Opten
Back to Home

Privacy Policy

Last updated: May 21, 2026

1. General Provisions

1.1. This Privacy Policy (hereinafter — the "Policy") defines the procedure for processing and protecting the personal data of users of the Opten service (hereinafter — the "Service"), including the software in the form of an extension for the Google Chrome browser and the website opten.space.

1.2. The Policy has been developed in accordance with the requirements of Federal Law No. 152-FZ of 27 July 2006 "On Personal Data" (hereinafter — "Law 152-FZ"), the Law of Georgia "On Personal Data Protection", the EU General Data Protection Regulation (GDPR), and other applicable legislation.

1.3. The Opten Service is operated by two legal entities depending on the User's region and the payment method used. Both Operators apply the unified personal data processing principles described in this Policy.

1.4. Operator for Users from the Russian Federation, the Republic of Belarus, and the CIS countries

Individual Entrepreneur Vladislav Pavlovich Voronezhtsev
ИНН: 723016676391
ОГРНИП: as indicated in the EGRIP extract
Address: 625062, Russian Federation, Tyumen, Dmitriya Mendeleeva St., 2, bldg. 1, apt./office 148
E-mail: zignifer@gmail.com
Phone: +7 (929) 262-11-17

1.5. Operator for Users from other countries

Individual Entrepreneur Nikolai Shupletsov (Individual Entrepreneur in Georgia)
Tax ID: 306389672
Address: 5 Samgori Street, Tbilisi, Georgia, 0190
E-mail: ummohwell@gmail.com
Phone: +995 599 15 44 32

1.6. Determination of the Operator responsible for processing a specific User's data

1.6.1. For Users located in the territory of the Russian Federation, the Republic of Belarus, and the countries of the Commonwealth of Independent States, the sole Operator of personal data is Individual Entrepreneur V. P. Voronezhtsev, regardless of the payment method used and regardless of whether a payment has been made.

1.6.2. For Users from other countries, the Operator of personal data is IE Nikolai Shupletsov.

1.6.3. The User's region is determined by IP address upon first registration with the Service.

2. Principles of Personal Data Processing

When processing personal data, the Operator is guided by the following principles:

  • processing is carried out on a lawful and fair basis
  • processing is limited to the achievement of specific, predefined, and lawful purposes
  • processing of personal data incompatible with the purposes of collection is not permitted
  • the content and scope of the personal data processed correspond to the stated purposes of processing
  • the accuracy, sufficiency, and relevance of personal data are ensured
  • personal data is stored in a form that allows the data subject to be identified for no longer than required by the purposes of processing

3. What Personal Data Is Processed

3.1. Data provided by the User upon registration

  • email address — used for authorization in the Service and for sending service notifications

3.2. Data generated automatically when using the Service

  • a unique account identifier (UUID) assigned by the Operator
  • the number of operations used (prompt checks) — to account for the limits of the selected plan
  • account creation and last activity dates
  • IP address — used to determine the region upon first registration and to determine the applicable payment currency; not retained in long-term logs
  • browser identifier and version — to ensure compatibility of the extension
  • payment transaction identifiers (without payment card information)

3.3. Data that the Operator does NOT collect or store

3.3.1. Prompt texts entered by the User into the interface of AI generators are not stored on the Operator's servers. Prompts are transmitted in anonymized form via a secure API channel for analysis and are not logged in permanent storage.

3.3.2. Generated images and videos are not uploaded or processed by the Service.

3.3.3. Reference images uploaded by the User into the AI generator interface are transmitted via a secure API channel solely for the purposes of analyzing prompt quality within their context. Reference images are not stored on the Operator's servers and are not used for any other purposes.

3.3.4. Browsing history, bookmarks, the content of other browser tabs, geolocation data, contacts, the User's files, biometric data, and special categories of personal data (racial origin, political views, health status, and others) are not collected by the Operator.

3.3.5. The Operator does not receive or store information about the User's payment cards. Card data is processed exclusively by the payment providers specified in Section 6 of this Policy.

