RU

Personal Data Processing Policy

Published: March 21, 2026 | Version 1.0

1. General Provisions

This Personal Data Processing Policy (hereinafter — the "Policy") defines the procedure for processing and protecting personal data of users of the "RetroDvor" service (hereinafter — the "Service"), available at retro-dvor.ru.

The Policy has been developed in accordance with Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" and other regulatory acts of the Russian Federation in the field of personal data.

By using the Service and authorizing through the "CheckPoint" single sign-on system, the User confirms that they have read this Policy and consent to the processing of their personal data.

2. Personal Data Operator

  • Name: Individual Entrepreneur Romanov Maksim Alexandrovich
  • OGRNIP: 321470400049425
  • Address: Russia, Saint Petersburg
  • Contact email: service@chkpnt.ru

3. Categories of Personal Data Processed

3.1. Data Received Through the "CheckPoint" SSO System

Authorization in the Service is performed exclusively through the SSO provider "CheckPoint" (chkpnt.ru) using the OAuth 2.0 protocol. Upon authorization, the Service receives:

  • User identifier — unique account number in the "CheckPoint" system
  • Username — public user name
  • Display name — name displayed in the profile
  • Avatar URL — link to the profile image

Not transmitted to the Service: phone number, email address, password, two-factor authentication data.

3.2. Data Generated During Service Use

  • Game saves — game states, progress data
  • Achievements — unlocked game rewards with timestamps
  • Playthroughs — game session statistics: time, duration, completion status
  • Game sessions — active session data for ensuring gameplay integrity
  • ROM files — user-uploaded game files (stored in encrypted form)

3.3. Automatically Collected Data

  • Authorization tokens — JWT tokens for maintaining sessions (duration: 60 minutes)
  • Refresh tokens — functional cookies for extending sessions (duration: 30 days, httpOnly)

4. Purposes of Personal Data Processing

  • User identification and providing access to the Service
  • Saving game progress and synchronization between devices
  • Tracking achievements and building player profiles
  • Ensuring gameplay integrity (anti-cheat system)
  • Secure storage of user ROM files
  • Compliance with the laws of the Russian Federation

5. Legal Basis for Processing

  • Consent of the data subject (Art. 6, Part 1, Clause 1 of Federal Law No. 152-FZ)
  • Performance of a contract (user agreement) to which the data subject is a party (Art. 6, Part 1, Clause 5)

6. Transfer of Data to Third Parties

6.1. "CheckPoint" SSO System

The Service receives data from the "CheckPoint" system (chkpnt.ru) as part of OAuth 2.0 authorization. Data processing by the "CheckPoint" provider is governed by its own Privacy Policy.

6.2. Other Third Parties

The Service does not transfer users' personal data to other third parties. The Service does not use third-party analytics, advertising networks, or trackers.

7. Data Storage and Protection

7.1. Storage Location

Personal data is stored on servers located in the Russian Federation, in accordance with Art. 18, Part 5 of Federal Law No. 152-FZ.

7.2. Storage Periods

  • Account data — for the entire period of Service use
  • Game saves and achievements — for the entire period the account exists
  • JWT tokens — 60 minutes
  • Refresh tokens — 30 days
  • CSRF tokens (OAuth state) — 10 minutes

7.3. Security Measures

  • ROM files are stored in encrypted form
  • HTTPS protocol is used for data transmission
  • httpOnly cookies with Secure and SameSite attributes are used
  • Refresh token rotation is implemented on each renewal
  • CSRF attack protection through OAuth state parameter
  • Strict CORS policy is configured

8. Cookies

The Service uses the following cookies:

refresh_token — a functional cookie for maintaining the authorization session. Attributes: httpOnly, Secure, SameSite=Lax. Duration: 30 days.

The Service uses only functional cookies necessary for authorization. No analytics, advertising, or tracking cookies are used.

9. Rights of the Data Subject

The User has the right to:

  • Receive information about the processing of their personal data
  • Request clarification, blocking, or deletion of their personal data
  • Withdraw consent to the processing of personal data
  • Appeal the Operator's actions to Roskomnadzor or in court

To exercise these rights, send a request to service@chkpnt.ru. A response will be provided within 30 days.

To manage "CheckPoint" account data (profile changes, account deletion), contact the SSO provider "CheckPoint" at service@chkpnt.ru.

10. Processing of Minors' Data

The Service is not intended for persons under 14 years of age. If we become aware that we are processing data of a child under 14 without the consent of a legal representative, such data will be immediately deleted.

11. Changes to the Policy

The Operator may make changes to this Policy. The current version is posted on this page with the date of the last update. Continued use of the Service after publication of changes constitutes acceptance of the updated Policy.

12. Contact Information