Privacy Policy

Last updated: February 25, 2026

This Privacy Policy (the "Policy") describes how Pandorium ("Service"), accessible at pandorium.app and via Telegram, collects, uses, stores, and protects personal data of its users.

1. Data Controller

Nikita Sergeevich Kalachinsky
Status: self-employed (professional income tax payer, Federal Law No. 422-FZ)
TIN (INN): 230411890890
Email: support@pandorium.app

2. Data We Collect

  • Telegram account data: Telegram ID, username, first name, last name, profile photo, language preferences
  • Email sign-in data: email address, password hash (passwords are never stored in plain text)
  • Astrological data: date, time, and place of birth (city, coordinates, timezone) — provided voluntarily for natal chart calculations
  • Usage data: history of Oracle messages, divination readings (Tarot, I Ching, Runes), viewed horoscopes
  • Technical data: IP address, browser User-Agent — used for security and rate-limiting purposes
  • Payment data: payment records (amounts, dates, transaction IDs). Bank card data is processed exclusively by YooKassa and is never stored on Service servers

3. How We Use Your Data

  • Providing access to Service features (astrological calculations, divination, horoscopes)
  • User identification and authentication
  • Payment processing and Energy crediting
  • Personalising content based on astrological data
  • Supporting the achievements and gamification system
  • Sending notifications (with User consent)
  • Improving Service quality, analytics, and error resolution
  • Ensuring security and fraud prevention

4. Legal Basis for Processing

  • Consent of the data subject (Article 6, Federal Law No. 152-FZ)
  • Performance of a contract to which the data subject is a party (the Service Agreement)
  • Legitimate interests of the Controller (security, fraud prevention)

5. Data Storage and Security

  • Data is stored on secured servers with encryption
  • Passwords are stored as bcrypt hashes only
  • Database access is restricted and protected
  • Protection measures include JWT tokens, rate-limiting, and HTTPS
  • Data is retained for the duration of active use and for 1 year after the last login

6. Sharing Data with Third Parties

We do not sell or share personal data with third parties, except for:

  • YooKassa (YooMoney LLC) — for processing bank card payments. YooKassa acts as payment data operator and holds a PCI DSS certificate
  • Telegram — authentication data is shared via the Telegram Platform API when using the Telegram Mini App
  • Sentry — error monitoring service. Only technical information (no personal data) is shared to ensure Service stability
  • OpenRouter / OpenAI — for generating AI interpretations. Only astrological data is shared, without any personal identifiers
  • When required by authorised government authorities under applicable law

7. Your Rights

Under Federal Law No. 152-FZ "On Personal Data" you have the right to:

  • Obtain information about the processing of your personal data
  • Request correction, blocking, or deletion of your data
  • Withdraw consent to data processing
  • File a complaint with Roskomnadzor (Russian data protection authority)

To exercise these rights, email support@pandorium.app with your Telegram ID or email address. We will respond within 30 days.

8. Cookies and Similar Technologies

The Service uses JWT tokens for authentication and localStorage for user preferences. We do not use third-party tracking cookies. Technical data (IP address, User-Agent) is used solely for security purposes.

9. Policy Updates

We may update this Policy from time to time. The current version is always available at pandorium.app/en/privacy. Continued use of the Service after updates constitutes acceptance of the revised Policy.

10. Contact

For any privacy-related inquiries:
Email: support@pandorium.app
Nikita Sergeevich Kalachinsky, TIN 230411890890