Privacy policy

REFERAL Privacy Policy

Version dated 1.05.2025

This Privacy Policy explains what personal data the REFERAL Platform may process, for what purposes such data is used, how long it is stored, to whom it may be disclosed, and what rights the User has.

By using the website, account dashboard, forms, interfaces, and other functions of the REFERAL Platform, the User confirms that they have reviewed this Privacy Policy.

If the User does not agree with this Privacy Policy, the User must stop using the Platform.


1. General Provisions

The REFERAL Platform follows the principle of data minimization.

This means that the Platform aims not to collect unnecessary personal data and processes only the information required for the operation of the service, communication with the User, protection of the Platform, performance of the User Agreement, and compliance with applicable legal requirements.

In the ordinary course of operation, the Platform collects only the User’s email address.

The Platform does not request from the User:

  • passport data;
  • identity documents;
  • bank cards;
  • full payment details;
  • passwords to third-party services;
  • verification codes;
  • medical data;
  • biometric data;
  • political opinions;
  • religious beliefs;
  • other sensitive personal data.

If the User independently sends such information through forms, support requests, reports, proof of completion, or other channels, the Platform may delete, hide, restrict processing of, or disregard such information.


2. Data Controller

The data controller is the person or entity operating the REFERAL Platform and specified in the legal details on the website or at the end of this Privacy Policy.

For personal data matters, the User may contact the Platform through the official contact address:

Contact email: [insert support email]


3. What Data the Platform Collects

3.1. Email Address

The Platform may process the User’s email address for:

  • registration;
  • account login;
  • communication with the User;
  • service notifications;
  • access recovery;
  • support requests;
  • account protection;
  • performance of the User Agreement;
  • compliance with legal requirements, if applicable.

The email address is the main personal identifier that the Platform intentionally collects from the User.


3.2. Technical Data

When the User visits the website or uses the Platform, certain technical data may be automatically processed by the server, browser, hosting provider, security systems, or infrastructure providers.

Such data may include:

  • IP address;
  • date and time of access;
  • browser type;
  • device type;
  • technical session identifiers;
  • requested page address;
  • error information;
  • basic security logs.

Such data is used only for website operation, security, prevention of abuse, error diagnostics, and protection of the Platform.

The Platform does not use technical data for sale, unlawful profiling, or transfer to third parties for advertising purposes without a separate legal basis or consent, where such consent is required by applicable law.


3.3. Data Voluntarily Submitted by the User

The User may independently submit information through:

  • contact forms;
  • support requests;
  • email messages;
  • account dashboard interfaces;
  • reports;
  • proof of completion;
  • complaints.

The User must not submit excessive personal data, documents, banking information, passwords, verification codes, third-party personal data, or other sensitive information.

If the User voluntarily submits excessive data, the Platform shall not be considered the initiator of such collection and may delete, hide, or restrict such information.


4. Data the Platform Does Not Intentionally Collect

The Platform does not intentionally collect:

  • passport data;
  • scans of documents;
  • bank cards;
  • full payment details;
  • passwords;
  • SMS or email verification codes;
  • credentials for third-party accounts;
  • medical information;
  • biometric data;
  • children’s data;
  • special categories of personal data, unless required by law or a separate permitted function.

The User is prohibited from submitting such data through the Platform unless this is expressly provided by separate rules and lawful functionality.


5. Purposes of Data Processing

The Platform processes data only for limited purposes.


5.1. Registration and Account Operation

The email address may be used to create an account, log in, identify the User, and operate the account dashboard.


5.2. Communication with the User

The email address may be used to send:

  • service notifications;
  • security messages;
  • support replies;
  • account activity notifications;
  • notifications about rule changes;
  • technical messages.

5.3. Security and Prevention of Abuse

The email address and technical data may be used for:

  • account protection;
  • fraud prevention;
  • detection of suspicious activity;
  • prevention of multi-accounting;
  • protection of balances and payouts;
  • investigation of violations;
  • stable operation of the Platform.

