Konstantin Sadykov · February 24, 2026
Last updated: May 2026
This Privacy Policy ("Policy") explains how Konstantin Sadykov, self-employed individual in the Republic of Kazakhstan, Almaty ("Operator", "We", "Us"), collects, uses, stores, and protects your personal data when using the Pharos AI App available at pharos.guru. The Policy complies with the Law of the Republic of Kazakhstan "On Personal Data and Their Protection" No. 94-V (as amended), the Digital Code of RK, the Law on Artificial Intelligence No. 230-VIII, and — for EU users — Regulation (EU) 2016/679 (GDPR) and Regulation (EU) 2024/1689 (EU AI Act).
By continuing to use the App, you consent to data processing. This Policy supplements Telegram's Privacy Policy (https://telegram.org/privacy/eu).
1.1. Automatically from Telegram: Telegram ID, first name, last name, username, language.
1.2. Provided by User: Date/time of birth, gender, birth/current cities, marital status.
1.3. Chats & History: User and AI messages, agent role, date, session ID.
1.4. Transactions: Amount, date, type, Telegram payment ID.
1.5. Local (device localStorage): Guest ID, profile cache, last Tarot spread, language, usage counter.
1.6. Google OAuth data: name, email address, Google account ID — collected when user signs in via Google. We do not store Google passwords or payment details.
1.7. We do not collect: phone number, contacts, real-time geolocation, photos, biometrics, bank card details. Payments are processed exclusively via Telegram Stars.
2.1. Personalisation of services (calculations, consultations).
2.2. Storing chat history for continuation.
2.3. Managing Stars balance and transactions.
2.4. App improvement (anonymized usage analysis).
2.5. Compliance with legal obligations (audit, reporting).
Processing is based on consent (Art. 8 Law on PD RK; Art. 6(1)(a) GDPR), contract performance, and legitimate interests (security, improvement). For special categories (e.g., date of birth), explicit consent is obtained. Consent valid for 5 years or until withdrawal.
3.1. DeepSeek AI (China): Query text, context, date of birth, name for response generation. Minimized transfer; standard contractual clauses (SCCs) used for GDPR compliance. Note: China is not deemed adequate under GDPR.
3.2. Supabase (US/EU): Database storage (profiles, chats, transactions). Row Level Security (RLS) + SCCs.
3.3. Vercel (US): Hosting, request logs, IP addresses. SCCs applied.
3.4. Telegram (UAE): Authentication, payments, notifications. Subject to their policy.
3.5. Google (US): Authentication via Google OAuth. Name and email received upon login. Subject to Google's Privacy Policy (policies.google.com/privacy).
3.6. Sharing only when necessary, with data protection agreements. For EU users: transfers outside EEA covered by SCCs or other safeguards. We do not sell data. In case of breach, notification within 72 hours (GDPR) or 3 days (RK law).
4.1. Server data stored on Supabase (EU/US regions) for up to 5 years or until deletion request — then anonymized or deleted.
4.2. Measures: HTTPS, Telegram InitData authentication, RLS, encryption in transit and at rest. Risk assessment conducted (low risk; no mandatory DPIA under GDPR Art. 35). Automatic AI quality audit per Law on AI of RK.
4.3. Local data: controlled by User on device.
5.1. Access, rectification, erasure, withdrawal of consent, restriction of processing (Arts. 19–22 Law on PD RK).
5.2. For EU users (GDPR): data portability (Art. 20), objection (Art. 21), complaint to DPA (Art. 77). No automated decisions with legal effects (Art. 22).
5.3. Requests: via bot or email. Processed within 15 days (RK) or 1 month (GDPR, extendable to 3).
5.4. Erasure: chats, profile, and account upon request. Withdrawal does not affect prior processing.
6.1. AI generates responses without human review. Automatic quality audit in place. Users informed of AI interaction (EU AI Act Art. 50; Law on AI of RK Art. 13).
6.2. No automated decisions producing legal or similarly significant effects.
We will notify via App or bot at least 30 days in advance. Continued use constitutes acceptance.
Email: agasheknet@gmail.com
Telegram: @agasheknet
Operator: Konstantin Sadykov, Almaty, Republic of Kazakhstan
Governing law: Republic of Kazakhstan, supplemented by GDPR / EU AI Act for EU users.
EU complaints: to your national DPA (e.g., BfDI in Germany).