MonkeyMachine — LEGAL CHANGELOG

We keep a log of changes to Terms/Privacy/Cookies/AUP/DPA/etc.

Format: [YYYY‑MM‑DD] Version X.Y — Summary of changes; Effective date [YYYY‑MM‑DD]; Notice sent via email + in‑app banner.

[2026‑03‑22] Privacy Policy v2.0 — Effective: 2026‑04‑21

• Section 5.1 (Meta Platform): Added all 8 prohibited data actions per Meta Platform Conditions (anti‑discrimination, anti‑eligibility, anti‑surveillance, anti‑reverse‑engineering, anti‑profiling, no data sales, no cross‑client sharing, no profiling without consent);
• Section 5.2 (WhatsApp): Expanded to cover opt‑in requirement, GDPR roles (Customer=Controller, Meta=Processor, MM=Sub‑Processor), VoIP‑only restriction, HIPAA prohibition, payment card data prohibition, cross‑client data isolation, 90‑day deletion on WABA disconnect;
• Restructured Russian locale (section 5) to mirror English structure.

[2026‑03‑22] Sub‑Processors v2.0 — Effective: 2026‑04‑21

• Added new Section 1 "Communication Platforms": Meta Platforms, Inc. (WhatsApp Business API, Facebook Messenger, Instagram Direct) and Telegram FZ‑LLC;
• All existing sections renumbered accordingly.

[2026‑03‑22] DPA v1.1 — Effective: 2026‑04‑21

• Section 1 (Roles): Added WhatsApp/Meta data processing chain (Customer→Meta→MM);
• Section 2 (Instructions): Added MGPT reference for WhatsApp data;
• Section 3 (Sub‑Processors): Added Meta cross‑reference.

[2026‑03‑22] AUP v1.1 — Effective: 2026‑04‑21

• Section 1: Added WhatsApp‑specific prohibitions (opt‑in, card numbers, cross‑client data, Commerce Policy, anti‑spam).

[2026‑03‑22] Security TOMs v1.1 — Effective: 2026‑04‑21

• Section 2: Added API credentials protection per Meta Platform Conditions §6.a.iv.

[2026‑03‑22] Sanctions v1.1 — Effective: 2026‑04‑21

• Added Section 4: WhatsApp‑specific restrictions (sanctioned parties, proxy prohibition, weapons prohibition).

[2026‑03‑22] Third‑Party v1.1 — Effective: 2026‑04‑21

• Added Section 3: Meta Platforms & WhatsApp — links to all applicable Meta/WhatsApp terms and policies.

[2026‑03‑22] Data Deletion — Effective: 2026‑04‑21

• Added WhatsApp data deletion section (90‑day process on WABA disconnect).

[2026‑03‑23] Terms of Use v1.1 — Effective: 2026‑04‑22

• Section 12: fully reworked — added: 12.4 (third-party integration disclaimer), 12.5 (Customer indemnification), 12.6 (Customer's responsibility as Data Controller);
• Expanded limitation of liability clauses (12.1–12.3).

[2026‑03‑23] Privacy Policy v2.1 — Effective: 2026‑04‑22

• Section 5: Added subsection 5.6 «CRM Systems and Business Automation Platforms» (YCLIENTS, amoCRM, RetailCRM);
• Section 6 (Product Data Matrix): Added «CRM Integrations» row.

[2026‑03‑23] Sub‑Processors v2.1 — Effective: 2026‑04‑22

• Added Section 8 «CRM and Business Automation Systems»: YCLIENTS, amoCRM, RetailCRM with legal details;
• «Notice of Changes» renumbered to Section 9.

[2026‑03‑23] DPA v1.2 — Effective: 2026‑04‑22

• Section 1 (Roles): Added CRM integration data processing chain (Customer→CRM System→MonkeyMachine).

[2026‑03‑23] RF Personal Data Policy v2.0 — Effective: 2026‑04‑22

• Complete rewrite: expanded from 10 to 13 sections per Art. 18.1 of Federal Law No. 152-FZ;
• Added: processing purpose table with legal bases, detailed PD composition, cross-border transfer countries, retention periods, security measures, Art. 22(2) notification exemption rationale, processing-on-instruction section.

[2025‑11‑02] Initial publication v1.0 — All documents.