Document version: 1.1.0

End-User (License) Agreement (EULA) of Koinonia LLC

Parties and details

This End-User (License) Agreement (hereinafter — the "Agreement", the "EULA") is a public offer of ООО «Койнония» (hereinafter — the "Rightholder", the "Licensor", "Koinonia LLC") and defines the terms of use of the Koinonia software.

Rightholder / Licensor:

Full name
ООО «Койнония»
Short name
ООО «Койнония»
OGRN
1265000035035
INN
5029299826
KPP
502901001
Date of registration
18.05.2026 (Inter-District Inspectorate of the Federal Tax Service No. 23 for the Moscow Region)
Registered address
Московская область, г. Мытищи, ул. Юбилейная 4-336
Sole executive body
General Director Грушенков Роман Викторович
Email address for inquiries
support@koinonia.ru

User — a legally capable individual who uses the Platform (including by way of installing, launching, registering, or otherwise actually using it).

Workspace Owner — a User who has created a workspace (Workspace) for an organization or community and who administers it on behalf of the relevant organization (community).

The Platform's servers and databases are located within the territory of the Russian Federation. Cross-border transfer of personal data is not carried out.

1. Terms and definitions

1.1. Platform (Koinonia software) — the Koinonia corporate computer program, which is a suite of software tools for managing organizations and communities (workspaces, member records, ministries, donations) with built-in communication tools within workspaces, including client applications and the server side, as well as accompanying materials and updates.

1.2. Operator — a person who, independently or jointly with other persons, organizes and (or) carries out the processing of personal data, and who determines the purposes, the scope, and the actions for such processing. Within the Platform, the operator of the data of workspace members is the organization (community) — the Workspace Owner; the operator of the narrow "passport" layer is Koinonia LLC.

1.3. Processor (a person carrying out processing on instructions) — a person who carries out the processing of personal data on the instructions of the operator under a contract. With respect to the content of workspaces, such a person is Koinonia LLC.

1.4. Data subject — an individual to whom the personal data relates.

1.5. Passport account — the minimal account identity of a User on the Platform, comprising a phone number, first name, last name, username (username), and, where necessary, an email address and an avatar, as well as technical data. A passport account does not contain information about religious beliefs, membership (participation) in a religious community, or correspondence.

1.6. Workspace — an isolated workspace of an organization or community within which the management of members' data and communication among them are carried out.

1.7. Document templates — samples (forms) of legal documents (policies, consents, notices, etc.) provided as part of the Platform's functionality and intended for independent selection, completion, and editing by the Workspace Owner.

1.8. Data Processing Agreement (DPA) — the "Data Processing Agreement (DPA) of Koinonia LLC", concluded between the Workspace Owner (operator) and Koinonia LLC (processor) and forming an integral part of this Agreement.

1.9. Personal Data Processing Policy — the "Personal Data Processing Policy of Koinonia LLC" (hereinafter also — the "Personal Data Processing Policy"), located at /legal/privacy.

1.10. Consent in favor of Koinonia LLC — the "Consent to the processing of personal data (passport account) in favor of Koinonia LLC", executed by the data subject through a separate, non-pre-checked acceptance mark in accordance with Part 4 of Article 9 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data".

Other terms are used in the meanings established by the legislation of the Russian Federation, including by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" (hereinafter — "152-FZ") and Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies, and the Protection of Information" (hereinafter — "149-FZ").

2. Subject matter of the Agreement. License

2.1. The Rightholder grants the User, on the terms of a simple (non-exclusive) license, the right to use the Koinonia Platform within the limits of its functional capabilities, by methods conditioned by its purpose, for the term and on the terms established by this Agreement.

2.2. The right of use is granted within the territory of the Russian Federation and other territories where the use of the Platform is technically possible and does not contradict applicable law.

2.3. This Agreement is not an agreement for the alienation of an exclusive right. The exclusive right to the Platform, its components, trademarks, design elements, and other results of intellectual activity belongs to the Rightholder and (or) its licensors.

2.4. The User may not modify, decompile, or disassemble the Platform, circumvent technical protection measures, or transfer the granted right of use to third parties, except in cases expressly provided for by the legislation of the Russian Federation.

2.5. The terms for the provision of paid (premium) functions of an organization workspace, the procedure for their payment, and pricing are determined by separate documents of the Rightholder and the rules applicable to them. Basic functions of the Platform, as well as certain functions, including Document templates, may be provided free of charge.