5.4. Performance of Agreements

Data may be used to perform the User Agreement, task rules, payout rules, moderation rules, and other Platform documents.


5.5. Legal Protection

Data may be used for:

  • handling claims;
  • reviewing complaints;
  • protecting the Platform’s rights;
  • responding to lawful requests;
  • preventing violations;
  • confirming facts of Platform use.

5.6. Compliance with Law

Data may be processed where necessary to comply with mandatory requirements of applicable law, court orders, lawful requests from competent authorities, or mandatory requirements of payment, infrastructure, or hosting partners.


6. Legal Bases for Processing

Depending on applicable law, the Platform may process data on the following legal bases:

  • the User’s consent;
  • performance of a contract or User Agreement;
  • the Platform’s legitimate interest;
  • compliance with legal obligations;
  • protection of the rights, safety, and legitimate interests of the Platform, Users, and third parties.

Legitimate interest may include:

  • ensuring security;
  • preventing fraud;
  • protecting accounts;
  • preventing abuse;
  • processing support requests;
  • protecting against claims;
  • improving service stability.

7. Data Retention Period

The Platform stores the User’s email address for no longer than 3 months from the date of:

  • registration;
  • last active action;
  • last request;
  • termination of Platform use;
  • account deletion;
  • resolution of a dispute.

The specific starting point depends on which event occurred last and for what purpose the data is still required.

After 3 months, the email address is deleted, anonymized, or no longer used to identify the User, unless further retention is necessary for:

  • compliance with law;
  • protection of the Platform’s rights;
  • dispute resolution;
  • investigation of violations;
  • fraud prevention;
  • compliance with a lawful request from a competent authority;
  • accounting, payment, or legal record-keeping, if applicable.

Technical logs and security data may be stored for the minimum period necessary for security, service stability, and investigation of violations.

The Platform aims not to store personal data longer than necessary.


8. Disclosure of Data to Third Parties

The Platform does not sell Users’ personal data.

The Platform does not transfer email addresses to third parties for their own advertising purposes without separate User consent, where such consent is required by applicable law.

Data may be disclosed to a limited group of third parties only when necessary for Platform operation.

Such third parties may include:

  • hosting providers;
  • technical contractors;
  • email delivery services;
  • security systems;
  • anti-fraud services;
  • payment providers, if payments or payouts are enabled;
  • legal and accounting advisors;
  • competent authorities where there is a lawful basis.

Such parties receive access only to the data necessary to perform the relevant function.


9. International Data Transfers

If infrastructure, contractors, hosting, email services, or other technical providers are located in another country, data may be processed outside the User’s country.

In such cases, the Platform aims to use reasonable organizational and technical safeguards to protect the data.

The User understands that the use of internet services may involve cross-border processing of technical data.


10. Data Security

The Platform applies reasonable technical and organizational measures to protect data from:

  • unauthorized access;
  • loss;
  • alteration;
  • disclosure;
  • abuse;
  • unlawful processing.

Such measures may include:

  • access restrictions;
  • technical account protection;
  • security logs;
  • anti-fraud checks;
  • contractor access control;
  • deletion of unnecessary data;
  • data minimization.

However, no internet service can guarantee absolute data security.

The User is independently responsible for protecting their email account, device, password, access to email, and other authentication tools.


11. Email Notifications

The Platform may send the User service messages related to:

  • registration;
  • account login;
  • access recovery;
  • security;
  • rule changes;
  • support requests;
  • important Platform events;
  • performance of the User Agreement.

If the Platform sends marketing messages, the User may unsubscribe where such option is required by applicable law and supported by Platform functionality.

Unsubscribing from marketing messages does not affect mandatory service and technical notifications.


