To comply with applicable legal and regulatory obligations.

We do not sell your personal data to third parties. We do not use your prompts or generated content to train AI models without your explicit consent.

5. Data Sharing and Third Parties

We share data only as necessary:

• AI model providers (OpenAI, Google, Kling, Alibaba Cloud / DashScope) — your prompts and media files are transmitted to these providers to fulfill generation requests. Their privacy policies apply.
• Payment processors (Stripe — USA, YooKassa — Russia, Cryptomus) — billing information is processed according to their respective policies.
• Infrastructure providers (Fly.io — servers in Frankfurt, EU; PostgreSQL database) — data is hosted on EU-based servers.
• Law enforcement — only when required by a valid legal order under applicable law.

6. International Data Transfers

Some third-party providers are located outside the European Economic Area (EEA) or Russia. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms.

7. Data Retention

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of personal data we hold about you;
• Rectification — request correction of inaccurate data;
• Erasure ("right to be forgotten") — request deletion of your data, subject to legal retention obligations;
• Restriction — request that we restrict processing while a dispute is resolved;
• Portability — receive your data in a structured, machine-readable format;
• Objection — object to processing based on legitimate interests;
• Withdrawal of consent — where processing is based on consent, you may withdraw it at any time.

To exercise your rights, email us at privacy@pingplex.io. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (e.g., Roskomnadzor in Russia, or your national DPA in the EU).

9. Cookies and Tracking

The Service uses the following storage mechanisms:

• localStorage (authentication token) — we store a JWT authentication token in your browser's local storage to keep you logged in. This is strictly necessary for the Service to function.
• Session cookies — used for CSRF protection and session continuity.

We currently do not use third-party advertising or behavioral tracking cookies.

10. Security

We implement appropriate technical and organizational measures to protect your data, including TLS encryption in transit, bcrypt hashing of passwords, access controls, and regular security reviews. However, no transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Children's Privacy

The Service is not directed at persons under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or an in-app banner at least 14 days before taking effect. The "last updated" date at the top will always reflect the current version.

13. Contact

For any privacy-related questions or requests, contact our privacy team at: privacy@pingplex.io or by post: Individual Entrepreneur Roman Blokhin, Georgia, Batumi city, Giorgi Leonidze street, N 4e.