Russian 152-FZ context for public status page subscribers
Russian B2B SaaS teams selling into the domestic market often ask: if our status page collects subscriber emails via Google sign-in, what does Federal Law 152-FZ on personal data mean for us?
This article is practical context for operators, not legal advice. Laws and interpretations change; your counsel and DPO decide what applies to your entity, data flows, and contracts.
StillOnline hosts public status pages at stillonline.tech with optional Subscribe with Google. You are the operator toward your customers; you must describe that flow in your privacy policy and vendor answers — we do not file 152-FZ paperwork on your behalf.
Quick answer
Under a typical setup, you (the SaaS vendor) remain the operator for subscriber emails you invite to your StillOnline page; StillOnline processes those sign-ins as your processor/host for the monitoring product. Public subscribe uses Google Identity — the page stores subscriber emails capped at 50 (Free), 100 (Pro), or 500 (Ultimate) per pricing. Document the flow in your RU privacy policy; this guide does not replace a lawyer. For RU buyer-facing URLs use /ru/s/{id} — Russian B2B status page.
What 152-FZ is (high level)
Federal Law No. 152-FZ (Russian Federation) regulates personal data processing — collection, storage, transfer, and destruction. Status page subscriber emails are personal data when they identify a person.
Common operator questions:
| Question | Practical framing (not legal advice) |
|---|---|
| Do subscriber emails count? | Yes — email tied to Google sign-in is personal data |
| Who is the operator? | Usually your company toward end customers / integrators |
| What about StillOnline? | Infrastructure for the status product — describe in DPA / vendor pack |
| Cross-border transfer? | Review if data leaves RF — counsel + your hosting choices |
Microsoft's guidance on Russia localization discusses how global vendors approach local regulatory context — useful background when you write security questionnaire answers, not a substitute for 152-FZ counsel.
StillOnline subscriber flow (technical)
- Customer opens
stillonline.tech/ru/s/{id}or/s/{id}. - Clicks Subscribe → Google OAuth.
- StillOnline stores subscriber email for incident update notifications when you publish posts.
- Owner alerts (Telegram bot, Slack, email) are a separate channel — subscribers vs owner.
Subscribers do not receive automatic emails on every probe failure — only on incident posts you write. That reduces noise and limits processing to opted-in addresses.
Operator checklist (non-legal)
Work with counsel; use this as engineering prep:
- Privacy policy (RU) — mention status page subscribe, Google auth, purpose (incident comms), retention, contact.
- Security / vendor questionnaire — link public status URL; describe subscriber auth in one paragraph — B2B trust.
- Contract annex — paste
https://stillonline.tech/ru/s/{id}for RU buyers (RU B2B guide). - Minimize data — do not ask for extra PII on the status page; StillOnline does not need passport numbers for subscribe.
- Incident content — avoid personal data in incident bodies you type.
Hosted page vs rolling your own
Indie teams compare building a subscribe form on their marketing site vs using StillOnline (alternatives for indie). A hosted page centralizes uptime history + subscribe in one URL buyers already expect — you still own policy text and operator disclosures.
StillOnline does not offer status.yourbrand.ru — transparency lives on stillonline.tech, same as public status page guide. Your brand appears in incident text you write, not in the hostname.
GDPR vs 152-FZ (context only)
EU GDPR and RU 152-FZ both care about lawful basis, notice, and subprocessors — details differ. If you sell both EU and RU, one English privacy policy plus RU appendix is common; align subscriber description in both. Cross-border rules are counsel territory — we do not map Article 44 equivalents here.
Related guides
- Status page for Russian B2B SaaS
- Status page alternatives for indie SaaS
- Public status page for SaaS
- B2B status page trust
FAQ
Who processes email addresses when customers subscribe on a StillOnline status page?
Customers opt in on your public StillOnline page via Google sign-in. You disclose that flow as operator in your privacy materials; StillOnline provides the hosted status and notification mechanics — subscribers vs owner.
Do StillOnline owner Telegram alerts involve the same data as public subscribers?
No. Owner alerts use your linked Telegram account in settings and fire on probe DOWN — separate from Google subscribe on the public page (Telegram guide).
Which StillOnline URL should we put in a Russian vendor security form?
Use https://stillonline.tech/ru/s/{project-id} when the questionnaire is RU-primary; English UI at /s/{id} for dual-HQ packs — Russian B2B guide.