Version dated 20 June 2026

This Policy explains what personal data is collected when you use https://mriya.run/ (the "Website"), why it is processed, who may receive it, how long it is retained and what rights users have.

It applies to Website visitors, registered users, purchasers of MriyaRun goods, digital content and services, and persons contacting customer support.

1. DATA CONTROLLER

1.1. The controller responsible for personal data processed through the Website and in connection with Orders is:

Individual Entrepreneur Artem Dmytrovych Telushko

Ukrainian taxpayer registration number: 3908614131

Correspondence address: 9 Kyivska Street, Zhytomyr, Zhytomyr Region, 10014, Ukraine

Email: info@mriya.run

Telephone: +380 67 581 60 90

referred to as the "Controller", "we", "us" or "MriyaRun".

1.2. Personal data is processed in accordance with the laws of Ukraine On Protection of Personal Data, On Information and On Electronic Commerce, and other applicable Ukrainian legislation.

1.3. Certain Website functions, account registration and Orders require processing necessary to provide the relevant service or perform an agreement. Where separate consent is legally required, it will be requested separately.

2. DATA WE MAY COLLECT

2.1. Account data: name, email address, telephone number, username or other identifier, password in protected form or other authentication data, account settings and usage history.

2.2. Order data: Buyer and recipient details, contact information, city, Nova Poshta branch, parcel locker or delivery address, Order contents, value, status and history, payment and delivery method, and information required for a return, exchange or complaint.

2.3. Payment data. Card information is processed by WayForPay or another payment provider identified at checkout. MriyaRun does not receive or store the full card number, expiry date or CVV/CVC. We may receive the payment amount, date, status and transaction identifier.

2.4. User-provided data: web journal entries, answers, goals, habits, notes, results of interactions with online metaphorical card services and other content created by the user.

2.5. Communication data: emails, Website form submissions, social media or messenger communications, and attached files, photographs or videos.

2.6. Technical data: IP address, browser, device and operating system, language, time zone, approximate location, visit date and duration, pages viewed, referral source, Website actions, cookies, local storage, logs, error reports and security data.

2.7. Users should not provide another person's data without a lawful basis or enter information that is unnecessary for use of the service.

3. WEB JOURNAL DATA AND USER CONTENT

3.1. Journal entries may contain personal or sensitive information entered at the user's discretion. MriyaRun does not require users to disclose diagnoses, health information, political or religious beliefs, sex-life information, biometric data or genetic data.

3.2. Information voluntarily entered by a user is processed only to the extent required to operate the selected service, maintain security, create backups and provide technical support.

3.3. We do not use the content of private web journal entries for advertising profiling or personalised advertising.

3.4. Access to user content is restricted by technical and organisational controls. Authorised technical personnel may access it only where necessary for support, recovery, investigation of a security incident, compliance with a lawful request, or at the user's request.

4. LEGAL BASES

4.1. Data is processed on one or more of the following bases: entering into and performing an agreement; compliance with legal obligations; user consent where required; legitimate interests in operating and securing the Website, preventing fraud and protecting MriyaRun's rights, where those interests do not override the user's rights; and the establishment, exercise or defence of legal claims.

5. PURPOSES OF PROCESSING

5.1. Data may be used to create and secure accounts; provide the web journal, online metaphorical cards and other services; process payment, fulfil and deliver Orders; supply Digital Content and Services; issue payment documents and maintain accounting and tax records; process returns and refunds; provide support; send service messages; send marketing with separate consent; analyse and improve the Website; prevent fraud and unauthorised access; and comply with legal requirements.

6. COOKIES AND SIMILAR TECHNOLOGIES

6.1. Cookies are small files stored on a user's device.

6.2. The Website may use essential cookies for login, cart, checkout and security; functional cookies for preferences; analytics cookies to understand Website use; and advertising cookies to measure advertising effectiveness where such technologies are enabled.