3.4. Extension access to web pages

3.4.1. The Opten extension embeds the prompt evaluation interface directly into the pages of supported AI generators. To do this, the extension requests permissions (host permissions) to access the following domains, which are granted by the User once upon installation or update of the extension via the Chrome Web Store:

  • syntx.ai — the SYNTX AI image and video generator
  • higgsfield.ai — the Higgsfield AI generator (images, video, audio)
  • images.higgs.ai — the Higgsfield CDN for reference images
  • www.freepik.com — the Freepik Pikaso interface
  • pikaso.cdnpk.net — the Freepik Pikaso CDN for reference images

3.4.2. Within the scope of these permissions, the extension reads exclusively: (a) the prompt text in the AI generator's editor and (b) the reference images that the User has uploaded into the generator's interface themselves. Other data on the pages (browsing history, cookies, the content of other tabs, personal correspondence, forms) is not read or transmitted by the extension.

3.4.3. The User may at any time revoke previously granted permissions via the chrome://extensions interface → "Opten" → "Site access". Revoking permissions disables the operation of the extension on the corresponding site and does not affect the account or the paid subscription.

3.4.4. The Operator's use of data obtained through the Chrome API complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. The Operator does not use the data for advertising, does not transfer it to third parties beyond the cases described in Section 6 of this Policy, and does not determine the User's creditworthiness on its basis.

4. Purposes of Personal Data Processing

The Operator processes personal data exclusively for the following purposes:

  • providing the User with access to the functions of the Service in accordance with the selected plan
  • identifying the User upon authorization
  • accounting for usage limits under the selected plan
  • processing payments and managing subscriptions
  • sending service notifications (regarding subscription status, technical works, changes to the terms of service)
  • responding to User requests
  • fulfilling obligations under the public offer agreement published at opten.space/terms
  • complying with the requirements of applicable legislation

5. Legal Grounds for Processing

5.1. For Users for whom the Operator is Individual Entrepreneur V. P. Voronezhtsev

Personal data is processed on the following legal grounds provided for by Law 152-FZ:

  • the User's consent to the processing of personal data (Part 1, Clause 1, Article 6) — given by the User in explicit form by ticking the corresponding box upon registration
  • the necessity of processing for the performance of a contract to which the User is a party (Part 1, Clause 5, Article 6) — the public offer agreement published at opten.space/terms
  • the necessity of processing for the exercise of the rights and legitimate interests of the Operator, provided that the rights and freedoms of the User are not violated thereby (Part 1, Clause 7, Article 6)

5.2. For Users for whom the Operator is IE Nikolai Shupletsov

Processing is carried out on the following grounds:

  • performance of a contract to which the User is a party (Article 6(1)(b) GDPR)
  • the Operator's legitimate interest in improving the quality of the Service and preventing abuse (Article 6(1)(f) GDPR)
  • the User's consent (Article 6(1)(a) GDPR), where applicable
  • the legal grounds provided for by the Law of Georgia "On Personal Data Protection"

5.3. Consent to the processing of personal data

Consent to the processing of personal data is given by the User in an explicit, specific, informed, and conscious form by ticking the corresponding box in the Service interface upon registration of an account. Mere use of the Service without explicit consent is not regarded as consent to the processing of personal data.

The User has the right to withdraw this consent at any time by sending a corresponding request to the Operator's email address specified in Section 1 of this Policy.

6. Transfer of Personal Data to Third Parties

The Operator does not sell, rent out, or transfer Users' personal data to third parties, with the exception of the following categories of recipients acting as personal data processors on behalf of the Operator:

6.1. Payment providers

6.1.1. YooMoney NBCO LLC (NBCO "YooMoney"), operating under the YooKassa trademark — for processing Users' payments in rubles. Bank of Russia license. Address: 115035, Russian Federation, Moscow, Sadovnicheskaya St., 82, bldg. 2. Processes payment data in accordance with the international PCI DSS standard and Federal Law No. 161-FZ "On the National Payment System". Privacy policy: https://yoomoney.ru/page?id=525698

