Privacy Policy
Last updated: April 30, 2026. This policy explains what data we collect, why, and how you can exercise your rights.
1. Data Controller
Data Controller: Siskind Carlos Alberto (סיסקינד קרלוס אלברטו), operating under the name COPISRAD INNOVATION — Israeli VAT-exempt sole proprietor (עוסק פטור / osek patur), merchant number 017868092, registered with the Israel Tax Authority on 29/04/2026, with registered address at Gan HaShomron, Israel.
- Privacy contact: [email protected] — alias forwarding to [email protected] until DNS MX is configured
- Primary contact: [email protected]
Applicable compliance: Israeli Protection of Privacy Law 5741-1981 (Controller's primary jurisdiction); EU Regulation 2016/679 (GDPR) for EEA data subjects; California Consumer Privacy Act (CCPA / CPRA principles) for California residents.
2. What We Collect and Why
Usage Analytics (first-party)
This site uses a self-hosted endpoint analytics-collector (Supabase Edge Function under our control). The script sends, on each page load:
- Path visited (e.g. /precios.html)
- Referrer (URL you arrived from, if applicable)
- Site (copisrad.cloud, complibot.copisrad.cloud, flowforge.copisrad.cloud)
- Country (2-letter ISO code, derived from IP by the network provider)
- User-agent and session hash — SHA-256 truncated to 16 characters with a daily-rotated salt. Does not identify a person nor link visits across days
- UTM tags if present in the URL
We do not use cookies, localStorage or fingerprinting. We do not store your IP. We respect the DNT: 1 header — if active, nothing is sent.
Legal basis (GDPR Art. 6): legitimate interest (measuring aggregate site usage to improve content).
Contact Forms
- Name, email, company (optional), phone (optional)
- Message
- UTM if present in the URL
We process this data to respond to your inquiry and, if you accept, to contact you about our services.
Legal basis: consent (form submission) and pre-contractual execution.
3. Where Data Is Stored
Data is stored on infrastructure operated by Supabase (project in the eu-west-1 region, Ireland — within the European Economic Area). Transactional emails are sent via own SMTP or providers with Data Processing Agreements. International transfers (between EEA, Israel and USA) are based on (i) the European Commission's adequacy decision for Israel (Decision 2011/61/EU), (ii) Standard Contractual Clauses (SCC) when US processors intervene.
4. Retention
| Data | Period |
|---|---|
| Analytics events | 24 months, then aggregated and anonymized |
| Leads and contacts | For the duration of the commercial relationship + 5 years |
| Security logs | 12 months |
| Billing data | 7 years (Israeli tax obligation) or longer if the Client's jurisdiction requires it |
5. Your Rights
You may exercise any of the following rights at any time by writing to [email protected] with reasonable proof of identity (partially redacted ID/Passport):
- Access (GDPR Art. 15 / CCPA "Right to Know"): what data we hold about you.
- Rectification (Art. 16): correct inaccurate data.
- Erasure / Right to be forgotten (Art. 17 / CCPA): delete data when no longer necessary.
- Objection (Art. 21): stop processing for marketing.
- Portability (Art. 20): receive your data in a structured format (JSON/CSV).
- Restriction (Art. 18): retain data without active processing.
- Right to opt-out (CCPA): we do not sell or share personal data with third parties for advertising.
- Israeli Protection of Privacy Law: right to inspect, modify and request deletion under Articles 13–14.
We respond within 30 days (GDPR) / 45 days (CCPA). If you believe your rights have been violated, you may file a complaint with: the Israeli Privacy Protection Authority (PPA), your national supervisory authority in the EU, or the California Attorney General.
6. Security
We apply TLS 1.2+ in transit, encryption at rest in the database, role-based access control, RLS (Row Level Security) on every table, immutable audit log of credential access, and periodic key rotation. Compliance auditing runs continuously over our own services.
7. Cookies and Similar Technologies
This site does not use tracking cookies nor third-party cookies. The only information that persists in your browser is what you generate yourself (form in progress, language preference) and only for the duration of the session.
8. Minors
Our services are aimed at adult businesses and professionals. We do not knowingly collect data from minors under 16 years (GDPR) / 13 years (CCPA).
9. Changes to This Policy
We publish any modification at this URL with the updated date. Material changes are notified by email to active users with 30 days advance notice.
10. Contact
Privacy: [email protected] (alias) — Primary: [email protected]. Additional mailboxes ([email protected], [email protected]) coming soon — email forwarding is being configured.