Privacy Policy
- We collect only what's necessary: email, phone (optional), delivery preferences
- We never sell, share, or rent your data
- No tracking cookies — only a session cookie for the admin dashboard
- You can delete your data anytime — just email us
- The only third parties with access are service providers we use to operate (billing, message delivery) — and only what's necessary for them
This policy applies to your use of madad-ai.com and the subscription service. It explains what personal information we collect, why, how we use it, and your rights.
The service is operated from Israel and complies with the Israeli Privacy Protection Law (1981). For European users, we also align with GDPR principles to the extent applicable.
Note: The original Hebrew version of this policy is the controlling version in case of any conflict.
1. What we collect
1.1 Information you provide
- Email address — required if you choose email delivery
- Phone number in international format — required if you choose WhatsApp delivery
- Delivery preferences — channel (WhatsApp / email / both), schedule (morning, evening, alerts only, etc.), and language
- Consent confirmation + signup timestamp
1.2 Information from third parties
- Payment confirmation from PayPlus or Lemon Squeezy — amount, currency, transaction ID. We never see your card details (no card number, CVV, or expiry).
- Delivery status from Twilio (WhatsApp) and Resend (email) — whether the message was delivered, link click data, etc.
1.3 Technical information
- IP address — temporarily stored in server logs (Vercel) for security and debugging. Auto-deleted after 30 days.
- Site usage — Vercel Analytics collects aggregated, anonymous data on page views and visits. No tracking cookies, no personal identification.
2. Why we collect it
Use of your information is limited to:
- Service delivery — sending the daily updates per your preferences
- Billing and subscription management — payment processing, renewal, cancellation
- Customer support — responding to your inquiries
- Security and fraud prevention — detecting unusual usage
- Service improvement — aggregate analysis only (how many sent, popular schedules), without personal identification
We do NOT:
- Send marketing without your consent
- Sell or rent your information
- Share data with advertisers
- Build personal profiles for targeted ads
3. Who we share it with
The only third parties with access to your data are the providers operating our infrastructure. Each receives only what's necessary for their role:
| Provider | Role | What they receive |
|---|---|---|
| Vercel | Site hosting + server logs | HTTP requests, IP, User-Agent |
| Neon (Postgres) | Database | All your personal data |
| Resend | Email delivery | Email + message body |
| Twilio | WhatsApp delivery | Phone number + message body |
| PayPlus | Billing for IL subscribers | Name, amount, card details (not stored by us) |
| Lemon Squeezy | Billing for international subscribers | Name, email, amount, card details (not stored by us) |
Each provider is bound by their own privacy policy. You're encouraged to review them if relevant to you.
Other exceptions: We may share information when:
- Required by court order or lawful government request
- In case of business sale (merger / acquisition) — you'll be notified in advance
- In case of suspected fraud or legal violation
4. How long we keep your data
- Active subscription — for the duration of the subscription
- After cancellation — kept for 90 days (for refunds, billing disputes, inquiries), then personal data is deleted. Billing records retained for 7 years per tax authority requirements.
- On the waitlist (Coming Soon) — kept until launch. If you request deletion before launch — deleted immediately.
- Server logs — 30 days
5. Your rights
Under applicable privacy laws (Israeli Privacy Protection Law, and GDPR for EU users), you have the right to:
- Access your data — request a copy of what we hold about you
- Correct inaccuracies — update your details
- Delete your data — request full deletion (within 30 days)
- Object to certain uses — primarily marketing (which we don't do anyway)
- Receive your data in a portable format (Data Portability)
- Withdraw consent at any time
To exercise these rights: email hello@madad-ai.com. We'll respond within 14 business days.
6. Cookies and tracking
We don't use tracking or advertising cookies. The only cookies on the site:
madad_lang— stores your language preference (Hebrew/English). Valid for 1 year. No personal data.madad_admin— only created if you're an admin who logged in to the dashboard. Valid for 7 days.
Vercel Analytics collects aggregate usage data (page views, country) without personal identification or tracking cookies. Read more in the Vercel privacy policy.
7. Data security
We use reasonable industry-standard security measures, including:
- Traffic encryption (HTTPS / TLS 1.2+) — required
- Database encryption at rest
- Admin access protected by hashed password (bcrypt) + session cookie
- Signature verification (HMAC-SHA256) on payment webhooks
- Card details kept only with payment providers (PCI-DSS Level 1)
That said, no system is bulletproof. In case of a security incident exposing your data, we'll notify you within 72 hours of detection, per legal requirements.
8. Children
The Service is not intended for children under 18. We do not knowingly collect data on minors. If you become aware of such a case — please contact us and we'll delete the data immediately.
9. Changes to this policy
We may update this policy occasionally. Material changes will be communicated to you in advance (at least 14 days) via the channels you provided (email / WhatsApp). The "Last updated" date appears at the top of this page.
10. Contact
Questions, requests, or concerns under this policy: email hello@madad-ai.com.
If you're dissatisfied with our response, you have the right to file a complaint with the Israeli Privacy Protection Authority (www.gov.il) or, if you're an EU resident, with your local data protection authority.
The original Hebrew version of this policy is available here and is the controlling version in case of any conflict.