Privacy Policy and Personal Data Processing Policy

Version: 1.0 Effective date: 22.05.2026 Service: «Girlies, I'm spilling...» Website: https://girlies.artelin.org

This Privacy Policy and Personal Data Processing Policy, hereinafter referred to as the “Policy”, explains what personal data is collected and processed when using the «Girlies, I'm spilling...» web service, hereinafter referred to as the “Service”, for what purposes such data is used, to whom it may be disclosed, how it is protected and what rights users have.

The controller and operator of personal data is an individual applying the special tax regime “Tax on Professional Income” under the laws of the Russian Federation: Pavel Ilyich Shikleev, Taxpayer Identification Number / INN 550619042837, hereinafter referred to as the “Operator”.

User support email: shikleyev@gmail.com. Email for personal data and legal matters: shikleyev@gmail.com.

By using the Service, creating an account, signing in through Google, VK, Yandex or any other available method, the user confirms that they have read this Policy.

If the user does not agree with this Policy, the user must not use the Service.

1. Purpose of this Policy

1.1. This Policy applies to all users of the Service, visitors of https://girlies.artelin.org and persons who interact with the Operator regarding the operation of the Service.

1.2. This Policy applies to the processing of personal data when:

• visiting the website;
• viewing demo mode;
• registering and signing in;
• signing in through Google, VK or Yandex;
• creating and using an account;
• completing the user profile;
• creating rooms;
• communicating with AI Characters;
• using character memory and summaries;
• using free and paid plans;
• viewing advertisements;
• receiving bonuses from rewarded ads;
• paying for subscriptions and other paid features;
• contacting support;
• submitting legal requests;
• using cookies and similar technologies.

1.3. This Policy is a public document and is available through a permanent link on the Service website.

2. Definitions

Personal Data means any information relating directly or indirectly to an identified or identifiable user.

Operator means Pavel Ilyich Shikleev, INN 550619042837, who independently or jointly with other persons organizes and carries out the processing of personal data and determines the purposes of processing, the scope of personal data and actions performed with personal data.

User means an individual who is at least 18 years old and uses the Service.

Service means the «Girlies, I'm spilling...» web application designed for communication with fictional AI Characters in rooms and chats.

AI Character means a fictional virtual character whose responses are generated using artificial intelligence technologies.

User Content means messages, profile information, settings, descriptions, instructions, room names, personal facts and other information entered by the user into the Service.

Processing means any operation performed on personal data, including collection, recording, organization, accumulation, storage, updating, use, disclosure, anonymization, blocking, deletion and destruction.

Cookies mean small text files and similar technologies used for website operation, authentication, security, analytics, advertising and Service improvement.

3. Principles of Personal Data Processing

3.1. The Operator processes personal data lawfully, fairly and transparently.

3.2. Processing is limited to specific, predetermined and lawful purposes.

3.3. The Operator does not process personal data that is clearly unnecessary for the operation of the Service unless the user voluntarily provides such data.

3.4. The Operator takes reasonable measures to maintain the relevance, accuracy and security of personal data.

3.5. The Operator stores personal data no longer than necessary for the purposes of processing, performance of obligations, compliance with the law, protection of the Operator’s rights and resolution of disputes.

3.6. The Operator does not require users to provide passport data, exact residential address, banking details, health information, information about intimate life, religious or political views.

4. What Data the Service Processes

The Operator may process the following categories of data.

4.1. Account and Authentication Data

When registering and signing in through Google, VK, Yandex or another authentication method, the Service may receive and process:

• internal user identifier in the Service;
• user identifier from the OAuth provider;
• email address;
• name or display name;
• avatar or avatar URL;
• interface language;
• date and time of registration;
• sign-in method;
• account status;
• age 18+ confirmation;
• information about acceptance of the User Agreement, Public Offer and Personal Data Processing Consent.

4.2. User Profile Data

The user may voluntarily provide in their profile:

• name or nickname;
• age or age range;
• gender;
• city;
• work or education;
• hobbies;
• favorite movies, music, books, games and food;
• goals;
• likes and dislikes;
• personal facts;
• communication preferences;
• other information voluntarily entered by the user for personalization.

The user must not provide passport data, payment data, exact residential address, health information, information about intimate life, religious or political views, or personal data of other people in the profile.

4.3. Chat, Room and Character Data

When using the Service, the following data may be processed:

• user messages;
• responses from AI Characters;
• chat history;
• room names;
• room composition;
• selected characters;
• room settings;
• user instructions;
• relationships with characters;
• summaries of previous messages;
• short-term and long-term character memory;
• reactions, typing statuses, response order and other technical chat events;
• data about message limits, number of rooms, number of characters, message length and use of features.

