Ilya Kazakov
Sign in

Privacy Policy

Last updated: June 2026.

This Privacy Policy explains how we collect, use and protect your personal data when you use ilyakazakov.com, in accordance with the EU General Data Protection Regulation (GDPR) and French data-protection law.

1. Data controller

Ilya Kazakov, individual entrepreneur, 26 rue Bosquet, CS 70784, 75345 Paris Cedex 07, France. SIRET 97958462000012. Contact: mail@ilyakazakov.com. No Data Protection Officer is appointed, which is not mandatory for an operation of this size.

2. What data we collect

You provide directly: email address; username and optionally an avatar, short description and social handles (X, Instagram); character details and any reference images or descriptions you submit for a commissioned-art request; optionally a connected Ethereum wallet address and/or Discord account.

Collected automatically: technical data (IP address, browser/device, security signals via Cloudflare Turnstile); usage and gamification data (XP, points, badges, streaks, referrals) via privacy-friendly self-hosted analytics (Umami); a small number of cookies / local-storage entries.

From third parties: payment and billing data via Stripe (we never see or store your full card number); public blockchain data linked to a wallet you connect (via Alchemy/OpenSea).

We do not intentionally collect sensitive data, and the site is not directed at children under 15.

3. Why we use your data and our legal bases

  • Create and operate your account and provide the site — performance of a contract.

  • Process subscriptions, point purchases, donations and commissioned art — performance of a contract.

  • Issue invoices and keep accounting records — legal obligation.

  • Security, fraud/abuse prevention and rate limiting — legitimate interest.

  • Aggregated, privacy-friendly analytics — legitimate interest.

  • Service emails (sign-in links, account notices) — performance of a contract.

  • Optional features you enable (wallet, Discord, social links) — your consent.

4. Who we share data with

We use the following processors under appropriate agreements: Stripe (payments, invoicing, tax), Resend (transactional emails), Cloudflare (Turnstile bot protection), DigitalOcean (hosting and file storage), Discord (only if you connect your account), Sentry (error monitoring), and Umami (self-hosted analytics). We do not sell your personal data, and only disclose it to authorities where legally required.

5. International transfers

Some providers may process data outside the European Economic Area. Where they do, transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision.

6. How long we keep your data

  • Account data: while your account is active, then deleted or anonymised shortly after account deletion.

  • Invoices and accounting records: retained for 10 years, as required by French law.

  • Security logs: kept for a limited period.

  • Sign-in links: expire within 15 minutes.

7. Your rights

You have the right to access, rectify, erase, restrict or object to the processing of your data, and to data portability and withdrawal of consent. You can delete your account directly in Profile → Settings, or contact us at mail@ilyakazakov.com. You may also lodge a complaint with the CNIL (www.cnil.fr).

8. Cookies

We use strictly necessary cookies (to keep you signed in and run security checks via Turnstile and Stripe) which do not require consent, and privacy-friendly analytics (Umami). Where any non-essential cookies are used, we will ask for your consent and you can change your choice at any time.

9. Changes

We may update this policy; material changes will be announced on the site.

10. Contact

mail@ilyakazakov.com