What must a privacy policy include under 152-FZ?

Required sections: operator data (TIN/OGRN, address, email), list of collected data, processing purposes, legal basis under Articles 6 and 9 of 152-FZ, retention periods, data subject rights under Article 14, and contact info. From 2025 — a Roskomnadzor notification section is also required.

What changed in 2025 for Russian privacy law?

Federal Law 420-FZ (effective May 30, 2025) significantly increased fines: up to 15 million RUB for data breaches, and turnover fines of 1–3% annual revenue (20–500 million RUB) for repeat violations. Notification to Roskomnadzor became mandatory for all data operators from May 30, 2025.

Privacy Policy Generator 2026 — Free, 152-FZ Compliant

Q: Can I use a privacy policy template?

Yes, but the template must be adapted for your website: real operator details, specific data types, and actual processing purposes. An unadapted template is a direct ground for Roskomnadzor sanctions. Our generator produces a personalized document from 7 answers.

Q: Is a separate cookie policy needed?

No — Russia has no dedicated cookie law. A cookie section within the privacy policy is sufficient, together with a cookie banner that blocks analytics and advertising scripts (Yandex Metrica, GA, VK Pixel) until user consent.

Your organisation / sole trader details

Company name / Full name (sole trader) *

Website URL *

Contact email *

TIN / Registration number (optional)

Legal address (optional)

* Required fields. Data is personalised into your document — stays in your browser only.

What type of website do you have?

Select all that apply.

What personal data do you collect?

Select everything collected via forms, registration, or orders.

Do you use analytics or advertising pixels?

Skip if none.

Do you use payment processors?

Skip if none.

Do you send newsletters or notifications?

Skip if none.

Do you share data with third parties?

CRM, hosting, delivery services, etc. Skip if none.

Copy the text and publish it on your website at:

Frequently Asked Questions

Do Russian websites need a privacy policy?

Yes. Under Federal Law 152-FZ, any website collecting personal data (name, email, phone, cookies) must publish a privacy policy. Fines for non-compliance: 6,000–60,000 RUB.

What changed in 2025?

FZ-420 (effective May 30, 2025) dramatically increased fines: up to 15 million RUB for data breaches; turnover fines of 1–3% revenue (20–500 million RUB) for repeat violations.

Notification to Roskomnadzor became mandatory for all data operators from May 30, 2025.

What should a privacy policy include under 152-FZ?

Required: operator details (TIN/OGRN, address, email), list of collected data, processing purposes, legal basis, retention periods, user rights, contact info. From 2025 — RKN notification section.

Can I use a privacy policy template?

Yes, but a template must be adapted for your website: real operator details, specific data types, and actual processing purposes. An unadapted template is a direct ground for Roskomnadzor sanctions. Our generator produces a personalized document from 7 answers.

Is a separate cookie policy needed?

No — a cookie section within the privacy policy is sufficient. However, a cookie banner is required: it should appear on first visit and block analytics until the user consents.

Is a privacy policy the same as terms of service?

No. A privacy policy describes how personal data is processed. Terms of service (user agreement, offer) regulate usage rules of the service. Both documents are required for full legal protection of the operator.

Where should I publish the privacy policy?

Recommended URL: /privacy/. A link must be accessible from the footer of every page. Publish as an HTML page (not PDF) so search engines can index it.

Free Privacy Policy Generator for Russian Websites — 2026

A privacy policy is a mandatory legal document for any website collecting user data in Russia. Our generator creates a personalised document based on 7 questions: you specify operator details, types of data collected, and services used — and receive a ready HTML document.

The document reflects requirements of 152-FZ as amended by FZ-420 dated 30.11.2024: new fines for data breaches, mandatory RKN notification, cross-border data transfer requirements. All data stays in your browser — Zero-PII principle.