4.4. Technical Data

When visiting the website and using the Service, the following data may be processed automatically:

• IP address;
• date and time of visit;
• user agent;
• device type;
• browser type;
• operating system;
• interface language;
• session information;
• cookie identifiers;
• error information;
• server logs;
• interface actions;
• login attempt data;
• data necessary to protect against abuse, spam, attacks and unauthorized access.

4.5. Plan, Advertising and Bonus Data

The Service may process:

• current user plan;
• plan limits;
• entitlements;
• promo codes;
• bonus status;
• rewarded ad viewing information;
• information about additional messages or other rewards;
• ad impression data, if provided by an advertising network;
• ad removal settings, if such functionality is available.

4.6. Payment Data

If the user purchases a paid plan, subscription or another paid feature, the Operator may process:

• selected plan;
• price;
• currency;
• access period;
• payment status;
• payment date;
• payment identifier;
• subscription identifier;
• auto-renewal status;
• refund, cancellation or failed payment information;
• data necessary for tax records and confirmation of service provision.

The Operator does not store full bank card data. Payments are processed by a third-party payment provider. Current payment provider: Robokassa.

4.7. Support Request Data

When the user contacts support or submits a legal request, the Operator may process:

• email address;
• name or nickname;
• content of the request;
• attachments, if sent by the user;
• date and time of the request;
• support correspondence history;
• information necessary to respond to the request.

4.8. Consent Data

The Operator may store technical evidence that the user accepted the terms and provided the necessary consents:

• date and time of acceptance;
• IP address;
• user agent;
• document version;
• document text hash;
• consent source;
• consent type;
• age 18+ confirmation;
• acceptance of the User Agreement;
• acceptance of the Public Offer;
• consent to personal data processing;
• consent or refusal regarding optional cookies;
• consent or refusal regarding marketing communications.

5. Data the Service Does Not Request

5.1. The Service does not request the user to provide:

• passport data;
• scans of documents;
• exact residential address;
• banking details;
• full bank card details;
• medical documents;
• information about diagnoses;
• information about religious or political views;
• information about intimate life;
• personal data of third parties.

5.2. The user must not send such data in chats, profile fields, support requests, room names or any other fields of the Service.

5.3. If the user voluntarily provides such information, the Operator may delete it, avoid storing it in character memory, restrict its processing or process it only to the minimum extent necessary for the operation of the Service, security, legal compliance or protection of rights.

6. Purposes of Processing

The Operator processes personal data for the following purposes:

• user registration;
• authentication through Google, VK, Yandex or another sign-in method;
• creation and maintenance of the account;
• verification of age 18+ confirmation;
• provision of access to the Service;
• operation of rooms, chats and AI Characters;
• generation of responses from AI Characters;
• storage of message history;
• creation of summaries;
• operation of long-term character memory;
• personalization of communication;
• plan limit management;
• provision of free and paid features;
• processing of payments and subscriptions;
• allocation of bonuses and additional messages;
• display of advertisements;
• analytics of Service operation;
• improvement of the interface and quality of the Service;
• technical support;
• processing of user requests;
• ensuring information security;
• prevention of abuse, fraud, spam and attacks;
• compliance with legal requirements;
• confirmation of acceptance of documents and consents;
• protection of the Operator’s rights and legitimate interests.

7. Legal Bases for Processing

The Operator processes personal data on the following legal bases:

• user consent to personal data processing;
• acceptance of the User Agreement and Public Offer by the user;
• necessity of processing to provide the Service to the user;
• necessity of processing for performance of a contract with the user;
• necessity of processing to comply with legal requirements;
• necessity of processing to protect the Operator’s rights and legitimate interests;
• user consent to receive marketing communications, if such communications are used;
• user consent to the use of optional cookies, if such cookies are used.

For users located in the European Economic Area, the United Kingdom or jurisdictions with similar regulation, legal bases may also include performance of a contract, consent, legitimate interests of the Operator and compliance with legal obligations.

8. AI Processing and Transfer to AI Providers

8.1. To generate responses from AI Characters, the Service may transmit message fragments, room context, character descriptions, summaries, relationship memory, user profile data, interface language and response rules to an AI provider.

8.2. The main AI provider as of the date of this Policy is DeepSeek. The Operator may use other AI providers where necessary for operation, quality, security or development of the Service.

8.3. The Operator aims to transmit to the AI provider only the data necessary to generate a response and operate the scenario logic.

8.4. The Operator does not transmit full payment data to the AI provider and does not intend to transmit passport data, banking data or other sensitive information.

8.5. The user understands that AI Characters are fictional and that responses may be inaccurate, fictional, incomplete or inappropriate.

