Privacy Policy

This Privacy Policy describes how FONAI LTD (a company incorporated under the laws of the Russian Federation, INN 7720943604, OGRN 1257700013141, registered address: 111141, Moscow, Zelyony Prospekt 3a, bld. 1), operating as GitHub CMS ("we", "us", "our"), collects, uses, and protects personal data when you use our website at https://githubcms.com and related services (the "Service").

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Policy is aligned with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

FONAI LTD
111141, Moscow, Zelyony Prospekt 3a, bld. 1
Russian Federation
Email: info@fonai.ru
Phone: +7 (495) 324-30-88

For GDPR-related inquiries, you may contact our Data Protection Officer at info@fonai.ru.

2. Data We Collect

We collect and process the following categories of personal data:

Information you provide directly: name, email address, phone number, company name, and any other information you submit through our contact forms, registration, or when purchasing templates.

Automatically collected information: IP address, browser type and version, operating system, device information, referring URLs, pages visited, time spent on pages, and other usage statistics collected via cookies and similar technologies.

Payment information: When you make a purchase, payment processing is handled by our payment provider (Tinkoff). We do not store full credit card numbers.

3. Purposes and Legal Basis for Processing (GDPR Art. 6)

We process your personal data for the following purposes and on the following legal bases:

Contract performance (Art. 6(1)(b)): To provide the Service, process your template purchases, deliver purchased products, and manage your account.

Legitimate interests (Art. 6(1)(f)): To improve and optimize the Service, analyze usage patterns, ensure network and information security, prevent fraud, and communicate service updates.

Consent (Art. 6(1)(a)): For marketing communications where you have opted in. You may withdraw consent at any time.

Legal obligation (Art. 6(1)(c)): To comply with applicable laws, tax regulations, and respond to lawful requests from public authorities.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

Service providers: Hosting providers, payment processors (Tinkoff), analytics services, and email delivery services — all bound by data processing agreements.

Legal requirements: When required by law, court order, or governmental regulation.

Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as a business asset.

5. International Data Transfers

Your data is primarily stored and processed on servers located in the Russian Federation. When we transfer data to service providers outside your jurisdiction, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent mechanisms) in compliance with GDPR Chapter V.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Policy:

  • Account data: for the duration of your account plus 3 months after closure
  • Purchase records: 5 years for tax and accounting compliance
  • Usage analytics: 26 months in anonymized form
  • Marketing consent: until withdrawn

7. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including: encryption of data in transit (TLS 1.3), access controls and authentication, regular security audits, anti-virus protection, network monitoring and intrusion detection, data backup and disaster recovery procedures.

8. Your Rights (GDPR Art. 15–22)

Under GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of your personal data we hold.
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten").
  • Right to restriction (Art. 18): Limit how we process your data.
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests or direct marketing.
  • Rights related to automated decision-making (Art. 22): We do not engage in automated decision-making or profiling.

To exercise any of these rights, contact us at info@fonai.ru. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

9. Cookies

We use essential cookies for Service functionality and analytics cookies to understand usage. You may control cookie preferences through your browser settings. Disabling cookies may affect certain features of the Service.

10. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we may delete it.

11. Third-Party Links

Our Service may contain links to third-party websites (e.g., GitHub, VK, Telegram). We are not responsible for the privacy practices of these websites. Please review their privacy policies before providing any personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Material changes will be notified via the Service or by email where appropriate.

13. Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights:

FONAI LTD
111141, Moscow, Zelyony Prospekt 3a, bld. 1
Russian Federation
Email: info@fonai.ru
Phone: +7 (495) 324-30-88
Data Protection Officer: info@fonai.ru

This Privacy Policy was last updated on May 29, 2026.