6.3. Non-essential cookies are used after consent where legally required. Preferences may be changed through the cookie settings panel, where available, or through browser settings. Blocking essential cookies may affect Website functionality.

7. DATA RECIPIENTS

7.1. We do not sell users' personal data.

7.2. Data may be shared, only as necessary, with WayForPay, banks and other payment providers; Nova Poshta and other carriers; hosting, technical support, backup, cybersecurity, email, CRM and other IT providers; analytics and advertising services where enabled and permitted; accountants, auditors, lawyers and other advisers bound by confidentiality; public authorities, courts and law-enforcement bodies where required by law; and a successor in connection with a business transfer, subject to continued data protection.

7.3. Third-party providers process data under their own privacy policies and/or agreements with MriyaRun. We seek to use providers that apply appropriate safeguards.

8. INTERNATIONAL DATA TRANSFERS

8.1. Certain technology, analytics, email or cloud providers may process data on servers outside Ukraine. Such transfers are made only where a legal basis exists and with regard to applicable data protection requirements.

9. RETENTION

9.1. Personal data is retained only as long as necessary for the relevant purpose, performance of the agreement, legal compliance and protection of the parties' rights.

9.2. Account data is retained while the account is active and during the technical deletion period after closure. Journal entries and other user content are retained until deleted by the user, the account is deleted or the service ends, unless longer retention is required for recovery, security or legal compliance. Order and payment records are retained for statutory accounting and tax periods. Support communications are retained while a request is handled and as needed to protect the parties' rights. Marketing data is retained until consent is withdrawn. Technical and security logs are retained according to system settings and security needs.

9.3. At the end of the retention period, data is deleted, anonymised or restricted where continued retention is legally required.

10. DATA SECURITY

10.1. We use organisational and technical measures including access controls, authentication, backups, software updates and other safeguards appropriate to the nature of the data and processing risks.

10.2. Access is limited to persons who require it for their work and are required to maintain confidentiality.

10.3. No method of transmission or storage can guarantee absolute security. If an incident is identified, we take steps to limit its effects and fulfil applicable legal obligations.

10.4. Users are responsible for keeping passwords confidential and securing their devices. Suspected unauthorised access should be reported to info@mriya.run.

11. USER RIGHTS

11.1. Subject to Ukrainian law, users have the right to know the sources, location and purposes of processing; receive information about access conditions and recipients; access their data; request correction of inaccurate or outdated data; object to processing where provided by law; request amendment or deletion of unlawfully processed or inaccurate data; withdraw consent where processing relies on consent; unsubscribe from marketing; complain to the Ukrainian Parliament Commissioner for Human Rights or a court; and exercise other rights under Article 8 of the Law of Ukraine On Protection of Personal Data.

11.2. Requests should be sent to info@mriya.run and include the user's name, contact details, request and information allowing identification. We may request identity verification to prevent disclosure to another person.

11.3. Withdrawal of consent does not affect processing performed before withdrawal and does not stop processing required for an agreement or by law.

12. CHILDREN'S DATA

12.1. The Website is not intended for independent purchases by young children. Where a user lacks the required legal capacity, purchases and provision of data must involve a parent or legal representative.

12.2. If we become aware that a child's data was collected without an appropriate legal basis, we will take steps to delete it.

13. THIRD-PARTY RESOURCES

13.1. The Website may link to third-party websites, social networks, messengers or services. We do not control their data practices. Users should review the relevant third party's privacy policy before using it.

14. CHANGES TO THIS POLICY

14.1. We may update this Policy following changes to law, Website functions or processing activities.

14.2. A new version takes effect when published on the Website unless otherwise stated. The latest revision date appears at the beginning of the document.

15. CONTACT INFORMATION

15.1. For questions about processing, exercise of rights or a possible security incident, contact:

Individual Entrepreneur Artem Dmytrovych Telushko

Email: info@mriya.run

Telephone: +380 67 581 60 90

Correspondence address: 9 Kyivska Street, Zhytomyr, Zhytomyr Region, 10014, Ukraine