3. Acceptance. Conclusion of the Agreement

3.1. This Agreement is an offer within the meaning of Article 437 of the Civil Code of the Russian Federation.

3.2. Acceptance of the offer (full and unconditional acceptance of the terms of the Agreement) is deemed to be any of the following actions by the User: placing the relevant non-pre-checked mark upon registration, installing, launching, or otherwise actually using the Platform (implicative actions within the meaning of paragraph 3 of Article 438 of the Civil Code of the Russian Federation). When the User goes through the registration screen, the proper method of acceptance is the placing of a separate non-pre-checked mark (clause 3.3). Implicative acceptance by way of installing, launching, or otherwise actually using the Platform applies as a fallback basis for concluding the Agreement for persons who use the Platform without going through the registration screen, and it does not cancel the requirement to place a separate non-pre-checked mark at the registration stage.

3.3. Acceptance of this Agreement and of the Personal Data Processing Policy is executed by a non-pre-checked mark separate from other consents. The data subject's consent to the processing of personal data is executed by a separate act and is not combined in a single mark with the acceptance of this Agreement or other offers (the requirement for separate and non-pre-checked expression of consent, effective from 01.09.2025 (Federal Law No. 156-FZ)). The performance of acts of acceptance of this Agreement does not, in itself, constitute consent to the processing of personal data.

3.4. If the User does not agree with the terms of the Agreement, the User must refrain from using the Platform.

4. Passport account. Closed communication perimeter

4.1. Registration on the Platform creates for the User a passport account — a minimal account identity without communication capabilities.

4.2. A passport account does not, in itself, grant the User the right to initiate correspondence with arbitrary persons, to perform a global search of users, to send messages to an unlimited circle of persons, or to create public communities for an unlimited circle of persons.

4.3. The Platform's communication functions (chats, channels, message exchange, contacts, member search, etc.) are provided to the User solely within the workspace (Workspace) in which the User has (or in which there arises as a result of an inquiry) an active membership (participation), including guest membership. Communication is carried out within the closed perimeter of the relevant workspace. The arising of membership as a result of an inquiry refers, in particular, to the case of a User's inquiry to a contact person of an organization through its public storefront (organization page): such an inquiry creates for the User a guest membership in the relevant workspace at the moment of the inquiry, and further communication is carried out within that workspace.

4.4. The Platform is not a public communication venue and is not intended for the organization of the public dissemination of information to an unlimited circle of persons. The absence of open public registration with the right to unlimited correspondence, of a global search without the user's explicit consent, and of public communities for an unlimited circle of persons is a deliberate element of the Platform's architecture. The public storefront (page) of an organization, provided for by the Platform's functionality, does not form a public communication venue and serves solely for the User's inquiry to a contact person of the organization under the procedure of clause 4.3.

4.5. The Platform provides encryption of data at rest (at-rest, AES-256), a secure connection (TLS), and access control at the organization level. The server has technical access to the content in decrypted form to the extent necessary for the functioning of the Platform and the performance of the operator's instructions; the said measures are a technical protection of the infrastructure and do not provide end-to-end encryption of the content.

5. Processing of personal data. Processor on instructions

5.1. Passport layer (Koinonia LLC as operator). With respect to passport account data (clause 1.5 of the Agreement), Koinonia LLC acts as an independent operator and processes such data on the terms of the Personal Data Processing Policy and provided that there is a separate Consent in favor of Koinonia LLC, executed in accordance with Part 4 of Article 9 of Federal Law No. 152-FZ and accepted by a separate non-pre-checked mark (clause 3.3 of the Agreement).

5.2. Content of workspaces (Koinonia LLC as processor). When the User uses workspace (Workspace) functions, Koinonia LLC processes the personal data of members and other content of the workspace solely on the instructions of the Workspace Owner — the operator and only for the purposes, in the scope, and to the extent of actions determined by the operator in the Data Processing Agreement (DPA).

5.3. The DPA as an integral part of the Agreement. The Data Processing Agreement (DPA) is an integral part of this Agreement. The terms of processing on instructions, the list of data processed, the purposes and actions, the requirements for ensuring security, and the procedure for interaction between the parties are established in the Data Processing Agreement (DPA) and in the Personal Data Processing Policy.

5.4. Explicit acceptance of the DPA by the operator. The use of workspace functions related to the processing of personal data of members is permitted only after the explicit acceptance of the Data Processing Agreement (DPA) by an authorized person of the Workspace Owner. By accepting the DPA, the operator independently determines the list of personal data, the purposes, and the scope of actions for their processing (Part 3 of Article 6 of Federal Law No. 152-FZ). Prior to the explicit acceptance of the DPA by an authorized person, the corresponding member data processing functions are not activated. The processor does not determine the purposes and the scope of the data processed and is not obliged to independently obtain the consents of subjects to the processing of data on instructions; at the same time, the processor is obliged to comply with the requirements established by law for the security of the data processed (Part 3 of Article 6 of Federal Law No. 152-FZ).

