Privacy Policy
Last updated: 30 April 2026. This policy explains what data we collect, why, and how you can exercise your rights.
1. Data Controller
Data Controller: Siskind Carlos Alberto (סיסקינד קרלוס אלברטו), trading as COPISRAD INNOVATION — Israeli VAT-exempt sole proprietor (עוסק פטור / osek patur), dealer number 017868092, registered with the Israeli Tax Authority on 29/04/2026, with registered address at Gan HaShomron, Israel.
- Privacy contact: [email protected] — alias to [email protected] until DNS MX is configured
- Primary contact: [email protected]
Applicable compliance: Israeli Privacy Protection Law 5741-1981 (primary jurisdiction of the Data Controller); EU Regulation 2016/679 (GDPR) for EEA data subjects; California Consumer Privacy Act (CCPA / CPRA basics) for California residents.
2. What we collect and why
Usage analytics (first-party)
This site uses a self-hosted endpoint analytics-collector (Supabase Edge Function under our control). The script sends, on each page load:
- Path visited (e.g. /precios.html)
- Referrer (URL you came from, if any)
- Site (copisrad.cloud, complibot.copisrad.cloud, flowforge.copisrad.cloud)
- Country (2-letter ISO code, derived from IP by the network provider)
- User-agent and session hash — SHA-256 truncated to 16 characters with daily rotated salt. Cannot identify a person nor link visits across days
- UTM tags if present in the URL
We do not use cookies, localStorage or fingerprinting. We do not store your IP. We respect the DNT: 1 header — if active, nothing is sent.
Legal basis (GDPR Art. 6): legitimate interest (measuring aggregate site usage to improve content).
Contact forms
- Name, email, company (optional), phone (optional)
- Message
- UTM if present in the URL
We process this data to respond to your enquiry and, if you accept, to contact you about our services.
Legal basis: consent (form submission) and pre-contractual execution.
3. Where data is stored
Data is stored on infrastructure operated by Supabase (project in region eu-west-1, Ireland — within the European Economic Area). Transactional emails are sent via own SMTP or providers under Data Processing Agreements. International transfers (between EEA, Israel and US) rely on (i) the European Commission's adequacy decision for Israel (Decision 2011/61/EU), (ii) Standard Contractual Clauses (SCC) when US processors are involved.
4. Retention
| Data | Period |
|---|---|
| Analytics events | 24 months, then aggregated and anonymised |
| Leads and contacts | For the duration of the commercial relationship + 5 years |
| Security logs | 12 months |
| Billing data | 7 years (Israeli tax obligation) or longer if the Customer's jurisdiction requires |
5. Your rights
You can exercise any of the following rights at any time by writing to [email protected] with a reasonable proof of identity (DNI/Passport partially redacted):
- Access (GDPR Art. 15 / CCPA "Right to Know"): what data we hold about you.
- Rectification (Art. 16): correct inaccurate data.
- Erasure / Right to delete (Art. 17 / CCPA): delete data when no longer necessary.
- Objection (Art. 21): stop processing for marketing.
- Portability (Art. 20): receive your data in a structured format (JSON/CSV).
- Restriction (Art. 18): keep data without active processing.
- Right to opt-out (CCPA): we do not sell or share personal data with third parties for advertising.
- Israeli Privacy Protection Law: right to inspect, modify and request deletion under Articles 13–14.
We respond within 30 days (GDPR) / 45 days (CCPA). If you believe your rights have been violated, you can complain to: Israel Privacy Protection Authority (PPA), your national supervisory authority in the EU, or the California Attorney General.
6. Security
We apply TLS 1.2+ in transit, encryption at rest in the database, role-based access control, RLS (Row Level Security) on every table, immutable audit log of credential access, and periodic key rotation. Compliance auditing is run continuously over our own services.
7. Cookies and similar technologies
This site does not use tracking cookies nor third-party cookies. The only information that persists in your browser is what you generate yourself (in-progress form, language preference) and only for the duration of the session.
8. Minors
Our services are aimed at businesses and adult professionals. We do not knowingly collect data from minors under 16 (GDPR) / 13 (CCPA).
9. Changes to this policy
We publish any modifications at this URL with the updated date. Material changes are notified by email to active users with 30 days advance notice.
10. Contact
Privacy: [email protected] (alias) - Primary: [email protected]. Additional inboxes ([email protected], [email protected]) are coming soon — email forwarding being set up.