Panoqor
Home/Legal Documents
Privacy PolicyTerms of UsePersonal Data Consent

Privacy Policy

This document explains what data Panoqor collects, why it uses that data, who may receive it, and how data subjects can exercise their rights.

Operator

ИП Keremet Labs

IIN

820707300847

Address

Казахстан, г. Астана, ул. Бокейхана, 11/1

Email

[email protected]

Phone

+77769703501

Effective date

April 7, 2026

This Privacy Policy governs the processing of personal data by Individual Entrepreneur Keremet Labs when users access the Panoqor website, web application, and related services.

The Policy has been prepared with due regard to the laws of the Republic of Kazakhstan, including the Law of the Republic of Kazakhstan On Personal Data and Their Protection. If the parties have entered into a separate agreement for a specific service, that agreement prevails for matters not expressly covered by this Policy.

1. Who this Policy applies to

This Policy applies to registered users of the platform, organization representatives, team members, persons whose data is lawfully uploaded by a user into the service, and visitors to public 3D tour pages.

2. What data we may collect

  • registration and account data, such as name, email address, login credentials, and technical attributes related to authentication;
  • profile and organization data, including organization name, user role, team composition, and service identifiers;
  • content uploaded to the service, such as property and tour names, descriptions, addresses, capture metadata, images, viewer files, and public links;
  • billing and contracting information, including payment amount and date, payment type and method, legal entity name, BIN, contract number, invoice number, and payment comments;
  • technical data and usage logs, such as IP address in shortened or hashed form, user-agent string, cookie identifiers, request timestamps, error data, and security events;
  • data from public tour visitors that is necessary for basic view analytics and abuse prevention.

3. Why we use personal data

  • to create user accounts, authenticate users, and maintain active sessions;
  • to provide access to platform features and to store or publish 3D tours;
  • to run client-facing and administrative operations, including manual payment logging and subscription management;
  • to respond to user requests and send operational or security-related communications;
  • to keep the service stable and to prevent fraud, spam, excessive traffic, and other abuse;
  • to produce aggregated view statistics, improve the product, and support internal reporting;
  • to comply with legal, accounting, and rights-protection obligations.

4. Cookies, local storage, and analytics

Panoqor uses technically necessary cookies and browser local storage. They help preserve the interface language, the currently selected organization in the workspace, browser-based authentication state, and basic public-tour view analytics.

  • the `panoqor_vid` cookie is used to recognize repeat views of a public tour and may remain active for up to 12 months;
  • browser local storage may contain information about the current session, selected organization, and interface language;
  • when a public tour is viewed, the service may process a visitor ID hash, IP address hash, and user-agent string for view counting and abuse limitation purposes.

5. Legal grounds for processing

We process personal data where one or more lawful grounds exist: the data subject has given consent, processing is necessary for entering into or performing a contract, processing is required by law, or processing is needed to protect the lawful rights and interests of the operator and users to the extent permitted by the laws of the Republic of Kazakhstan.

6. Sharing data with third parties

The operator does not sell personal data. Data may be shared only to the extent necessary to operate the service, perform contractual obligations, or comply with legal requirements.

  • with providers of cloud infrastructure, hosting, file storage, and authentication;
  • with contractors that help develop, maintain, support, or administer the service;
  • with banks, accountants, auditors, and other counterparties where payment processing or payment confirmation requires it;
  • with state authorities and other authorized parties where disclosure is expressly required by law.

7. Retention, security, and deletion

We implement reasonable organizational and technical safeguards to protect data against loss, unauthorized access, alteration, or disclosure. Access is limited to persons who need the data to perform their work.

  • account and profile data is retained while the account remains active or as long as service delivery reasonably requires it;
  • organization content is stored until it is deleted by the user, the service relationship ends, or retention periods under an agreement or internal rules expire;
  • payment and accounting records may be stored for longer periods where the laws of the Republic of Kazakhstan require it;
  • once processing purposes are achieved, data is deleted, anonymized, or archived to the extent permitted by law.

8. Rights of data subjects

  • to request information about the existence, scope, and methods of processing of their personal data;
  • to request correction, updating, or clarification of inaccurate data;
  • to withdraw consent where processing is based on consent;
  • to request blocking or deletion of data where permitted by law and where no overriding retention obligation applies;
  • to submit requests or complaints to the operator and to competent authorities in the Republic of Kazakhstan.

9. Contact details and policy updates

Questions about personal data processing may be sent to the operator at Kazakhstan, Astana, Bokeikhan Street 11/1, email: [email protected], phone: +77769703501. We may update this Policy if the law, infrastructure, or service functionality changes. The current version is published on this page together with its effective date.