Privacy Policy EN

PRIVACY POLICY

Publication Date: November 12, 2025

Welcome to the Insona Service, owned by the private company Insona Solutions Ltd. (hereinafter referred to as the "Company" or the "Rights Holder"). We are committed to protecting your personal data and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with our platform or any other digital services (collectively referred to as the "Services"). To process your data, we require your explicit consent in accordance with the Law of the Republic of Kazakhstan dated May 21, 2013, No. 94-V "On Personal Data and Its Protection" (hereinafter referred to as the "Law"), as well as other regulatory legal acts, including international agreements. By registering with the Insona Service (on the Service website insona.kz or in the Company’s application) or performing any other actions in accordance with the Company’s Terms of Use, you provide your consent to the collection and processing of your personal data for the purpose of receiving the Insona Service.

This Policy applies to all personal data collected and processed through our Insona Service, including through the use of our integrated digital solutions designed for personalized user interaction and secure data management.

In addition to this Privacy Policy, your use of the Service is governed by the Terms of Use, available at: https://insona.kz/terms-conditions

We fully comply with the provisions of the Law of the Republic of Kazakhstan dated May 21, 2013, No. 94-V "On Personal Data and Its Protection", as well as the General Data Protection Regulation of the European Union (GDPR), ensuring transparency, accountability, and security in the processing of your personal data. By accessing or using the Insona Service, you acknowledge and agree to this Privacy Policy.

Our commitments include:
• Protecting your data through robust technical and organizational measures.
• Explaining your rights regarding personal data and how to exercise them.
• Ensuring that any processing of your data is lawful, fair, and transparent.

If you do not agree with the terms of this Privacy Policy, please refrain from accessing and using the Insona Service. If you have any questions or require clarification, you may contact us using the information provided in the "Contact Us" section.

1. DEFINITIONS
• Personal Data: any information relating to an identified or identifiable natural person.
• Processing: any operation performed on personal data, such as collection, storage, use, disclosure, and deletion.
• Data Subject: a natural person whose personal data is being processed.
• Data Controller: the entity that determines the purposes and means of processing personal data.
• Data Processor: the entity that processes personal data on behalf of the Data Controller.
• Data Transfer: any provision, disclosure, transmission, access, or other movement of personal data to a third party or to another jurisdiction, including cross-border transfers, carried out in accordance with applicable data protection laws.

2. DATA COLLECTION
We collect and process personal data to provide and improve our Services, comply with legal requirements, and pursue our legitimate business interests. This includes information you provide directly, data collected automatically, and information obtained from third parties. Below we describe the types of data we collect and the methods used:
Categories of Personal Data We Collect:
1.Identity Data: name, email address, phone number, postal address, and other identifiers necessary to provide our Services.
2.Technical Data: IP address, browser type, device information, operating system details, and other diagnostic data.
3.Usage Data: information about how you interact with our Services, including pages visited, time spent, navigation paths, and actions taken.
4.Communication Data: messages sent through contact forms, email, or other communication channels.
5.Payment Data (if applicable): billing address, payment method details, and transaction history.
6.Behavioral Data: information collected through cookies, web beacons, and similar technologies to understand user preferences and enhance the user experience.
How We Collect Data:
• Direct Input: when you provide information while registering an account, submitting forms, or making customer support inquiries.
• Automated Technologies: through cookies, server logs, tracking pixels, and analytics tools when using the Insona Service or applications. We automatically collect and store certain types of information about your use of the Insona Service, including information about your interaction with products, content, and services available through the Insona Service. Like many online resources, we use cookies and other unique identifiers, and we receive certain types of information when your web browser or device accesses our Services and other content provided by or on behalf of other websites.
• Third Parties: from affiliates, service providers, or publicly available sources, including social media platforms, to better understand user needs.
Information Collection via Digital Platforms:
• Detailed logs of user activity, including file uploads, settings, and user preferences.
Use of Cookies and Similar Technologies:
We use cookies, pixel tags, and local storage to:
• Recognize returning users and personalize their experience.
• Analyze the performance of the Insona Service and improve our Services.
• Deliver targeted advertising and measure its effectiveness.
We do not intentionally collect sensitive personal data, such as health or medical information, except where explicitly required and with your express consent.

3. SUBSCRIPTIONS AND PAYMENTS
The Insona Service may offer an optional paid subscription (hereinafter referred to as the "Subscription") that provides access to extended application functionality.
Payment and Payment Processing
Subscription payments are processed through the Apple App Store and Google Play application stores. We do not receive or store users’ full bank card details. Payment processing is carried out by the respective platforms in accordance with their terms, rules, and privacy policies.
Data We May Receive from Platforms
To confirm subscription status and grant access to features, we may receive limited subscription-related information from the App Store or Google Play, such as subscription status (active or inactive), subscription type or plan, country or currency, start and end dates, and technical transaction identifiers, excluding bank card data.
Subscription Cancellation
Subscription management and cancellation are performed by the user in the Apple ID or App Store settings for iOS, or in Google Play for Android. After cancellation, the subscription remains active until the end of the paid billing period.
More About Subscription Terms
The full terms of use of the Service, including information on available subscription plans, their prices, and cancellation rules, are published in the Terms of Use: https://insona.kz/terms-conditions

4. LEGAL BASIS FOR PROCESSING
We process your personal data on the following lawful bases:
1.Consent: consent is obtained through acceptance, expressed by completing registration on the Insona Service web resource and creating an account.
2.Contractual Necessity: to perform a contract with you or to take steps at your request prior to entering into a contract.
3.Legal Obligation: to comply with a statutory or legal obligation.
4.Legitimate Interests: for our legitimate interests, provided that your rights and interests do not override those interests.

