Keruj respects the confidential information of every Client who registers on the website: https://keruj.com. Please read this privacy policy carefully.

This Privacy Policy governs the relationship between Sole Proprietor Sveredyuk V.R. (hereinafter referred to as the Licensor, Keruj) and any natural person, self-employed person, entrepreneur, or corporate entity (hereinafter referred to as the Client) regarding the processing of personal data (information) when using the service provided to the Client in accordance with the Terms of Access and Use of the Keruj Service. The privacy policy applies to all data and information received by Keruj from the Client/Administrator/User during the use of the service. If any conditions defined by this Privacy Policy are not accepted by the person intending to use the Service, such person has no right to use the Service.

1. General Provisions

1.1. This Privacy Policy has been developed on the basis of the current legislation of Ukraine, in particular the Law of Ukraine "On Personal Data Protection".

1.2. The Privacy Policy operates in accordance with the Terms of Access and Use of the Keruj Service ("License Agreement", "License Terms").

1.3. Reviewing and agreeing to the Privacy Policy is mandatory to obtain the right of access to use the Keruj service.

1.4. By registering in Keruj, the Client confirms that they are familiar with all the documents mentioned above, as well as this Privacy Policy. The consent of the personal data subject (Client) is a voluntary expression of will to grant permission for the processing of personal data in accordance with the formulated purpose of their processing, given during registration in the system by ticking the box to grant permission for the processing of personal data in accordance with the formulated purpose of their processing.

1.6. During the registration of the Client/Administrator/User in Keruj, their account (profile) is automatically created, which includes a range of personal data. The Client/Administrator/User takes full responsibility for ensuring that the entered data is accurate, complete, and up-to-date in terms of content.

1.7. The Client independently controls access to the mobile phone number which acts as the login and to which passwords for authorization in the service are sent, therefore Keruj is not responsible for its security and for the consequences of the Client transferring access to the mobile phone number to third parties (Administrator/Users). Keruj has the right to prohibit the use of certain mobile phone numbers.

1.8. In the event that Keruj has grounds to believe that the provided information is incomplete or erroneous, Keruj has the right, at its sole discretion, to block or delete the account of the Client/Administrator/User, as well as to prohibit the Client/Administrator/User from full or partial use of the service.

1.9. The Client bears sole responsibility for the distribution of access data to the service (identifiers, passwords, etc.), for entering personal data of other persons (Administrator/Users), and for the content, including compliance of the content with current legislation.

2. Types of Information and Purpose of its Processing

2.1. Information provided to Keruj may include:

• data, including third-party data (administrator/users): name, mailing address, email, phone number, bank account (card account) information, Internet Protocol (IP) address, browser type, Internet Service Provider (ISP), referring pages, interests, login/logout dates and times, operating system;

• information imported from third-party services during integrations;

• content being uploaded;

• information received from the Client/Administrator/User from other official sources, including social networks, and via messengers configured to work with the service.

2.2. The Client guarantees that they have obtained all necessary permissions and consents for placing personal information regarding third parties (Administrator/Users), and also guarantees the full and unconditional consent of these individuals to all provisions of this Privacy Policy.

2.3. The Keruj service informs that it uses cookies and similar technologies to personalize content, marketing, analytics, performance, security features, as well as access to secure areas of the service. For these purposes, Keruj engages third-party providers (specifically, PostHog for product analytics and Sentry for error monitoring) — the full list is provided in Section 6 of this Policy.

2.4. Processing of personal data may be carried out for the following purposes:

• proper provision of services for administration and optimization of trade management processes;

• improving the operation of the service, including modernization in accordance with the Client's needs;

• marketing tasks, namely, bringing young products of the service to the Client's attention;

• communicating with the technical support department, marketing department, and other structures of the service, including accepting suggestions from the Client/Administrator/Users;

• resolving conflict situations;

• ensuring the realization of the rights of the Client/Administrator/Users of the service.2.5. Keruj does not control the accuracy and relevance of the information provided to it, but has the right to demand confirmation of its accuracy at any time.

• automated processing of content using artificial intelligence systems to provide the User with intelligent features of the Service;

• collection of technical telemetry and error information to ensure the stability and security of the Service.

2.6. Keruj may provide the ability to integrate the service with products of third-party providers. Keruj has the right to place links to other websites/services. At the same time, Keruj is not responsible for the collection, storage, and processing of personal information by third-party software, meaning that in such cases, this Privacy Policy does not apply.

2.7. Keruj informs that the data provided by the Client/Administrator/User, or collected by the service about the Client/Administrator/User, will be copied and stored on servers located within the European Union (Frankfurt, Germany). Transfer of data to subprocessors listed in Section 6 of this Policy is also carried out exclusively within the infrastructure located within the EU. Such backup and copying will ensure and facilitate the recovery of lost or damaged content.

2.8. Keruj is not responsible for the transmission of API access tokens to third parties and subsequent data leaks.

2.9. Keruj has the right to publish/post individual reviews of the Client/Administrator/User about the service on its website. If the Client/Administrator/User wishes to remove their review, they must send a corresponding request to ot@keruj.com.

2.10 Data processing using artificial intelligence systems. To provide certain functions of the Service, Keruj uses artificial intelligence systems (large language models) of third-party providers. Such functions include automatic summarization of texts, classification of client requests, generation of reports, etc. Only the content necessary to perform the specific function at the User's request is transmitted to artificial intelligence systems (specifically, text fields that the User intentionally sends for processing). Bank details, passwords, complete databases of personal data, and other sensitive data are not transmitted to artificial intelligence models. The providers with whom Keruj cooperates are contractually bound not to use the data transferred to them to train their own models. The list of artificial intelligence service providers is provided in Section 6 of this Policy.

3. Cases of Disclosure of Personal Information

3.1. Personal data may be transferred to execute an agreement under which the Client is a party, beneficiary, or guarantor, provided that the Client's prior consent is obtained.

3.2. Personal data may be used to protect the rights and legitimate interests of the service or third parties in cases where the User violates copyright and other intellectual property rights of Keruj and/or the corresponding License Agreement. In this case, the information may be transferred to regulatory/law enforcement authorities and courts.

3.3. Personal information may be transferred to connect and/or register third-party software products in the Client's name, provided that the Client's prior consent is obtained.

4. Rights of the Client/Administrator/Users

4.1. The Client/Administrator/Users have the right:

• to protect their personal data within the framework of this privacy policy and the current legislation of Ukraine;

• to edit their account (profile) by making changes and additions;

• in the event of termination of use of the service, to demand the deletion of all account data and content;

• to upload content related to the Client's activities and download content at any convenient time. In case of termination of the contractual relationship, the Client has 7 calendar days to download the content; in case this term is exceeded, the service obtains the full right to delete the Client's content independently without agreement or prior warning of such actions;

• to leave feedback on the operation of Keruj;

• to demand from Keruj not to use personal data for marketing purposes by contacting the address ot@keruj.com

4.2. The Client has the right to grant access to the service to additional administrators/users.

5. Security of Personal Information

5.1. Keruj takes necessary legal, organizational, and technical measures, or ensures they are taken, to protect Personal Information from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution, as well as other illegal actions regarding Personal Information, including, but not limited to:

• Using EC, RSA, and AES-XTS encryption in the Keruj system.

• Using 2FA for session authorization.

• Constantly improving methods of data collection, storage, and processing.

6. Subprocessors

6.1. To ensure the operation of the Service, Keruj engages subprocessors — third parties who process personal data solely on behalf of Keruj and within the limits necessary to provide services.

6.2. List of main subprocessors:

Infrastructure and hosting:

• Northflank Ltd. — application and database hosting. Processing region: Frankfurt, Germany.

• DigitalOcean, LLC — object file storage (S3-compatible). Processing region: Frankfurt, Germany.

Analytics and monitoring:

• PostHog Inc. — product analytics. Instance: PostHog Cloud EU (Frankfurt, Germany).

• Sentry (Functional Software, Inc.) — error and performance monitoring. Instance: Sentry EU (Frankfurt, Germany). Artificial intelligence systems:

• Mistral AI SAS (France) — text processing with large language models.

• Amazon Web Services EMEA SARL (Luxembourg) — Amazon Bedrock service, which includes Anthropic Claude models. Processing region: eu-central-1 (Frankfurt, Germany).

6.3. All subprocessors listed above process data within the countries of the European Union.

6.4. Artificial intelligence service providers are contractually bound not to use the data transferred to them to train their own models.

6.5. Keruj reserves the right to change the list of subprocessors. In case of involving new subprocessors, this section will be updated, and the date of the last update of the Policy will be changed accordingly.

7. Final Provisions

7.1. This privacy policy may be changed unilaterally by Keruj by posting the terms of the revised policy on the Internet at https://keruj.com/privacy. In case of such changes, the date of the last update of this privacy policy will be updated accordingly.

7.2. Keruj recommends periodically checking the Privacy Policy for any updates.

7.3. The procedure for using the Keruj service is governed by the License Agreement.

7.4. In the event of discrepancies between this Privacy Policy and the provisions of the License Agreement, the relations are governed by the provisions of the License Agreement.