[go: up one dir, main page]

Tilda Publishing
Privacy Policy
Thank you for choosing Tilda!

This policy defines the procedure for processing the personal data of users of the platform, as well as other individuals who provide their personal data in connection with its use or operation.

Please read this document carefully. By providing us with your personal data, you agree to its processing in accordance with the terms of this policy. If you do not agree with these terms, please do not provide us with your personal data and do not use the platform.

The document consists of the following sections:

Terms and Definitions
General Provisions
Website Visitors’ Personal Data
Users’ and Representatives’ Personal Data
Applicants’ Personal Data
Event Attendees’ Personal Data
Methods and Terms of Processing
Use of Databases
Transfer of Personal Data to Third Parties
Protection and Security
Withdrawal of Consent, Deletion and Destruction of Personal Data
Miscellaneous
Contacts

If you have any questions on Personal Data processing, please write to us: dpo@tilda.ru.
Terms and Definitions
Policy – this Privacy Policy, available on the Internet at https://tilda.ru/privacy/.
Personal Data – any information related directly or indirectly to an individual who is or can be identified based on such information.
Controller – Tilda Publishing JSC, INN 9707041449, OGRN 1247700830354, processing Personal Data, as well as determining the purposes of processing, the composition of Personal Data and actions performed with it.
Platform – a software package located on the Internet at https://tilda.ru/, and intended for creation and publication of websites, letters and documents.
Website the website available on the Internet at https://tilda.ru/, including all of its pages and related subdomains.
User – a person who uses the functionality of the Platform.
Representative – representative and/or contact person of the User being a legal entity.
Project – website, letter or document created through the functionality of the Platform.
Event – an information, marketing and/or promotional event of the Controller related to the use of the Platform.
Applicant – any person submitting to the Controller an inquiry, complaint, or claim regarding the use and/or operation of the Platform, except for a User.

If there is no definition of a term in the text of the Policy, you should be guided by the interpretation of the term: first of all – as provided by the Russian Federation legislation, secondly – as established (commonly used) on the Internet.

Terms related to the use of the Platform shall be interpreted in accordance with the Terms of Service (hereinafter referred to as the Agreement), regardless of whether capitalized or lowercased.
1. General Provisions
1.1. Scope of Application of the Policy. This Policy applies to the processing of the following Personal Data by the Controller:
1) Website visitors;
2) Users and Representatives;
3) Applicants;
4) Event attendees.

1.2. Processing the Personal Data on the Projects. By using the functionality of the Platform, the Users may process Personal Data of third parties on the Projects, including the following methods:
1) posting information on the Projects about the individuals, including counterparties, partners, employees and customers;
2) using feedback collection forms, request management systems, as well as tools for creating online stores and training courses, such as shopping carts, delivery services and/or personal accounts on the Projects;
3) analyzing visitation statistics for the Projects published on the Internet.

Users are solely responsible for the processing of Personal Data of third parties. The Controller processes Personal Data of third parties, acting on behalf of the Users in accordance with the Data Processing Agreement.

The Controller shall not be responsible for the actions of Users when processing Personal Data on the Projects. Any claims of third parties related to the processing of their Personal Data should be addressed directly to the User that performs such processing.

1.3. Processing Other Personal Data. The conditions and procedure for processing Personal Data of visitors and users of other websites and/or services of the Controller are determined by the processing policies of the relevant websites and services.

Processing of Personal Data of candidates, employees, counterparties and representatives of the Controller's counterparties shall be carried out in accordance with other documents of the Controller. However, this Policy may be applied to the specified persons in case of their interaction with the Controller as subjects covered by this Policy.
2. Website Visitors’ Personal Data
2.1. Informing about the Location. The Website is intended for use by persons whose main location is the territory of the Russian Federation. In order to analyze the location of the Website visitor, the Controller processes IP thereof, including the country by IP, based on legitimate interest.

If the Website visitor is located outside the Russian Federation, the Controller shall send automatic notification about the regional specificity of the Website and the possibility of switching to the version corresponding to the relevant geographical location.

