ЭТОЧАТБОТ
Messengers
Telegram MAX Instagram* VK
AI agents Pricing
Product
About us Contact Help center Blog Legal
Start for free Sign in

Legal· Data processing agreement (DPA)

Service documents

Data processing agreement (DPA)

Conditions for processing end-customer data on the User's instructions.

Updated April 29, 2026

In brief

When you use ETOCHATBOT to talk to your own customers on messaging platforms, we process those customers' data on your instructions. You remain the operator of their personal data, and we act as a processor (Part 3, Article 6 of 152-FZ; "processor" in the language of GDPR Art. 4(8)). This Agreement sets the terms for that processing.

1. Parties

  • Data operator (Customer) — you, the service User, acting as the operator of your end customers' personal data.
  • Data processor (Contractor) — sole proprietor Dmitry Yuryevich Kiselev, operator of ETOCHATBOT (full details on the Operator details page).

2. Subject matter

The Contractor processes the Customer's end customers' personal data solely for purposes required to deliver the service under the Public offer:

  • receiving and routing messages from messaging platforms;
  • showing conversations in the Customer's interface;
  • storing message history and media;
  • relaying the Customer's responses back to the messaging platform;
  • providing APIs and webhooks for integration with the Customer's systems;
  • ensuring data security and integrity.

Any processing beyond these purposes is only allowed under a separate, documented instruction from the Customer.

3. Categories of subjects and data

  • Data subjects: individuals who contacted the Customer's connected messaging bot ("End customers").
  • Categories of personal data: user identifier on the corresponding chat channel; username and profile name; profile photo (if provided by the channel); message contents and media sent to the bot; message metadata (time, delivery status).
  • Special categories of personal data (Article 10 of 152-FZ; Art. 9 GDPR) are only processed when an End customer sends them to the bot themselves. The Customer must not use the service to deliberately collect such data.

4. Contractor's obligations

The Contractor undertakes to:

  1. Process personal data only on documented instructions from the Customer, except where processing is required by Russian law.
  2. Maintain the confidentiality of personal data and apply the security measures described in Security measures and required by Article 19 of 152-FZ.
  3. Allow only employees who have signed a non-disclosure obligation to process personal data.
  4. Engage sub-processors only with the Customer's general prior consent, provided they are subject to equivalent obligations. The Contractor will notify the Customer of a new sub-processor at least 14 calendar days in advance via email or inside the dashboard.
  5. Assist the Customer in upholding data subject rights (Article 14 of 152-FZ): provide data exports on request and ensure deletion at a subject's request.
  6. Assist the Customer in notifying Roskomnadzor and data subjects of incidents (Part 3.1, Article 21 of 152-FZ): notify the Customer of an incident within 24 hours of detection.
  7. Upon termination of the services, at the Customer's choice, return or delete all processed personal data, except data the Contractor is required to retain by law.
  8. Support audit of compliance with this Agreement on the Customer's reasonable request by providing documentation of the security measures implemented.

5. Customer's obligations

The Customer undertakes to:

  1. Have legal grounds to process their End customers' personal data (collecting consent on first contact, performance of a contract, or another basis under Article 6 of 152-FZ).
  2. Not use the service for unlawful data collection, spam, or any action prohibited by the Terms of service and the Anti-spam policy.
  3. Publish their own privacy policy and notify End customers about the collection of their personal data and the purposes of processing.
  4. Forward End customer requests requiring Contractor action to the Contractor within a reasonable timeframe.

6. Storage localization

The Contractor stores and initially collects End customers' personal data in data centers located in the Russian Federation (Part 5, Article 18 of 152-FZ).

7. Retention periods

Retention periods for data processed under this Agreement are defined in the Privacy policy ("Retention periods" section). The Customer may initiate deletion of a specific End customer's data at any time.

8. Liability

The Parties are liable for breaches of this Agreement in accordance with Russian law. The Contractor's aggregate liability is limited as set out in the Public offer ("Liability of the parties" section).

9. Term and termination

This Agreement is in effect for the entire term of the service agreement between the Customer and the Contractor. Termination of the agreement also terminates this Agreement; however, confidentiality obligations survive.

10. Applicable law

This Agreement is governed by the laws of the Russian Federation. Disputes are resolved as set out in the "Miscellaneous" section of the Public offer.

11. Contacts

For questions about this Agreement and End customer data processing: info@etochat.bot with "DPA" in the subject line.