12. Cookies and Similar Technologies

The Platform may use cookies and similar technologies for:

  • technical website operation;
  • session storage;
  • authorization;
  • security;
  • fraud prevention;
  • error diagnostics;
  • saving settings;
  • analytics, if enabled.

If non-essential cookies, analytics, advertising, or affiliate identifiers are used, their use is governed by a separate Cookie Policy and applicable consent requirements.

The User may manage cookies through browser settings or website settings, if such functionality is available.

Disabling cookies may cause certain Platform functions to work incorrectly.


13. User Rights

Depending on applicable law, the User may have the right to:

  • know what data is processed;
  • request a copy of their data;
  • correct inaccurate data;
  • delete data;
  • restrict processing;
  • withdraw consent;
  • object to processing;
  • request data portability;
  • file a complaint with a competent authority.

To exercise their rights, the User may contact the Platform through the official contact email.

The Platform may request confirmation of identity or ownership of the email address where necessary to protect data from unauthorized access.


14. Data Deletion

The User may request deletion of their email address and related data if further retention is not required for lawful purposes.

The Platform may refuse immediate deletion or temporarily restrict deletion if the data is necessary for:

  • compliance with law;
  • dispute resolution;
  • investigation of violations;
  • fraud prevention;
  • protection of the Platform’s rights;
  • processing of payments or payouts;
  • compliance with mandatory requirements of competent authorities.

After the grounds for retention no longer exist, the data is deleted, anonymized, or no longer used to identify the User.


15. Children’s Data

The Platform is not intended for persons under 18 years of age.

The Platform does not intentionally collect children’s data.

If the Administration becomes aware that a child’s data has been submitted through the Platform without a lawful basis, such data may be deleted or restricted.


16. Data Submitted Unlawfully by the User

The User may not submit third-party personal data through the Platform without a lawful basis.

If the User submits third-party data, documents, banking information, passwords, codes, or other sensitive information, the User is independently responsible for such submission.

The Platform may delete, hide, restrict processing of, or disregard such data.

Submission by the User of excessive, third-party, or prohibited data does not mean that the Platform requested such data or assumed responsibility for its legality.


17. Limitation of Liability

The Platform processes data in a limited scope and applies reasonable protection measures.

At the same time, the Platform is not responsible for:

  • data that the User independently disclosed to third parties;
  • data that the User voluntarily entered in public or inappropriate fields;
  • actions of third-party websites, services, payment systems, email providers, hosting providers, or other external providers;
  • loss of access to the User’s email address;
  • compromise of the User’s email account;
  • insecure password storage by the User;
  • transfer by the User of documents, passwords, codes, or other sensitive data in violation of Platform rules;
  • consequences of the User’s violation of law, Platform rules, or third-party rights.

Nothing in this Privacy Policy limits liability that cannot be limited under mandatory applicable law.


18. Links to Third-Party Websites

The Platform may contain links to third-party websites, services, applications, payment systems, affiliate programs, or other resources.

The Platform does not control such resources and is not responsible for their privacy policies, cookies, security, data processing rules, or actions of third parties.

The User is responsible for reviewing the rules and policies of third-party services before using them.


19. Changes to this Privacy Policy

The Platform may amend this Privacy Policy.

A new version becomes effective upon publication on the website unless another effective date is specified in the new version.

Continued use of the website and the Platform after publication of a new version means that the User has reviewed the updated Policy.


20. Contacts

For questions regarding personal data processing, email deletion, User rights, complaints, and requests, the User may contact the Platform at:

Email: [insert support email]


21. Final Provision

The REFERAL Platform processes data based on the principle of minimization.

In the ordinary course of operation, the Platform collects only the User’s email address and stores it for no longer than 3 months, unless longer retention is required by law, security needs, investigation of violations, dispute resolution, or protection of the Platform’s rights.

The Platform does not sell personal data, does not request documents, does not require banking data, and does not intentionally collect sensitive personal data.

The User must not submit excessive, third-party, confidential, or prohibited data through the Platform.

To top