Revised on Feb 22, 2026
This Privacy Policy defines the procedures for collecting, processing, storing, and protecting personal data of Basalt PMS users. The Policy complies with the EU General Data Protection Regulation (GDPR). For users in Russia, the Russian-language version governed by Federal Law No. 152-FZ applies. By using the Platform, you confirm that you understand how your personal data is processed.
Data controller: Aleksandr Zhukov, sole proprietor. Address: 620000, Yekaterinburg, Russia. Email: support@basaltpms.com.
Personal data is processed on the following grounds: your consent during registration; performance of the service agreement; our legitimate interests in ensuring security and improving the Platform.
Data is processed for: registration and authentication; user identification in teams and projects; service delivery and technical support; payment processing; security; improving the Platform; legal compliance.
We process: Account data – email, name, avatar. Technical data – IP address (for rate limiting and in authentication session data). Usage data – theme and language preferences. Cookies – technical session identifiers. Payment data – subscription and transaction information (card details are not stored on our servers).
Data is stored in a secure cloud database. Media files are stored in isolated cloud storage. Personal data is retained for the duration of the account and 12 months after deletion. Technical logs are kept for no more than 90 days.
We use encryption for data in transit and at rest, role-based access control within your organisation, two-factor authentication, suspicious activity monitoring, and regular backups.
We only use essential cookies for session management and authentication, and for saving theme and language preferences. We do not use advertising or analytics trackers.
Data may be processed on servers outside the EEA. Media files are stored in cloud storage in the Russian Federation. Transfers are safeguarded by Standard Contractual Clauses and appropriate data processing agreements in compliance with GDPR.
We do not sell or share personal data for commercial purposes. Data may only be shared with processors ensuring Platform operation (under data processing agreements) and with authorities upon lawful request.
The Platform may integrate with external services for project resource management. We only access data that you explicitly connect. External services are governed by their own privacy policies.
Under the GDPR, you have the right to: access your data; rectify inaccuracies; request erasure; restrict processing; data portability; object to processing; withdraw consent; lodge a complaint with a supervisory authority. Send requests to support@basaltpms.com. We will respond within one month.
Data is erased when processing purposes are achieved, consent is withdrawn, retention periods expire, or upon your request. Erasure is carried out irreversibly within 30 days.
We may update this Policy. The current version is always available on this page. We will notify users of material changes by email or through the Platform.
For questions about personal data processing, contact the data controller: