Privacy Policy

ПОЛИТИКА КОНФИДЕНЦИАЛЬНОСТИ → PRIVACY POLICY

PRIVACY POLICY

Last updated: 17 июня 2026 г.

1. GENERAL PROVISIONS

This Privacy Policy (hereinafter — the "Policy") defines the procedure for processing and protecting the personal data of users of the website Omlen (hereinafter — the "Site"), available at https://omlen.site, and the services provided through this Site (hereinafter — the "Services"), in accordance with the Law of the Republic of Uzbekistan "On Personal Data" No. ZRU-547 dated 02.07.2019 (hereinafter — the "Personal Data Law").

By using the Site or the Services, you agree to the terms of this Policy. If you do not agree with the terms of this Policy, please do not use the Site and the Services.

Owner and/or operator of the personal data database: ООО «QAVENTO SYSTEM» (STIR (TIN): 313106144, address: город Ташкент, Шайхантахурский район, Labzak MFY, Labzak ko'chasi, 64а-uy; the service's trade name — Omlen) (hereinafter — the "Operator"). The terms "we", "us", "our" refer to the Operator. The terms "you", "your", "user", or "client" refer to any individual or legal entity that uses the Site or the Services.

Consent to the processing of personal data is formalized as a separate document in accordance with Article 21 of the Personal Data Law (Consent to Processing of Personal Data).

The terms of provision of the Services are defined by the Public Offer.

The Operator does not process special categories of personal data (Article 25 of the Personal Data Law: data on racial and ethnic origin, political views, religious and other beliefs, health status, intimate life, criminal record, etc.) and does not process biometric and genetic personal data (Article 26 of the Personal Data Law).

2. CATEGORIES OF PERSONAL DATA SUBJECTS

The Operator processes the personal data of the following categories of subjects:

Registered users — individuals and legal entities who have created an account on the Omlen platform.
Site visitors — persons who visit the Site without registration (depersonalized technical data is processed: IP address, cookies, browser data).
Persons contacting support — persons who send requests to the Operator's email address.

3. LEGAL GROUNDS FOR PROCESSING

The processing of personal data is carried out on the following legal grounds (Article 18 of the Personal Data Law):

Consent of the subject (Article 21 of the Personal Data Law) — processing of data for which the User has given separate consent during registration.
Performance of a contract — processing of data necessary for the performance of the Public Offer (the contract for the provision of Services) to which the User is a party.
Legal obligation — processing of data necessary to comply with the requirements of the legislation of the Republic of Uzbekistan (tax and accounting records, responses to lawful requests from state authorities).
Legitimate interest of the Operator — processing of depersonalized analytical data to improve the Services and ensure security, provided that this does not violate the rights and legitimate interests of the personal data subject.

4. COLLECTION AND PROCESSING OF INFORMATION

4.1. Information provided by the user

| Data | Purpose of processing | Ground |
|---|---|---|
| Email address | Account registration, authorization, communication with the user, notifications | Contract, consent |
| First name, last name (if provided) | Account personalization | Consent |
| Payment data | Payment processing (via intermediary payment systems; the Operator does not store full card details) | Contract |
| Content uploaded to the platform | Provision of Services (hosting, AI editing) | Contract |
| Chat messages with the AI | Content generation, operation of AI functionality | Contract, consent |
| Support requests | Processing of requests, problem resolution | Contract, legitimate interest |

4.2. Data obtained through OAuth providers

When authorizing through third-party services (Google, GitHub, Telegram, and others), the Operator receives the following data from the respective provider (to the extent provided by the provider and permitted by the user):

The user's identifier in the provider's system.
Email address.
First name and last name (if available).
Profile avatar URL (if available).

The source of the data is the respective OAuth provider. The data is used solely for creating and maintaining an account on the platform. The legal ground is the consent of the subject (Article 21 of the Personal Data Law) and the performance of the contract.

4.3. Automatically collected information

| Data | Purpose of processing | Ground |
|---|---|---|
| IP address | Security, analytics, prevention of abuse | Legitimate interest |
| User-Agent (browser type, OS, device) | Ensuring compatibility, analytics | Legitimate interest |
| Visit data (pages, time, referral source) | Usage analytics, improvement of Services | Legitimate interest |
| Cookies and similar identifiers | Authorization, preferences, analytics (see Section 8 for details) | Consent, legitimate interest |

4.4. Methods of processing

The processing of personal data is carried out in the following ways: collection, systematization, accumulation, storage, modification (updating, supplementing), retrieval, use, provision (access), distribution, depersonalization, blocking, destruction (Articles 10–17 of the Personal Data Law). Processing is carried out using automation tools (information systems, databases, server software) and without the use of automation tools (when processing support requests).