5.5. Allocation of liability toward subjects. The operator (Workspace Owner) bears liability toward data subjects for its own actions and for the actions of the processor carried out on its instructions (Part 5 of Article 6 of Federal Law No. 152-FZ of 27.07.2006). The processor bears liability toward the operator within the limits established by the Data Processing Agreement (DPA) and the legislation of the Russian Federation.

5.6. Information about religious beliefs and membership (special category). Information about a person's membership (participation) in a religious community, as well as information about their religious beliefs, belongs to the special category of personal data (Article 10 of Federal Law No. 152-FZ). The legal grounds for processing such information are determined by the operator (Workspace Owner) in the Data Processing Agreement (DPA) and in the relevant consents of subjects, with the following basic distinction applying (for operators that are religious associations):

5.6.1. a religious organization whose information is entered into the unified state register of legal entities (which has an OGRN) is entitled to process information about the religious beliefs of its members (participants) in accordance with its founding documents on the basis of paragraph 5 of Part 2 of Article 10 of Federal Law No. 152-FZ provided that such information is not disseminated and is not disclosed to third parties without the written consent of the data subjects;

5.6.2. a religious group that has no charter and (or) is not registered as a legal entity may not rely on the said ground; the processing of information about the religious beliefs (membership, participation) of its participants is permitted only where there is the separate written consent of each subject to the processing of the special category of personal data;

5.6.3. the disclosure of information about membership (participation) or of information identifying the heads and leaders of a religious organization (community) to an unlimited circle of persons or to other third parties (including through a public storefront, catalog, or other public resources) constitutes the dissemination of a special category of personal data and is permitted solely where there is the separate written consent of the subject to the dissemination, executed in accordance with Article 10.1 of Federal Law No. 152-FZ.

The detailing of the legal grounds, the condition of non-dissemination, the procedure for obtaining separate written consents (including consent to the processing of the special category of personal data and consent to dissemination), and the allocation of roles are enshrined in the Data Processing Agreement (DPA) and in the Personal Data Processing Policy. The Workspace Owner is obliged to make known to the processor the structure of legal grounds for processing the special category of personal data that it has chosen and that is necessary for the proper performance of the instructions.

5.7. A detailed description of the scope of the data processed, the purposes, the periods, and the protective measures implemented is set out in the Personal Data Processing Policy and in the Data Processing Agreement (DPA).

6. Document templates: terms of provision and allocation of liability

6.1. Templates as part of the "as is" functionality. Templates of legal documents are provided as part of the Platform's functionality "as is" and constitute samples (forms) for independent selection, completion, and editing by the Workspace Owner.

6.2. Templates do not constitute legal advice. The provision of templates does not constitute and may not be regarded as the rendering of legal services, legal advising, legal expert review, or a guarantee that the resulting document conforms to the requirements of legislation, to the actual circumstances, or to the needs of a particular organization. The Rightholder does not act as a consultant, representative, or attorney of the Workspace Owner.

6.3. Responsibility for content rests with the operator. The Workspace Owner independently determines which templates to use and is independently responsible for the content of the document text it has selected and (or) edited, including for its accuracy, completeness, currency, and conformity with the law, as well as for the legal consequences of its application toward data subjects and other third parties. This allocation of liability conforms to the mandatory requirements of personal data legislation, according to which the operator independently determines the list of personal data and the purposes of processing (Part 3 of Article 6 of Federal Law No. 152-FZ); the operator bears liability toward the data subject for the processing, including for the actions of the processor carried out on its instructions (Part 5 of Article 6 of the same Law).

6.4. The Rightholder's liability — only for technical defects of the engine. The Rightholder is responsible solely for technical defects of the software mechanism for working with templates (hereinafter — the "engine"), namely for the correctness of the rendering (display and generation) of the document, of versioning, and of the storage of generated documents. The Rightholder is not responsible for the choice of template, its content, the changes made by the Workspace Owner, and for the conformity of the resulting document with the requirements of law and the actual circumstances.

6.5. Limitation of liability. The Rightholder's liability for the technical defects of the engine specified in clause 6.4 is in all cases limited to an aggregate amount not exceeding the greater of the following amounts: (a) the amount of the fee actually paid by the relevant Workspace Owner to the Rightholder for the use of paid functions of the Platform over a period of three (3) months preceding the event giving rise to liability, or (b) a fixed minimum amount of 10,000 (ten thousand) rubles. The application of option (b) ensures the existence of a non-zero limit of liability, including in cases where the relevant functions (including Document templates) were provided to the Workspace Owner free of charge. A complete exclusion of the Rightholder's liability for the said technical defects is not established; this limitation applies subject to the mandatory provisions of Articles 400 and 401 of the Civil Code of the Russian Federation and does not extend to cases where the limitation of liability is not permitted by law (including in the case of intent).

7. The operator's obligation to notify Roskomnadzor

7.1. Each Workspace Owner acting as a personal data operator independently bears the obligation provided for by Article 22 of Federal Law No. 152-FZ to send to the authorized body for the protection of the rights of personal data subjects (Roskomnadzor) a notice of the intention to carry out the processing of personal data prior to the commencement of such processing.

7.2. The previously effective exemption from filing a notice in cases of the processing of personal data in accordance with the legislation on freedom of conscience and on religious associations (for operators that are religious associations; formerly — paragraph 2 of Part 2 of Article 22 of Federal Law No. 152-FZ) was repealed by Federal Law No. 266-FZ of 14.07.2022, effective 01.09.2022. The exemption provided for by paragraph 8 of Part 2 of Article 22 of Federal Law No. 152-FZ (the processing of personal data without the use of automation tools) is inapplicable to the processing of personal data in an information system (SaaS). Other exemptions that remain in the current wording of the law are, as a general rule, also inapplicable to the processing of the data of members in the Platform's workspace. Consequently, the obligation to file a notice extends to each organization-operator.

7.3. Koinonia LLC, acting as a processor on instructions, does not assume the obligation to file a notice with Roskomnadzor on behalf of the Workspace Owner and provides no guarantee that the operator will be exempted from this obligation. As part of the Platform's functionality, a template (form) of the draft of the relevant notice may be provided; such a template is provided on the terms of Section 6 of this Agreement and does not replace the operator's independent performance of its obligation.

7.4. The Workspace Owner independently ensures the performance of other obligations of the operator provided for by personal data legislation, including the localization of databases of citizens of the Russian Federation within the territory of the Russian Federation (Part 5 of Article 18 of Federal Law No. 152-FZ), the implementation of organizational and technical protective measures, the ensuring of the rights of subjects, and the notification of the authorized body of incidents within the periods established by law. Koinonia LLC, as processor, assists in the performance of these obligations within the limits established by the Data Processing Agreement (DPA).

8. Rules for using the Platform

8.1. The User undertakes:

8.1.1. not to place on the Platform and not to transmit through it materials that violate the legislation of the Russian Federation, the rights and legitimate interests of third parties, including exclusive rights and the right to a citizen's image (Article 152.1 of the Civil Code of the Russian Federation);

8.1.2. not to use the Platform for the mass distribution of messages to an unlimited circle of persons, spam, or other unwanted messages;

8.1.3. not to commit acts aimed at disrupting the operability of the Platform, circumventing its technical protection measures, or obtaining unauthorized access to the data of other users;

8.1.4. when religious organizations carry out missionary activity using materials — to ensure their marking and other requirements of the legislation on freedom of conscience and on religious associations; responsibility for compliance with the said requirements is borne by the relevant organization;

8.1.5. not to place on the Platform and not to transmit through it objectionable materials: insults, threats, harassment (bullying), defamation, discriminatory or pornographic materials, propaganda of violence and cruelty — and not to engage in abusive or otherwise bad-faith behavior towards other Users.

8.2. A zero-tolerance policy applies to objectionable materials and abusive behavior. The Rightholder is entitled, without prior notice, to restrict the display of (hide) such materials from other Users and to block the accounts of violators, up to and including terminating the violator's access to the Platform.

8.3. The Platform provides Users with a mechanism for reporting (flagging) materials of other Users and a mechanism for blocking other Users. The Rightholder reviews submitted reports and takes the measures provided for in clause 8.2 of this Agreement within 24 (twenty-four) hours of receiving the report.

8.4. The User is independently responsible for the content of the information it places and for the observance of the rights of third parties.

9. Liability of the parties. Disclaimer of warranties

9.1. The Platform is provided on an "as is" and "as available" basis. The Rightholder does not guarantee the uninterrupted and error-free operation of the Platform, its suitability for the User's particular purposes, or the conformity of the results of its use with the User's expectations, except for warranties expressly provided for by the legislation of the Russian Federation.