2.2. Ensuring the Website Functioning. The Controller processes essential and functional cookies of the Website visitors. Cookies are processed based on the Controller's legitimate interest to ensure the Website functioning in accordance with the Cookie Policy.

2.3. Receiving Feedback. Visitors to the Website can leave their feedback about the Platform on the relevant Website page. For receiving feedback, the Controller processes the e-mail address, name and links to social media profiles based on the consent obtained.

2.4. Improvement of the User Experience. On a specific subdomain of the Website, the Processor collects analytical cookies to improve the user experience. The processing of cookies is carried out in accordance with the Cookie Policy and on the basis of consent obtained via a pop-up banner.
3. Users’ and Representatives’ Personal Data
3.1. Providing Access to the Platform Functionality. In order to provide access to the Platform and its functionality, the Controller processes the name, e-mail address, country, User ID of the Users, as well as the IP, including city and country by IP of the Users and their Representatives.

Personal Data is processed by the Controller based on the Agreement with such User.

3.2. Payment of License Fee and Other Services of the Controller. In case of payment of the license fee and other services of the Controller using a bank card, the Controller shall process the masked number of the bank card, validity period of the bank card, country of issue, the date and time of payment, name of the payment system, number of the transaction in the fast payment system.

When paying with a bank card, the User uses payment aggregator services Cloudpayments LLC or YooMoney, NBCO LLC, being the Controller’s partners. Financial information of the Users is processed by payment aggregators and acquiring banks in accordance with their policies and processing rules.

The Controller does not receive information about full details of the User's bank card and does not process payment transactions directly.

Users being legal entities or individual entrepreneurs can choose invoice payment for the license fee and other services of the Controller as a payment method. If the User chooses the specified payment method, the Controller shall process the last name, first name, patronymic, e-mail address and the telephone number of the Representative.

Financial information and other Personal Data for the purposes of payment of the license fee and other services of the Controller is processed based on the Agreement.

3.3. Restoring Access to the Account. If e-mail address, password from the account on the Platform are lost, and/or there is no access to the linked e-mail address, the Controller may request the User to provide a masked bank card number, bank account number, as well as the last name, first name, patronymic of the User or the Representative.

Personal Data provided to the Controller is processed based on the Agreement and legitimate interest in order to verify the User and further restore access to the account on the Platform in case of verification.

3.4. Removing the Automatic Restriction on Publication of the Project. The Platform has built-in protection against suspicious activities in the User's account. In certain cases, such as when spamming is suspected or security threats are detected, the ability to publish a Project may be automatically restricted by the system.

For the purposes of removing restrictions, the Controller requests the User's cell phone number and/or links to the User's social media accounts. In this case, the Personal Data provided is processed by the Controller based on legitimate interest.

3.5. User Support. In case of any questions related to the use and/or functioning of the Platform, the User may contact the Controller's support service by e-mail or through the internal system on the Platform.

In order to provide support services, the Controller processes the name, e-mail address, country, User ID, IP, including city and country by IP of Users, as well as any other data specified in the User's application. The Controller processes this data based on the Agreement.

3.6. Domain Name Registration and Renewal. The User may register and/or renew domain name registration using the functionality of the Platform.

The services are directly provided to the User by domain name registrars being the Controller's partners:
1) Tilda Domains LLC – when registering and/or renewing a domain name;
2) Reg.ru LLC – for domain name registration renewal.

For the purpose of domain name registration renewal with Reg.ru LLC, the Controller processes the following Personal Data based on the Agreement: e-mail address, cell phone number, postal address, last name, first name, patronymic, identity document data, date of birth, country, Taxpayer Identification Number, masked bank card number, bank card expiry date, payment date and status, payment method, User ID and Transaction ID.

If the User acquires a domain name and/or renews it later with Tilda Domains LLC, the Controller processes the received Personal Data based on the signed instruction for processing. The procedure and conditions for processing Personal Data are defined by the Tilda Domains LLC Privacy Policy.

3.7. Creating Portfolios and Searching for Designers. The User may create their portfolio on the Platform for the purpose of client acquisition. When creating a portfolio, the User provides the Controller with the photo, first and last name, description of the activity, e-mail address, and receives a unique designer identifier.