8.6. The user must not send sensitive personal data, third-party data, passport data, payment data, medical information or information about intimate life through the Service.

9. Cookies and Similar Technologies

9.1. The Service may use cookies and similar technologies.

9.2. Cookies may be used for the following purposes:

• website operation;
• authentication;
• session storage;
• security;
• abuse prevention;
• saving user settings;
• analytics;
• product improvement;
• advertising;
• measuring impressions and clicks;
• providing rewarded ads and bonuses.

9.3. Strictly necessary cookies may be used without separate consent where they are required for website operation, authentication, security and provision of features requested by the user.

9.4. Analytics, advertising and other optional cookies are used with the user’s consent where such consent is required by applicable law.

9.5. The user may restrict or delete cookies in browser settings. This may affect the operation of the Service.

9.6. If a cookie settings panel is implemented in the Service, the user may change cookie preferences through the Service interface.

10. Advertising and Analytics

10.1. The Service may display advertising, including banners, interstitial ads, rewarded ads and other formats.

10.2. Advertising networks may process technical user data, impression data, click data, reward data, device data, region data and other information necessary for display, measurement and abuse prevention.

10.3. Current advertising and analytics services: Yandex Ads, Yandex Metrica.

10.4. If the user consents to marketing communications, the Operator may send news, offers and promotional notices. The user may withdraw such consent at any time.

10.5. Service messages related to account, security, payment, document changes or Service operation may be sent without separate marketing consent, provided that they are not advertising.

11. Who Data May Be Shared With

The Operator may disclose personal data or entrust its processing to the following categories of recipients:

• OAuth providers: Google, VK, Yandex;
• AI providers, including DeepSeek;
• hosting and cloud infrastructure providers;
• payment providers;
• advertising networks;
• analytics services;
• email and notification services;
• technical support services;
• contractors assisting in maintaining and developing the Service;
• government authorities where disclosure is required by law;
• other persons where necessary for contract performance, protection of the Operator’s rights, Service security or at the user’s request.

Current hosting / cloud infrastructure: Russia, Moscow. https://adminvps.ru/.

12. Cross-Border Transfer of Personal Data

12.1. Some services used by the Service may be located outside the Russian Federation or may process data outside the Russian Federation.

12.2. Potential cross-border transfer may occur when using:

• Google OAuth;
• DeepSeek or another AI provider;
• foreign hosting;
• foreign analytics;
• foreign advertising networks;
• email and notification services;
• other technical contractors.

12.3. Where applicable law requires notification, consent or other actions before cross-border transfer of personal data, the Operator takes the necessary measures in accordance with applicable law.

12.4. When working with users from the Russian Federation, the Operator aims to minimize the transfer of personal data outside the Russian Federation and to transfer only data necessary for the operation of the Service.

12.5. The user understands that without transferring certain data to technical providers, some Service features may be unavailable.

13. Localization of Data of Users from the Russian Federation

13.1. When collecting personal data of citizens of the Russian Federation through the website, the Operator complies with applicable requirements for personal data localization.

13.2. The main database of users from the Russian Federation must be located using databases situated within the territory of the Russian Federation, unless otherwise permitted by applicable law.

13.3. Actual location of the main database: Russia, Moscow. https://adminvps.ru/.

13.4. If the user is located outside the Russian Federation, processing of the user’s data may also be governed by the laws of the relevant country or region.

14. Data Retention Periods

14.1. Account data is stored for the duration of the account and after its deletion for the period necessary to comply with the law, protect the Operator’s rights, prevent abuse and resolve disputes.

14.2. Message history, summaries, character memory, user profile and room settings are stored until deleted by the user, account deletion, discontinuation of the relevant feature or expiration of the period necessary for the purposes of processing.

14.3. The Service does not store the complete chat history unconditionally or indefinitely. Older messages may be periodically converted into a concise summary (summary, compressed context) used to maintain conversation context and personalization, after which the original messages covered by such summary may be deleted or no longer retained. In that case, the Operator stores the summary and current context, but is not required to ensure restoration of the full text of individual older messages.

14.4. Technical logs, security information, IP addresses, user agent and authentication events may be stored for the period necessary to protect the Service, investigate incidents and prevent abuse.

14.5. Consent data, document versions and acceptance records may be stored during the period of Service use and after termination for the period necessary to prove consent and protect the Operator’s rights.

14.6. Payment and tax data are stored for the period required by applicable law and for the period necessary to confirm payment, refund, service provision and resolve disputes.

14.7. Support requests are stored for the period necessary to process the request, control quality, protect rights and resolve disputes.