5. TRANSFER OF INFORMATION TO THIRD PARTIES

We do not sell or trade your personal information. The transfer (provision of access to) of data to third parties is carried out in the following cases:

Hosting and infrastructure service providers — for hosting and ensuring the operability of the platform.
Payment systems and acquirers — for payment processing (card data is processed directly by the payment provider).
AI technology providers — to ensure the operation of content generation and AI chat functionality.
Analytics services — for analyzing the use of the platform (in depersonalized form).
OAuth providers (Google, GitHub, Telegram, and others) — when authorizing through third-party services (only the technical information necessary for authentication is transferred).
State authorities of the Republic of Uzbekistan — upon lawful request in cases provided for by the legislation of the Republic of Uzbekistan.

The persons to whom personal data is transferred (processors) are engaged by the Operator on the basis of a contract and are obliged to maintain confidentiality and comply with the requirements for the protection of personal data (Articles 27, 28 of the Personal Data Law).

6. DATA PROTECTION

We apply organizational and technical measures to protect personal data in accordance with Article 27 of the Personal Data Law, including:

Encryption of data during transmission (SSL/TLS).
Regular updating of security systems.
Restricting access to personal data to authorized persons only.
Regular data backup.
Monitoring systems for suspicious activity.
Password hashing (passwords are stored in encrypted form and are inaccessible even to the Operator's employees).

The Operator ensures the confidentiality of personal data in accordance with Article 28 of the Personal Data Law. No method of transmission over the Internet or method of electronic storage is 100% secure. Although we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. AUTOMATED PROCESSING AND DECISION-MAKING

The platform uses artificial intelligence (AI) technologies to generate content (texts, website code) based on the User's requests. Generation results are formed automatically based on the data entered by the User and do not involve automated decision-making that produces legal consequences for the subject or otherwise affects their rights and legitimate interests.

The User independently decides on the use of AI generation results. If you believe that automated processing violates your rights, you have the right to contact the Operator with a request for clarification of the procedure for processing and decision-making based on automated processing (contacts — Section 16).

8. COOKIES

We use cookies and similar technologies to ensure the operability of the Site, analyze usage, and store user preferences.

| Type | Purpose | Term |
|---|---|---|
| Strictly necessary | Authorization, security, CSRF protection. Cannot be disabled. | Session / up to 1 year |
| Analytical | Visit statistics, popular pages. Data is depersonalized. | Up to 2 years |
| Functional | Remembering user preferences (theme, language). | Up to 1 year |

You can configure your browser to refuse or delete cookies. Disabling strictly necessary cookies may affect the operability of the Site. By continuing to use the Site, you agree to the use of cookies in accordance with this Policy.

9. YOUR RIGHTS

In accordance with Article 30 of the Personal Data Law, you have the following rights:

Right to information (Articles 22, 30): You may request and receive the following information: confirmation of the fact of processing of your personal data; the legal grounds and purposes of processing; methods of processing; the name and address of the Operator; the list of personal data processed and the source of its receipt; the terms of processing and storage; the procedure for exercising your rights; information about the persons who have access to personal data or to whom it may be transferred; information about the cross-border transfer that has been or is intended to be carried out.
Right to modification and supplementation (Article 30): You may demand the modification, supplementation, blocking, or destruction of your personal data if it is incomplete, outdated, or inaccurate.
Right to destruction: You may demand the cessation of processing and destruction of your personal data.
Right to withdraw consent (Article 21): You may withdraw your consent to the processing of data at any time. The withdrawal procedure is described in the Consent to Processing of Personal Data.
Right to appeal: You have the right to file a complaint with the authorized state body in the field of personal data — the State Personalization Center under the Cabinet of Ministers of the Republic of Uzbekistan — and/or to apply to the court. Compliance with the special conditions for the processing of personal data is supervised by the State Inspectorate for Control in the Sphere of Informatization and Telecommunications ("Uzkomnazorat") (uzkomnazorat.uz).

9.1. Procedure for applying

To exercise the specified rights, send a request to: support@omlen.site.

The request must contain:

Information allowing identification of the personal data subject (or their representative), including the details of an identity document.
Information confirming your participation in the relationship with the Operator (for example, the email address to which the account is registered).
The signature of the personal data subject or their representative (when sent in electronic form, the use of an electronic digital signature or sending from the email address linked to the account is permitted).

Review period: The Operator reviews the request and provides the requested information within the periods established by the legislation of the Republic of Uzbekistan.

10. STORAGE AND DESTRUCTION OF DATA

10.1. Storage periods

Account data (email, name, settings) — for the term of the account's validity and 3 (three) years after its deletion (for the fulfillment of obligations and the resolution of disputes, within the general limitation period under Article 150 of the Civil Code of the Republic of Uzbekistan).
AI chat data — for the term of the account's validity; deleted upon account deletion or at the User's request.
Payment data — in accordance with the requirements of the tax legislation of the Republic of Uzbekistan and the Law of the Republic of Uzbekistan "On Accounting" (as a rule, no less than 5 years).
Analytics data (depersonalized) — no more than 3 (three) years.
Support requests — 1 (one) year from the date of the last request.

10.2. Destruction procedure

Upon achievement of the purpose of processing, expiration of the storage period, or at the subject's request, personal data is subject to destruction within 30 (thirty) days (Article 17 of the Personal Data Law). Destruction is carried out by irretrievably deleting records from the Operator's information systems. If necessary, the Operator draws up an act on the destruction of personal data. Depersonalized data (analytics) is not subject to destruction as it does not relate to personal data.

