Serpmonn Privacy Policy
Introduction
The website serpmonn.ru values user privacy and takes all necessary measures to protect personal data. This privacy policy describes how and for what purposes user data is collected, used, stored, and protected. By using this website, the user agrees to the terms outlined in this policy.
1. Data Collection
The website may collect the following types of data:
- Personal data: name, email address, phone number.
- Technical data: IP address, browser type, operating system, website visit information (including pages visited, date and time of visit).
- User-provided data: information that the user provides when filling out forms on the website, including comments, reviews, requests, and other feedback.
2. Data Usage
Data is used for the following purposes:
- For processing requests and feedback.
- For analysis and research to improve website functionality and ensure security.
- For protection against unauthorized access and prevention of attacks on the website.
- For fulfilling obligations to users.
3. Data Storage
Data is stored for the time necessary to achieve the specified purposes:
- Personal data (name, email, phone) are stored until their deletion is requested.
- Technical data (IP addresses, browser data) are stored for no more than 30 days.
4. Data Sharing with Third Parties
Users' personal data is not shared with third parties.
5. Data Protection
To protect user data in Serpmonn, a multi-level security system based on the following technologies is applied:
- Password protection: User passwords are protected using the bcrypt algorithm, which converts them into secure hashes before storage in the database.
- Secure sessions and tokens: For authentication, more secure PASETO tokens are used instead of traditional JWT. Protection against CSRF attacks is applied.
- Application and server-level protection: The Helmet.js package is installed, which configures HTTP headers for protection against common web vulnerabilities. CORS rules are configured to control access to resources.
- Overload protection: A rate limiting mechanism is implemented that limits the number of requests from a single user to protect against DDoS attacks and password brute-forcing.
- Data validation: All user information is validated before processing to prevent malicious code injection or incorrect data.
- Secure work with email: The password recovery process uses single-use temporary tokens that are sent through a secure email service.
Data security is a priority, but no system can guarantee absolute protection. Users are advised to use reliable unique passwords.
6. User Rights
The user has the right to:
- Request access to stored personal data.
- Demand correction or deletion of data.
- Refuse data processing in certain cases.
- Withdraw consent to the processing of personal data.
7. Contact Information
For questions regarding the privacy policy, data processing, or exercising rights, you can contact at: privacy@serpmonn.ru.
The terms of service use and disclaimer are available in the section «Disclaimer».
8. Privacy Policy Changes
All changes to the privacy policy are published on this page. It is recommended to regularly check for updates to the information.
Last updated: January 22, 2026