14.8. Cookie data is stored for the period determined by cookie type, browser settings and Service settings.

15. Deletion and Modification of Data

15.1. The user may modify some data through the Service interface where such functionality is available.

15.2. The user may request:

• access to personal data;
• correction of personal data;
• deletion of personal data;
• deletion of the account;
• clearing of chat history;
• clearing of character memory;
• withdrawal of consent to personal data processing;
• withdrawal of consent to marketing communications;
• change of cookie settings.

15.3. Requests may be sent to: shikleyev@gmail.com.

15.4. The Operator may request additional information to confirm the user’s identity where necessary to protect the account and prevent unauthorized access to data.

15.5. Deletion of data may make it impossible to use the Service or certain features.

15.6. Certain data may be retained after a deletion request where retention is required by law, necessary to protect the Operator’s rights, prevent fraud, ensure security, perform a contract or resolve disputes.

16. Withdrawal of Consent

16.1. The user may withdraw consent to personal data processing by sending a request to: shikleyev@gmail.com.

16.2. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal was received.

16.3. If processing of personal data is necessary for account operation and provision of the Service, withdrawal of consent may result in termination of access to the Service or account deletion.

16.4. Consent to marketing communications may be withdrawn separately without terminating use of the Service.

16.5. Consent to optional cookies may be changed through cookie settings, if implemented, or through browser settings.

17. User Rights

The user has the right to:

• receive information about the processing of their personal data;
• request correction, blocking or deletion of personal data where such data is incomplete, outdated, inaccurate, unlawfully obtained or no longer necessary for the stated purpose of processing;
• withdraw consent to personal data processing;
• challenge actions or omissions of the Operator before a competent personal data protection authority or court;
• request termination of personal data processing in cases provided by law;
• exercise other rights provided by applicable law.

Users from the European Economic Area, the United Kingdom and jurisdictions with similar regulation may also have the right of access, rectification, erasure, restriction of processing, data portability, objection to processing and the right to lodge a complaint with a supervisory authority.

Users from certain U.S. states, including California, may have additional rights under applicable law where such law applies to the Operator and the Service.

18. Data of Minors

18.1. The Service is intended only for users who are at least 18 years old.

18.2. The Operator does not intend to collect personal data of persons under 18 years old.

18.3. If the Operator becomes aware that the Service is used by a person under 18 years old or that personal data of such a person has been submitted to the Service, the Operator may restrict access, delete the account and delete the relevant data unless retention is required by law.

18.4. If a user believes that the Service processes data of a minor, the user may report this to: shikleyev@gmail.com.

19. Information Security

The Operator takes reasonable legal, organizational and technical measures to protect personal data, including:

• use of HTTPS;
• restriction of access to data;
• access rights separation;
• secure storage of secrets and access keys;
• control of access to administrative functions;
• logging of technical events;
• backup, where used;
• protection against unauthorized access;
• data minimization;
• deletion or anonymization of data when it is no longer needed;
• use of third-party providers necessary for the operation of the Service.

Despite the measures taken, no method of transmission or storage over the internet can be absolutely secure. The user must exercise caution and must not transmit sensitive information through the Service.

20. Automated Processing and Personalization

20.1. The Service uses automated processing to generate responses from AI Characters, personalize communication, operate summaries, character memory, limits, advertising, analytics and technical security.

20.2. Automated processing is not used to make decisions that produce legal effects concerning the user or similarly significantly affect the user unless expressly stated in the Service.

20.3. Personalization may affect the tone, style and content of AI Character responses, but AI Characters remain fictional software entities.

21. Third-Party Links and Services

21.1. The Service may contain links to third-party websites, applications, advertising materials or services.

21.2. The Operator does not control the privacy policies and data processing practices of third-party websites and services.

21.3. The user should review third-party terms and policies before using such services.

22. Changes to this Policy

22.1. The Operator may amend this Policy.

22.2. The new version of the Policy is published on https://girlies.artelin.org and becomes effective on the date specified in the new version.

22.3. If changes materially affect the user’s rights or the processing of personal data, the Operator may additionally notify the user through the Service interface, email or another available method.

22.4. Continued use of the Service after the new version becomes effective means that the user has read the new version, unless otherwise required by applicable law.

23. Operator Contacts

Personal Data Operator / Controller: Pavel Ilyich Shikleev Status: individual applying the special tax regime “Tax on Professional Income” Taxpayer Identification Number / INN: 550619042837 Service: Girlies, I'm spilling Website: https://girlies.artelin.org User support email: shikleyev@gmail.com Email for personal data and legal matters: shikleyev@gmail.com

24. Language Versions

This Policy may be available in Russian and English. The Russian-language version is the primary version for users located in the Russian Federation and shall prevail in case of discrepancies between language versions, unless otherwise required by mandatory provisions of applicable law.