6.1.2. Paddle.com Market Limited — for processing international payments. Address: Judd House, 18-29 Mora Street, London, EC1V 8BT, United Kingdom. Acts as the Merchant of Record for international transactions and is independently responsible for PCI DSS compliance, tax handling, and refunds. Privacy policy: https://www.paddle.com/legal/privacy

6.2. Authentication

6.2.1. Google LLC — for authenticating Users via the OAuth 2.0 protocol (Google Sign-In). When this authentication method is selected, Google receives a request to confirm the User's ownership of a Google account and transfers the User's email address to the Operator. No other Google account data is transferred to the Operator. Google's privacy policy: https://policies.google.com/privacy

6.2.2. Authentication via a sign-in link sent to an email address (magic link) is carried out through the Operator's infrastructure without the involvement of third parties.

6.3. Cloud infrastructure

6.3.1. Beget LLC (hereinafter — "Beget") — for hosting the server infrastructure of the Service. Address: 197342, Russian Federation, Saint Petersburg, Karl Faberge Square, 8B, office 723. ИНН: 7813601434. Is a certified Russian cloud provider. All account databases, subscription information, and operation logs are hosted on Beget servers located in the territory of the Russian Federation.

6.4. Transfer to analysis services

6.4.1. To analyze prompt texts, the Service uses external artificial intelligence services. Prompt texts are transmitted in anonymized form (without identification of the User, without an email address, without any other personal data) via a secure API channel in real time and are not stored either by the Operator or by the third-party analysis service. Only the following are transmitted in the calls: the User's prompt text, optionally — reference images, and an anonymized request identifier.

6.5. Transfer as required by law

6.5.1. The Operator may transfer the User's personal data at the request of authorized government bodies in the cases provided for by the legislation of the Russian Federation, Georgia, or other applicable law, where a duly executed request is present.

7. Cross-Border Transfer of Personal Data

7.1. For Users for whom the Operator is Individual Entrepreneur V. P. Voronezhtsev

7.1.1. The main databases of the Service (accounts, subscriptions, usage limits) are hosted on Beget servers located in the territory of the Russian Federation. The initial collection, systematization, accumulation, storage, refinement, and extraction of Users' personal data is carried out in the Russian Federation in accordance with Part 5, Article 18 of Law 152-FZ.

7.1.2. When processing payments via YooKassa, the data is processed in the territory of the Russian Federation.

7.1.3. Certain technological services that ensure the functioning of the Service (delivery of the website's static content, processing of anonymized requests to artificial intelligence services) may be carried out through infrastructure located outside the Russian Federation. In such a transfer, Users' personal data in identifiable form is not transmitted.

7.1.4. If in the future a cross-border transfer of personal data in identifiable form becomes necessary, the Operator will submit a corresponding notification to the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) in the manner established by Article 12 of Law 152-FZ and will obtain separate consent from the User.

7.2. For Users for whom the Operator is IE Nikolai Shupletsov

7.2.1. Personal data may be transferred outside Georgia for the purposes of providing the Service. In such a transfer, the appropriate legal data protection mechanisms provided for by the GDPR apply, including the Standard Contractual Clauses approved by the European Commission.

8. Personal Data Retention Periods

8.1. The User's personal data is stored for the entire term of the account's existence and the processing of the paid subscription.

8.2. Upon deletion of an account, personal data is subject to destruction within 30 (thirty) calendar days from the date of receipt of the corresponding request from the User.

8.3. Payment information and related data are stored for the periods established by applicable tax and accounting legislation:

  • for payments via YooKassa — at least 5 (five) years from the moment the transaction is made, in accordance with Federal Law No. 402-FZ "On Accounting" and the Tax Code of the Russian Federation
  • for payments via Paddle — for the periods established by Paddle and the applicable tax legislation of Georgia, the United Kingdom, and other jurisdictions

8.4. Account identifiers and subscription information may be stored for the periods specified in clause 8.3 as part of payment documents in the capacity of transaction details.

