Privacy Policy
Last updated: June 1, 2026 — Version 1.0
This Privacy Policy explains what personal data BelFed Analytics collects, why we collect it, how we protect it, and what rights you have over it. We follow the principles of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") for visitors located in the EU/EEA and the UK, and the Russian Federal Law No. 152-FZ "On Personal Data" for visitors from the Russian Federation.
1. Data Controller
The data controller responsible for the processing described in this Policy is:
Individual entrepreneur Artem I. Fedorov (IE / "Самозанятый")
INN: 781103296545
OGRNIP: 326784700016572
Mailing address: St. Petersburg, Russian Federation
Contact for any privacy matter: contact@belfed.com
For the purposes of this Policy, "BelFed", "we", "us" or "our" refer to the controller above.
2. Scope
This Policy applies to all users of the websites belfed.com and belfed.ru, the Telegram bot @BelfedBot, and the private Telegram channels operated by BelFed (collectively, the "Service").
3. What data we collect
| Category | Specific items |
|---|---|
| Telegram identifiers | telegram_id, username (if public), first/last name as exposed by Telegram, group membership status |
| Contact data | email address you provide when starting a trial or paid subscription |
| Payment data | payment ID and tokenised card reference — stored by our payment processors (YooKassa for RUB, Telegram Stars for foreign users). We never see your full card number or CVV. On our side we keep only subscription status, amount and validity period. |
| Usage data | login and action logs in the member dashboard, IP address, User-Agent, request timestamps, referrer |
| Behavioural analytics | de-identified visit statistics (CTA source, button clicks), functional and first-party analytics cookies |
| Communications | messages you send us via @BelfedBot or contact@belfed.com, to handle your requests |
We do not collect special categories of personal data (race, political opinions, health, biometric data, etc.) and we do not request passport or identity document details.
4. Purposes and legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Account creation, granting trial access, authorising you in the private Telegram channel | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and recurring billing | Performance of a contract and legal obligation (Art. 6(1)(b)/(c)) |
| Sending trade notifications, analytics, and service emails (position open, stop, take-profit, manual close, service updates), only for the events you opt into | Consent (Art. 6(1)(a)) — granular toggles in the member dashboard, withdrawable at any time |
| Marketing communications (new products, promotions) | Separate consent (Art. 6(1)(a)). One-click unsubscribe in every marketing email. |
| Service security, fraud prevention, abuse detection | Legitimate interests (Art. 6(1)(f)) |
| Compliance with tax and other legal obligations | Legal obligation (Art. 6(1)(c)) |
5. How long we keep data
- Active account data — for as long as your trial or subscription is active and up to 36 months thereafter, to handle disputes and tax requirements.
- Payment records and tax receipts — 5 years (Russian Tax Code requirement for the operator).
- Access logs — up to 12 months.
- Marketing consent records — until you withdraw consent; the data is then deleted within 30 days, except for the minimal record of the withdrawal itself.
After the retention period the data is deleted or irreversibly anonymised.
6. Sub-processors and recipients
We rely on a small set of trusted sub-processors which act on our documented instructions and under their own publicly available privacy terms:
| Vendor | Purpose | Jurisdiction |
|---|---|---|
| Supabase Inc. | Database, authentication, edge functions, profile storage | Hosted in EU-West (Ireland) |
| YooKassa (NCO YuMoney) | Card payments and recurring billing for RUB | Russia |
| Telegram FZ-LLC | Messaging, Stars payments, identification by telegram_id, channel access | UAE / global infrastructure |
| Brevo (Sendinblue SAS) | Delivery of transactional and service emails | France (EU) |
| Cloudflare / GitHub Pages | Static site hosting, CDN, DDoS protection | USA / global network |
We do not sell your personal data and we do not share it with ad networks. International transfers (e.g. to Telegram, Cloudflare) are carried out under the contractual safeguards required by GDPR (Standard Contractual Clauses or equivalent measures).
7. Cookies and similar technologies
The BelFed websites use only functional cookies (session, language, UI toggles) and first-party, anonymised analytics. We do not use third-party advertising cookies or cross-site trackers. Because no consent-required cookies are set, we do not display a cookie banner; however, you can disable cookies in your browser settings without losing access to public content.
8. Your rights
Under GDPR (and equivalent rights under 152-FZ) you have the right to:
- Access a copy of the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your account and associated data ("right to be forgotten"), except for data we must keep by law (payment receipts, tax records).
- Restrict or object to certain processing activities.
- Data portability — receive your data in a machine-readable format.
- Withdraw consent at any time for any processing based on consent. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
- Lodge a complaint with a supervisory authority — the EU/EEA Data Protection Authority of your country of residence, or Roskomnadzor (rkn.gov.ru) for users in Russia.
To exercise any of these rights, contact us at contact@belfed.com with the subject line "Privacy request". We will respond within 30 calendar days.
Some rights can be exercised directly inside the product: notification preferences in belfed.com/members.html, one-click unsubscribe in every marketing email, and self-service cancellation of subscription auto-renewal.
9. Children
The Service is not intended for individuals under 18. We do not knowingly collect personal data from minors. If we discover that we have collected such data inadvertently, we will delete it promptly.
10. Security
We apply technical and organisational measures to protect your data, including TLS encryption in transit, password hashing, restricted access to production systems, administrator action logging and regular backups. No internet transmission or storage can be guaranteed 100% secure — please use strong unique passwords and do not share your credentials with third parties.
11. Changes to this Policy
We may update this Privacy Policy from time to time. For material changes we will notify users inside the member dashboard and/or by email at least 14 calendar days before the change takes effect. The current version date is shown at the top of this document.
12. How to contact us
For any privacy-related question or to exercise your rights, contact the controller at:
Email: contact@belfed.com
Subject: "Privacy request"