SIREKEESSIREKEES

Privacy Policy

Effective May 24, 2026

This English text is a convenience translation. The legally binding version is the Russian original at sirekees.com/legal/privacy. Sirekees is operated by an individual entrepreneur registered in the Republic of Kazakhstan. If you require GDPR / CCPA-specific terms, contact us before signing up.

This Policy describes which personal data is collected and processed by Individual Entrepreneur «SIREKEES» (TIN 040502550481, registered at 506 Seifullin Street, office 12, Almaty, Kazakhstan; below - "we", "us", "Operator") when providing the Sirekees service (the website sirekees.com, Telegram Mini Apps and web catalogs built on the platform; below - "Platform"), and which rights you have over this data.

This Policy is built around the Personal Data Protection Law of the Republic of Kazakhstan No. 94-V dated May 21, 2013 ("PD Law"). By using the Platform you confirm that you read and understand this Policy.

1. Who the operator is

The personal data operator is Individual Entrepreneur «SIREKEES», 506 Seifullin Street, office 12, Almaty, Kazakhstan. Contact for personal data matters: help@sirekees.com.

2. Who this Policy covers

We split data subjects into two categories and handle their data differently:

  • Store owners — individuals and legal entities who sign up on the Platform to build their own stores for Telegram and the web.
  • Store customers — end buyers who place orders or bookings through stores built on the Platform.

3. What data we collect

3.1. From store owners

  • Email and password (stored in Firebase Authentication; passwords are not sent to us in clear text).
  • Store name and store content (menu, services, products, text, photos).
  • Store contact details: phone, address, social media links.
  • Telegram bot token, payment provider token, owner chat ID — secrets needed for Telegram integration (kept in an isolated, encrypted table accessible only to the service role).
  • Billing data: invoice records and subscription status. We do not store card numbers — those are handled by the payment provider.
  • Technical data: IP address, browser type, access time, in-app actions (used for security and analytics).

3.2. From store customers

  • Name, phone, order comment — for the order or booking.
  • Delivery address (for stores that ship orders).
  • Telegram user ID — if the order is placed via the Telegram Mini App.
  • Order and booking history, loyalty points, reviews.

4. Why we process data

  • Create and maintain the owner account and authenticate sign-ins.
  • Provide Platform features: store creation, orders, bookings, payments.
  • Billing and subscription fees.
  • Service notifications (new order, subscription ending, service updates).
  • Security (rate limiting, brute-force protection).
  • Platform improvements (aggregated usage stats, no personal identification).
  • Marketing emails — only with explicit consent and with a one-click unsubscribe.

5. Legal grounds

We process personal data on the following grounds:

  • Subject's consent (when signing up on the Platform and when a customer places an order in a store).
  • Performance of a contract the subject is a party to (Terms of Service, Offer).
  • Statutory obligations (accounting, tax records).
  • Legitimate interest of the Operator (security, fraud prevention) where this does not override the subject's rights.

6. Sharing data with third parties

To run the service we share data with the processors below. Each processor is bound by a contract that requires confidentiality and limits the use of data to the purposes we specify.

  • Google (Firebase Authentication) — owner account storage, US servers.
  • Supabase Inc. — main database (PostgreSQL), EU servers.
  • Vercel Inc. — application hosting, EU and US servers.
  • xAI Corp. — handles AI assistant requests when creating and editing stores; no passwords or card details are sent.
  • Telegram FZ-LLC — receives orders and messages through the Telegram Bot API; payment via Telegram Stars.
  • YooMoney Inc. (YooKassa) — subscription payments in rubles.
  • Interkassa — subscription payments in tenge and US dollars. We never receive raw card numbers.

Data transfers outside the Republic of Kazakhstan happen to countries that provide an adequate level of personal data protection, or under contracts with standard data protection clauses.

7. How long we keep data

  • Owner account data — for the lifetime of the account + 90 days after deletion.
  • Store and store-customer data — for the lifetime of the store + 90 days after deletion.
  • Financial records — 5 years, as required by Kazakhstan tax law.
  • Security logs — up to 12 months.

8. Your rights

Under the PD Law you have the right to:

  • Get information about whether the Operator holds your personal data.
  • Get a copy of the data we process.
  • Ask us to fix inaccurate data.
  • Ask us to block or delete data processed in breach of the Law.
  • Withdraw consent for processing (this may make it impossible to keep providing the service).
  • Appeal Operator actions to the authorized personal data protection body of the Republic of Kazakhstan.

To exercise these rights, send a request to help@sirekees.com. We respond within 30 calendar days.

9. Security

We apply technical and organizational protection measures: HTTPS/TLS traffic encryption, secret isolation (a separate table accessible only to the service role), database role separation, rate limiting on sensitive endpoints, regular dependency updates. No protection on the internet is absolute.

10. Cookies and similar technologies

We use:

  • Technical cookies — Firebase session, session-present marker, cart in LocalStorage. The service does not work without them.
  • Analytics — aggregated usage metrics. We do not identify individual users.

Disabling technical cookies makes the Platform unusable.

11. Children

The Platform is not intended for people under 16. We do not knowingly collect personal data from minors. If you are a parent or guardian and find that a minor has given us data, contact us to delete it.

12. Changes to this Policy

We may update this Policy from time to time. The current version is always published at sirekees.com/legal/privacy with the date of the last update. We notify you about material changes by email or inside the Platform.

13. Contact

For any personal data matters write to help@sirekees.com or to the postal address: 506 Seifullin Street, office 12, Almaty, Kazakhstan.

Privacy Policy | Sirekees