5. PURPOSES OF PROCESSING
We use your personal data for the following purposes:
• To provide and maintain our Services.
• To manage your account and provide customer support.
• To communicate with you, including responding to inquiries.
• To analyze usage and improve the Insona Service and related services.
• To comply with legal obligations and protect our rights.

6. DATA SHARING AND INTERNATIONAL TRANSFERS
As part of providing our Services, your personal data may be transferred to, stored, and processed in countries outside the Republic of Kazakhstan. Data protection laws in these countries may differ from the laws of your jurisdiction. However, we are committed to ensuring that your personal data remains secure and is processed in accordance with this Privacy Policy and applicable data protection regulations.
Circumstances of International Transfers:
1.Service Providers: we may engage third-party service providers located in various countries to perform tasks such as hosting, analytics, payment processing, or customer support.
2.Affiliates and Partners: personal data may be shared with our subsidiaries worldwide, affiliates, or trusted partners to support our business operations.
3.Legal Obligations: in certain cases, we may be required to transfer data in accordance with legal or regulatory requirements of other jurisdictions.
If your personal data is transferred outside the Republic of Kazakhstan and/or EAEU member states and/or CIS member states, we will implement appropriate safeguards to protect your information, such as Standard Contractual Clauses (SCCs) or similar mechanisms.
Your personal data may be processed in the following regions:
• United States: hosting and analytics services provided by leading technology companies, including processing and storage by leading companies in the field of AI technology development, such as OpenAI.
• Republic of Kazakhstan: we ensure that such processing complies with applicable data protection standards, including the Law of the Republic of Kazakhstan "On Personal Data and Its Protection".
• EU Member States: processing of user data within the EU in accordance with the General Data Protection Regulation (GDPR).
• Other Regions: specific cases involving support services or global partnerships.

7. YOUR RIGHTS AND CHOICES
If your data is transferred internationally, you retain all rights under the Law of the Republic of Kazakhstan dated May 21, 2013, No. 94-V "On Personal Data and Its Protection" and the General Data Protection Regulation of the European Union (GDPR). You may request information regarding:
• The location of your data.
• The specific safeguards applied during the transfer.
• Copies of relevant contractual agreements, subject to confidentiality obligations.
We continuously review and update our data transfer practices to ensure compliance with evolving legal requirements and industry standards. For further information, please contact us using the contact details provided below.

8. DATA RETENTION
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

9. DATA SUBJECT RIGHTS
In accordance with this Privacy Policy, you have the following rights:
• Right of Access: to obtain confirmation as to whether your personal data is being processed and to access your data.
• Right to Rectification: to request correction of inaccurate or incomplete data.
• Right to Erasure (Right to be Forgotten): to request deletion of your personal data under certain conditions.
• Right to Restriction: to request restriction of processing under certain circumstances.
• Right to Data Portability: to receive your personal data in a structured, commonly used format and transmit it to another controller.
• Right to Object: to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise these rights, please contact us at the following email address: support@insona.kz.

10. STATEMENT OF CONSENT
By consenting to the collection and processing of personal data through the actions established in this Privacy Policy or the Terms of Use, you confirm that:
• This consent applies to all relationships with the Company, including those already existing and/or arising at the time this consent is provided, as well as any other relationships that may arise in the future. It remains valid both during the period of your activity as the Data Subject under contracts, agreements, and other forms of transactions concluded with the Company, and after the termination of such activity for the periods established by the legislation of the Republic of Kazakhstan, as necessary for the proper performance by the Company of the rights and obligations imposed on it by the legislation of the Republic of Kazakhstan.
• By this consent, the Company is granted the right to independently determine the conditions for third-party access to Personal Data, as well as to distribute Personal Data in publicly available sources of Personal Data.
• The collection, processing, and cross-border transfer of Personal Data by the Company do not require notification and/or your additional consent as the Data Subject, except for the consent specified in this document.
• This consent may be provided to third parties, including state authorities of the Republic of Kazakhstan, as evidence that the Company has the necessary authority to collect, process, and transfer your Personal Data across borders.
• If the relevant contract or contracts, or other transactions concluded between you as the Data Subject and the Company, provide or will provide for the transfer by the Company of your Personal Data through open communication channels, you acknowledge the risk of unauthorized receipt of such data by third parties and assume such risk.
• You have read and understood the Company’s Privacy Policy and the Company’s Terms of Use, which establish the scope and procedure for the collection and processing of Personal Data, and you agree to such procedure.
• You will have no future claims against the Company regarding the collection, processing, and cross-border transfer of your Personal Data, provided that the Company complies with the requirements of the Law and/or the conditions specified in this consent.

11. DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

12. COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar tracking technologies to improve your experience on our Platform. For detailed information, please review our Cookie Policy.

13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Publication Date" or indicating the "Last Updated" date.

14. CONTACT US
If you have any questions or concerns regarding this Privacy Policy or our data processing practices, please contact us:
• Email: support@insona.kz