By creating a portfolio, the User understands that their information will be published on the Internet. Disclosure of Personal Data to an unlimited number of persons is carried out by the User independently.

A User wishing to engage a designer to create a Project can fill out a corresponding questionnaire on the Platform or in the designer's profile. In this case, the User provides the Controller with the name, e-mail and information about the Project.

Personal Data mentioned above is processed by the Controller based on the Tilda Experts Service Terms of Use which are an integral part of the Agreement, in order to provide Users with the opportunity to create portfolios and search for designers.

The Controller may also publish links to a User’s portfolio, made publicly available in the Website gallery, as well as on the Data Controller’s separate website. By creating a portfolio, the User gives the Controller consent to distribute such Personal Data without establishing any separate conditions and/or restrictions on its processing.

3.8. Posting Information on the Projects. The functionality of the Platform allows the Users to post documents, diagrams, texts, videos and other objects on the Projects. The User independently manages the information placed on the Projects, including uploading, modifying text materials, as well as exporting the Project in accordance with the terms and conditions of the Agreement.

If the information posted on the Project contains Personal Data of the User who is an individual, the Controller processes the provided Personal Data based on the Agreement. Such processing is carried out by the Controller in order to enable the User to post information on the Project.

However, the functionality of posting Content on the Projects is not intended for publishing images containing the User's Personal Data, including photos thereof and/or scanned copies of documents.

When using the multi-access feature, Personal Data posted on the Project may become available to other Users and, when the Project is published on the Internet, to an unlimited number of persons. The User independently determines the conditions of access to Personal Data in the relevant Project settings.

By publishing the Project in the public domain on the Internet, the User understands and acknowledges that:
1) disclosure of Personal Data to an unlimited number of persons is carried out by the User independently;
2) the Controller does not distribute the User's Personal Data in the context of the Russian Federation legislation.

3.9. Connecting Third-Party Services. When using the Platform functionality, the User may be offered to connect third-party services, including e-mail services, cloud storage and social networks.

In case of connection of third-party services, the Controller may gain access to e-mail addresses and/or nicknames specified in the relevant User's service accounts. This Personal Data is processed by the Controller based on the Agreement in order to ensure integration with third-party services.

3.10. E-mail Distribution. The Controller may send informational and technical materials, notices and messages related to the use of the Platform and updates on the Platform to the e-mail address provided in the User’s account. Depending on the type of mail-out, the User's e-mail address is processed based on the Agreement, the Controller's legitimate interest or the consent obtained.

The User can unsubscribe from the Controller's news/promotional mail-outs in the Personal Account of the Platform or by clicking on the corresponding link in the e-mail message.

3.11. Technical Provision of the Platform.
The Controller processes essential and functional cookies of Users in accordance with the Cookie Policy in order to ensure the functioning of the Platform. Cookies are processed based on the Agreement with such User.

3.12. Information Security.
In order to ensure the security of the Platform and prevent unauthorized access, the Controller:
1) uses SmartCaptcha service owned by Yandex.Cloud LLC that analyzes the technical parameters of the device, the User's behavioral characteristics, and the User's digital footprint;
2) automatically registers the User's actions when working in an account on the Platform.

The specified Personal Data is processed by the Controller based on legitimate interest.
4. Applicants’ Personal Data
4.1. Reviewing Applications. In order to consider questions, complaints, claims and other requests related to the use and/or operation of the Platform, the Controller processes the following Personal Data of the Applicants and/or their Representatives: last name, first name, patronymic, e-mail address, identity document data, other information indicated directly in the text of the request and documents.

When reviewing requests, Personal Data is processed based on the consent obtained. Consent to Personal Data processing may be provided to the Controller:
1) by ticking the relevant boxes in online forms;
2) by including the consent in the text of the request and/or the content of the electronic message;
3) in any other manner that clearly expresses the Applicant's consent.

4.2. Referrals to Users. The Controller shall be entitled to redirect the Applicant's complaint, inquiry or claim to a specific User, if the content of the received application concerns the actions of the User and/or the Project.