11. STORAGE AND LOCALIZATION OF PERSONAL DATA ON THE TERRITORY OF THE REPUBLIC OF UZBEKISTAN

The processing of personal data of citizens of the Republic of Uzbekistan is carried out taking into account the special conditions of storage and processing established by Article 27¹ of the Personal Data Law (as amended by the Law of the Republic of Uzbekistan No. ZRU-1125 dated 26.03.2026).

Biometric and genetic personal data of individuals, as well as data of users of services of telecommunications operators of the Republic of Uzbekistan, in the event of their processing, are subject to mandatory storage on technical means physically located on the territory of the Republic of Uzbekistan and registered in the State Register of Personal Data Databases. The Operator does not process biometric and genetic data (see Section 1).

Other categories of personal data of citizens of the Republic of Uzbekistan may be processed and stored both on the territory of the Republic of Uzbekistan and outside it, subject to compliance with the conditions of cross-border transfer specified in Section 12 of this Policy.

12. INTERNATIONAL (CROSS-BORDER) TRANSFER OF DATA

Personal data may be transferred outside the Republic of Uzbekistan for the following purposes:

Ensuring the operation of the AI chat functionality (AI technology providers). The data entered by the user into the AI chat is transferred.
Authorization through OAuth providers (Google, GitHub, and others) — for user authentication.
Use of content delivery networks (CDN) — to ensure the performance of the Site (technical data is transferred).
Hosting of infrastructure and cloud hosting with foreign providers.

Cross-border transfer of personal data is carried out in accordance with Article 15 of the Personal Data Law (as amended by the Law of the Republic of Uzbekistan No. ZRU-1125 dated 26.03.2026), provided that at least one of the following conditions is met:

the foreign state that is the recipient of the data is recognized as ensuring adequate protection of personal data;
the Operator has adopted and complies with standard contractual clauses or binding corporate rules (BCR) in accordance with the requirements of the authorized state body;
the Operator complies with international standards in the field of management and storage of personal data, the list of which is approved by the authorized state body.

In cases not covered by the specified conditions, cross-border transfer is carried out on the basis of separate consent of the personal data subject.

We recommend not placing confidential or excessive personal data in the AI chat unless necessary.

13. REGISTRATION OF THE PERSONAL DATA DATABASE IN THE STATE REGISTER

In accordance with Article 20 of the Personal Data Law and the Regulation on the State Register of Personal Data Databases (approved by Resolution of the Cabinet of Ministers of the Republic of Uzbekistan No. 71 dated 08.02.2020), the Operator ensures the registration of the personal data database of users in the State Register of Personal Data Databases, which is maintained by the authorized state body — the State Personalization Center under the Cabinet of Ministers of the Republic of Uzbekistan.

Registration is carried out through the Unified Portal of Interactive State Services (my.gov.uz, service No. 1135) with authorization through id.gov.uz. The registration number of the Operator's record in the State Register of Personal Data Databases: registration in progress.

14. SECURITY INCIDENTS

In the event of the detection of a leak, unauthorized access, or other security incident related to personal data, the Operator:

Notifies the authorized state body — the State Inspectorate for Control in the Sphere of Informatization and Telecommunications ("Uzkomnazorat") and/or the State Personalization Center — in the manner and within the periods established by the legislation of the Republic of Uzbekistan on personal data.
Takes measures to minimize the consequences of the incident.
Notifies affected Users if there is a significant risk to their rights and legitimate interests.

15. CHILDREN

Our Services are not intended for persons under the age of 18. Full civil legal capacity arises at the age of 18 (Article 22 of the Civil Code of the Republic of Uzbekistan). We do not knowingly collect personal information from minors without the consent of their legal representatives. If we learn that we have collected personal information from a person under the age of 18 without a proper legal ground, we will take steps to delete such information.

16. CHANGES TO THE PRIVACY POLICY

We may update this Policy from time to time. We will notify Users of significant changes by email and/or by posting the updated Policy on the Site with an update of the "Last updated" date.

17. CONTACTS AND DETAILS OF THE OPERATOR

For questions regarding the processing of personal data, the exercise of the subject's rights, or filing complaints, please contact:

Owner and/or operator of the personal data database: ООО «QAVENTO SYSTEM»
Service trade name: Omlen
STIR (TIN): 313106144
Bank: ТОШКЕНТ Ш., «КАПИТАЛБАНК» АТ БАНКИНИНГ ЯГОНА ФИЛИАЛИ
MFO: 01158
Settlement account: 20208000607485524001 (UZS)
Address: город Ташкент, Шайхантахурский район, Labzak MFY, Labzak ko'chasi, 64а-uy
Email: support@omlen.site
Website: omlen.site
Authorized state body: State Personalization Center under the Cabinet of Ministers of the Republic of Uzbekistan; State Inspectorate for Control in the Sphere of Informatization and Telecommunications ("Uzkomnazorat") — uzkomnazorat.uz