Privacy
In Lets, people should understand what happens to their data and control it without having to ask the team for permission. This page explains what data the app and site need, what stays under your control, and where technical or legal limits apply.
The main principle
Your profile, posts, social circle, and privacy settings should stay under your control: you choose what to show, what to change, and when to leave the product. Lets processes data not to take that control away, but so the app works, requests reach the team, rules can be enforced, and abuse can be reviewed.
Who is responsible for data
IE Igor Olegovich Ufimtsev (INN 661216623903, OGRNIP 321665800223021) is the personal-data operator for the public site and Lets beta scenarios unless another operator is stated separately. DAO is not the personal-data controller: it describes the Lets product and community idea, not a separate processing party during beta. Privacy requests, legal notices, and data questions can be sent to privacy@letsdao.org. The public site does not use a public postal address.
152-FZ, RKN, and localization
If Lets collects personal data from Russian citizens through the site or app, the operator must verify Russian Federal Law No. 152-FZ requirements, including RKN notification and Russian-citizen data localization. Until those facts are confirmed, this public policy remains a working template and should not be treated as final legal wording.
Data the product needs
The public site is in pre-launch mode: public forms, registration, newsletter, analytics, advertising cookies, and session replay are disabled. If a user emails Lets, Lets may receive the email address, sender name, message text, and delivery metadata. Before launch, the Lets app may require a separate policy for account, profile, post, story, settings, message, notification, report, and safety information.
How this data is used
Email requests are used only to read the message and respond. The site does not use this data for newsletters, advertising, analytics, profiling, or automatic beta selection. Before launching request collection, registration, or the app, the final processing purposes must be approved again in the Privacy Policy.
Email and recipients
In pre-launch mode, the site does not collect requests through public forms. If a user sends an email, processing happens through the Yandex 360 email infrastructure. Detailed processing terms, recipients, retention periods, and the final policy will be approved before request collection, registration, or the app launches.
Cookies and analytics
The public site currently does not run optional analytics and does not set non-essential analytics cookies. If analytics, marketing cookies, session replay, or a similar tool is introduced later, the team must update the cookie notice and add consent where required before using it.
Access, change, and deletion
In Lets, people should manage their data from the product: change profile and privacy settings, choose visibility, and delete an account without separate permission from the team. A person can also contact Lets about data access, correction, account deletion, or a privacy question through the contact path. Strong claims about what is deleted, how quickly, which backups are affected, and which safety records may remain for a limited time must be confirmed by the technical team before production launch.
Retention and security
Lets should keep data only as long as needed for the product to work, for safety, support, rule enforcement, and legal obligations. Account deletion should not become a loss of control, but some backups, hosting logs, reports, and safety records may remain for a limited time when needed for security, abuse review, or law. Exact retention periods for requests, email, hosting logs, reports, backups, and safety records remain a production blocker until system owners confirm them.
Document status
Effective date: pending approval. Last updated: June 2, 2026. Template version: privacy-template-2026-06-02-v0. This is a working draft / pending legal approval based on the current public-site pre-launch mode; qualified legal review is required before publication. Operator details, privacy contact, retention periods, Yandex 360, processors, international transfers, app-store disclosures, and exact account deletion behavior must be confirmed before public launch.
Children, regions, and updates
Age position, launch regions, international transfers, representative or DPO requirements, and material-change notice paths must be confirmed before launch. Russian and English versions should keep the same legal meaning.