Personal Data contained in the Applicant's application is transferred by the Controller in order to settle a dispute between the User and the Applicant. Thereat, the Applicant's Personal Data may be transferred to the User solely based on the consent given in writing or by including the consent in the text of the request and/or the content of the electronic message.
5. Event Attendees’ Personal Data
5.1. Reviewing Grant Applications. Non-profit organizations and/or entities creating non-profit Projects may be entitled to use the Platform to provide grants.

When submitting a grant application, the participant provides the Controller with the last name, first name, patronymic, contact e-mail address, e-mail address of the account on the Platform. The Controller processes the provided Personal Data based on the obtained consent for the purpose of processing grant applications.

5.2. Directing Information about Webinars. For the purpose of sending information about informational and educational webinars, the Controller processes the attendees’ Telegram messenger nickname as well as their email address.

By filling in an online form using the chat bot, the attendee gives consent to Personal Data processing to the Controller for the purpose of receiving reminders about the upcoming webinar. The attendee may also provide consent to the Controller to receive regular notifications of ongoing webinars.

5.3. Review of Webinar Proposals.Eventattendees have the opportunity to submit applications and/or proposals to the Processor related to the organization and conduct of webinars by completing online forms on the subdomain pages. The Processor processes the first name, last name, email address, and information about experience and competencies on the basis of the consent obtained.
6. Methods and Terms of Processing
6.1. Processing Methods. The Controller processes Personal Data by the following methods: collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), de-identification, blocking, deletion, destruction of Personal Data.

The Controller may process Personal Data with or without the use of automation tools.

6.2. Personal Data Processing Terms. The Controller processes Personal Data no longer than is required to achieve the purposes of processing:
1) when processing is based on the Agreement – for the term of the Agreement, as well as for 3 years after its termination on any grounds;
2) when processing is based on the consent and/or the legitimate interest of the Controller – for no more than 10 years.

A specific term may be set by the Russian Federation legislation or the consent obtained.
7. Use of Databases
7.1. Collecting Personal Data. When the Controller collects Personal Data, its processing, including storage, is performed using the databases of Selectel JSC and Yandex.Cloud LLC located in the territory of the Russian Federation.

Personal Data of webinar attendees collected through chat bots is processed on Russian servers located in the data processing centers of Yandex.Cloud LLC.

In case of complaints, claims and other requests, the Personal Data contained in such requests is collected and processed using the data processing centers of Yandex LLC, also located in the territory of the Russian Federation.

7.2. Backup. In order to ensure data safety and recovery in case of loss, the Controller may perform regular backups of Personal Data. Backup copies are stored at the technical facilities of the Controller's partners in accordance with the Russian Federation legislation.
8. Transfer of Personal Data to Third Parties
8.1. Purposes of Personal Data Transfer. Personal Data is transferred by the Controller solely to achieve the purposes set out in this Policy. The Controller does not sell or provide Personal Data to third parties for marketing and/or advertising purposes.

8.2. Processing on behalf of the Controller. The Controller transfers Personal Data based on the instruction to:
1) Selectel JSC – for the purposes of collection and further processing of Personal Data on servers;
2) Yandex.Cloud LLC – for the purposes of collection and further processing of Personal Data on servers, as well as for verification of requests during registration and authorization;
3) Yandex LLC – for the purpose of collecting and processing requests;
4) Bothelp LLC – in order to send information on ongoing webinars. In this case, in order to ensure the processing of Personal Data on the servers, Bothelp LLC transfers Personal Data to Yandex.Cloud LLC.

Entities processing Personal Data on behalf of the Controller undertake to comply with measures to ensure confidentiality and security of Personal Data. The Controller shall be liable to individuals for the actions of entities processing Personal Data on behalf of the Controller.

8.3. Transfer of Personal Data without an Instruction. The Controller shall be entitled to transfer Personal Data to third parties without the relevant instruction for processing if such transfer is based on the consent obtained, is necessary to fulfill obligations provided for by the Agreement, is provided for by international or national legislation, or occurs within the framework of assignment, transfer of debt and/or in the order of legal succession.

In particular, the Controller transfers Personal Data to:
1) entities maintaining the Platform on other top-level domain names, when changing the country of the profile on the Platform at the initiative of the User;
2) payment aggregators and/or acquiring banks in case the User initiates the procedure of disputing the payment by bank card;
3) accredited registrars when registering or renewing domain name registrations.

8.4. Cross-Border Transfer. The Controller carries out cross-border transfers of Personal Data in the cases provided for by the Policy. In particular, such a transfer occurs when the User changes the country of their profile on the Platform.

When performing cross-border transfers, the Controller undertakes to ensure the security of the transfer in accordance with the requirements of the legislation of the Russian Federation.
9. Protection and Security
9.1. Ensuring Personal Data Protection. The Controller takes necessary legal, technical and organizational security measures to protect Personal Data in accordance with the Russian Federation legislation.

9.2. Measures Applied. The Controller ensures the security of Personal Data by, among others:
1) adopting and publishing this Policy;
2) appointing a person responsible for organizing Personal Data processing;
3) assessing the effectiveness of the measures taken to ensure Personal Data security;
4) detecting unauthorized access to Personal Data and taking appropriate measures;
5) exercising control over the measures taken to ensure Personal Data security;
6) familiarizing the Controller's employees with the legislation on Personal Data, including the requirements for Personal Data protection;
7) applying backup technologies;
8) implementing two-factor authentication systems.
10. Withdrawal of Consent, Deletion and Destruction of Personal Data
10.1. Withdrawal of Consent to Processing. If, in accordance with this Policy, the Controller processes Personal Data based on the consent obtained, such consent may be withdrawn at any time by submitting an application to the Controller in the manner provided for by this Policy.

If the consent is withdrawn, the Controller shall be entitled to continue processing Personal Data without the consent if there are other legal grounds provided for by the Russian Federation legislation.

10.2. Procedure for Personal Data Destruction. The Controller destroys Personal Data in case of expiration of the term of their processing, withdrawal of consent, deletion by the User on their own, detection of unlawful processing, termination of activities, as well as in other cases provided for by the Policy and/or the Russian Federation legislation.

Personal Data is destroyed within 30 days. However, the Controller reserves the right to further process those categories of Personal Data that are necessary for performance of the Agreement, compliance with the requirements of the Russian Federation legislation, exercising legitimate interests of the Controller or third parties.

10.3. Blocks and Restrictions on the Platform. In case of violation of or reasonable suspicion that the User has violated the Agreement and/or the applicable legislation, the Controller shall be entitled to delete such information, block the User's account, as well as take other measures provided for by the Agreement.

The User understands and acknowledges that if the Controller takes administrative measures, the Personal Data specified, posted and/or published by the User may be destroyed without the possibility of subsequent recovery.
11. Miscellaneous
11.1. Requests and Applications. Requests and applications related to the Personal Data processing procedure under this Policy may be sent to the Controller in writing to the address: post office box 44, 21 Tsvetnoy Blvd., building 1, Moscow, 127051, or in the electronic form to e-mail address dpo@tilda.ru.

The request must contain:
1) last name, first name, patronymic;
2) information on the main identity document of the person or their representative;
3) description of the substance of the request;
4) contact information for communication;
5) information confirming the representative's powers (if any);
6) signature of the person or their representative.

The Controller shall review and send responses to the received requests within 30 days from the date of their receipt.

11.2. Procedure for Amending the Policy. This Policy may be changed by the Controller unilaterally by publishing a new version of the Policy on the Internet. The current version of the Policy is available at the link.

Any changes to the Policy come into force on the day following the day the Policy is published in the amended version. The Controller is entitled, but not obliged, to notify of changes to the Policy.

11.3. Applicable Law and Language. This Policy shall be governed and construed in accordance with the Russian Federation legislation.

This Policy is drawn up in Russian and may be provided for review in another language. In the event of a discrepancy between the Russian version of the Policy and the version of the Policy in another language, the provisions of the Russian version shall apply.
12. Contacts
Controller's details: Tilda Publishing JSC, OGRN 1247700830354, INN 9707041449, postal address: post office box 44, 21 Tsvetnoy Blvd., building 1, Moscow, 127051
For Personal Data processing issues: dpo@tilda.ru
The current version of the Privacy Policy is dated 26.12.2025
Made on
Tilda