9. Protection of Personal Data

9.1. The Operator takes the necessary and sufficient organizational and technical measures to protect Users' personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions, including:

  • use of a secure TLS/HTTPS connection for data transmission
  • authentication of Users via secure tokens (JWT)
  • storage of passwords as cryptographic hashes rather than in plain text
  • delineation of access of the Operator's employees to personal data
  • regular updating of software and elimination of known vulnerabilities
  • storage of backups in encrypted form
  • maintenance of personal data access logs

9.2. In the event of unauthorized access to Users' personal data, the Operator notifies the affected Users and the authorized government bodies within the periods established by applicable legislation.

10. User Rights

10.1. The User has the right to:

  • obtain information on whether the Operator holds their personal data and on the procedure for processing it
  • obtain information on the purposes of processing, the periods of processing and storage, the sources of the data, and the existence of any transfer of data to third parties
  • require the refinement, blocking, or destruction of their personal data in the event of its incompleteness, inaccuracy, unlawfulness of processing, or excessiveness for the purposes of processing
  • withdraw consent to the processing of personal data
  • delete their account and all personal data associated with it
  • appeal the actions (inaction) of the Operator to Roskomnadzor (for Users from the Russian Federation) or to another supervisory authority for the protection of personal data

10.2. For Users subject to the GDPR, additionally:

  • the right to restriction of the processing of personal data (Article 18 GDPR)
  • the right to object to processing (Article 21 GDPR)
  • the right to data portability in a structured, machine-readable format (Article 20 GDPR)

10.3. To exercise the said rights, the User must send a corresponding request to the Operator's email address specified in Section 1 of this Policy, indicating the email address used upon registration.

10.4. Time periods for considering requests:

  • for Users for whom the Operator is Individual Entrepreneur V. P. Voronezhtsev — no more than 10 (ten) business days from the moment the request is received, in accordance with Article 20 of Law 152-FZ. If necessary, the period may be extended, but by no more than 5 (five) business days, with notification to the User of the reasons for the extension
  • for Users for whom the Operator is IE Nikolai Shupletsov — no more than 30 (thirty) calendar days, in accordance with Article 12 GDPR

11. Cookies and Analytics

11.1. The website opten.space uses cookies for the following purposes:

  • technical (mandatory) cookies — to ensure the functioning of the site, authentication, session preservation, and security
  • analytical cookies — to analyze the use of the site in anonymized form, subject to the User's consent

11.2. The Opten extension uses browser storage (chrome.storage.local) to:

  • store the User's authorization data (tokens)
  • save the User's interface settings
  • cache the results of prompt analysis within a single session

11.3. Browser storage is used exclusively locally on the User's device and is not transmitted to the Operator's servers, except in the cases explicitly described in this Policy.

11.4. The User can manage cookies through the browser settings. Disabling technical (mandatory) cookies may render certain functions of the Service inoperable.

12. Minor Users

12.1. The Service is recommended for use by persons who have reached 18 (eighteen) years of age.

12.2. If the User is a minor, the use of the paid functions of the Service is permitted only with the consent of their legal representative.

12.3. If the Operator becomes aware that a minor User has registered without the consent of a legal representative, the Operator will, upon the request of the legal representative, delete the account and the personal data associated with it.

13. Changes to the Policy

13.1. The Operator has the right to make changes to this Policy. The current version of the Policy is published on the page opten.space/privacy with an indication of the date of the last update.

13.2. When making material changes, the Operator notifies Users by the email address indicated upon registration at least 14 (fourteen) calendar days before the changes take effect.

13.3. Continued use of the Service after the changes take effect constitutes the User's consent to the updated Policy. In the event of disagreement with the changes, the User has the right to discontinue use of the Service and delete their account.

14. Contact Information

14.1. For Users from the Russian Federation, Belarus, and the CIS countries

Individual Entrepreneur Vladislav Pavlovich Voronezhtsev
ИНН: 723016676391
E-mail: zignifer@gmail.com
Phone: +7 (929) 262-11-17

14.2. For Users from other countries

Individual Entrepreneur Nikolai Shupletsov
Tax ID: 306389672
E-mail: ummohwell@gmail.com
Phone: +995 599 15 44 32