9.2. The Rightholder bears no liability for the content of messages, materials, and other data placed by Users and members of workspaces, or for the actions (inaction) of organizations (communities) — Workspace Owners acting as operators with respect to the data of their members.

9.3. The Rightholder is not responsible for the choice and content of document templates in the manner and subject to the limitations established by Section 6 of this Agreement.

9.4. The aggregate liability of the Rightholder under this Agreement is limited in the manner established by clause 6.5 of the Agreement and applies subject to the mandatory provisions of Articles 400 and 401 of the Civil Code of the Russian Federation. The provisions of this Section do not exclude or limit liability in cases where such exclusion or limitation is not permitted by law.

9.5. Messages sent through the Platform's communication tools are not subject to physical deletion before the periods established by the legislation of the Russian Federation. Upon deletion of a User's account, information identifying the sender in group communications is de-identified: the sender's name is replaced with the designation "Former participant", and the avatar is deleted. The content of the messages is thereby retained for the period and on the grounds provided for by Federal Law No. 374-FZ of 06.07.2016 and paragraph 7 of Part 1 of Article 6 of Federal Law No. 152-FZ (the processing of personal data necessary for the exercise of the rights and legitimate interests of other participants in the communication). The procedure for the deletion and de-identification of data is described in the Personal Data Processing Policy.

10. Distribution through app stores. Publisher and Rightholder

10.1. The Platform's client applications are distributed through app stores. The publisher (distributor) of the application in app stores (including the App Store and RuStore) is the partner organization (host organization) Shepherdstack LLC, acting solely as a technical publisher in the relevant store.

10.2. The publisher in an app store is not the rightholder of the Platform, an operator or processor of personal data, and does not determine the purposes and scope of the processing of personal data. The rightholder of the Platform, as well as the person acting as a processor on instructions and as the independent operator of the passport layer, is solely Koinonia LLC.

10.3. The information disclosed in the application listings in app stores must conform to this Agreement and the Personal Data Processing Policy. In the event of discrepancies, the Personal Data Processing Policy and this Agreement shall prevail.

11. Term, amendment of the Agreement, and termination of access

11.1. The Agreement enters into force from the moment of acceptance (Section 3) and remains in effect throughout the entire period of the User's use of the Platform.

11.2. The Rightholder is entitled to unilaterally make amendments to this Agreement. The current version is located at /legal/eula. The amendments enter into force from the moment of publication, unless a different period is specified in the version. Continued use of the Platform after the amendments enter into force constitutes their acceptance by the User. Amendments affecting the terms of the processing of personal data are made known to subjects in the manner established by legislation and the Personal Data Processing Policy.

11.3. The Rightholder is entitled to restrict or terminate the User's access to the Platform (in whole or in part) in the event of the User's violation of the terms of this Agreement or of the requirements of the legislation of the Russian Federation, as well as in other cases provided for by law.

11.4. The User is entitled at any time to cease using the Platform and to delete the account in the manner provided for by the functionality of the Platform and the Personal Data Processing Policy.

12. Final provisions

12.1. The law of the Russian Federation applies to this Agreement and to the relations of the parties.

12.2. Disputes arising out of this Agreement are subject to resolution in the manner established by the legislation of the Russian Federation, at the place of the Rightholder's location, unless otherwise provided by mandatory provisions of law.

12.3. Integral parts of this Agreement are: the Data Processing Agreement (DPA) and the Personal Data Processing Policy. With respect to the processing of personal data, the provisions of the said documents also apply; in the event of contradictions with respect to the processing of personal data, the Data Processing Agreement (DPA) and the Personal Data Processing Policy shall prevail.

12.4. The recognition of a separate provision of the Agreement as invalid or unenforceable does not entail the invalidity of the Agreement as a whole; such a provision is to be applied to the maximum extent permitted by law.

12.5. On all matters related to this Agreement and to the processing of personal data carried out by Koinonia LLC (the passport layer and the processing of workspace content on instructions), the User is entitled to contact Koinonia LLC at: support@koinonia.ru. On matters of the processing of a member's personal data by a particular organization (community) as operator, the User shall contact the relevant organization (operator) using the details specified in its Personal Data Processing Policy and in the listing of the organization in the Koinonia application.

Rightholder's details: ООО «Койнония», OGRN 1265000035035, INN 5029299826, KPP 502901001, address: Московская область, г. Мытищи, ул. Юбилейная 4-336. General Director Грушенков Роман Викторович.