Privacy Policy

1. Introduction

Etex Global Ltd., Company Reg. No. 516532314 (hereinafter: "the Company", "OIA", "we", "us", or "our") operates the OIA platform — a business management system (CRM) that includes tools for customer and lead management, messaging campaigns, AI-powered bots, payment processing, invoicing, proposals, automation, analytics, and more.

This Privacy Policy describes how we collect, use, store, protect, and share information in connection with the OIA platform and our website at oia.co.il.

By using the platform or our website, you agree to the practices described in this Privacy Policy. This policy is an integral part of our Terms of Service.

This policy is written in compliance with the Israeli Privacy Protection Law, 5741-1981, and is aligned with the principles of the EU General Data Protection Regulation (GDPR) and the requirements of Meta Platforms (Facebook, Instagram, WhatsApp) and Google.

2. Important Distinction: Our Data vs. User Data

OIA is a technology platform. It is important to understand the following distinction:

2.1 Data We Collect (About the User / Business Owner)

As a Data Controller, we collect information about business owners who register on the platform:

• Contact information: Full name, email address, phone number
• Business information: Business name, industry/field of activity
• Financial information: Billing and payment details (processed through secure payment providers — we do not store credit card numbers)
• Usage data: Pages viewed, actions taken, session times, feature usage patterns
• Technical information: IP address, browser type, operating system, device type, referring URLs

2.2 Data Stored by Users on the Platform (Leads, Customers)

Each user (business owner) independently collects and manages information about their own customers and leads. OIA acts as a Data Processor on behalf of the user — each user is the Data Controller with respect to their customers' data.

This data may include:

• Names, phone numbers, email addresses of leads and customers
• Conversation and message history (WhatsApp, SMS, email)
• Documents, invoices, proposals
• Payment history
• Notes, statuses, tags, and CRM data

Responsibility for this data — including obtaining consents from customers, complying with privacy laws, and registering databases where required — lies solely with the user (business owner), not with OIA.

3. Legal Basis for Processing

We process personal data based on one or more of the following legal bases:

• Performance of a contract: Processing is necessary to provide the services the user has registered for and agreed to in the Terms of Service
• Consent: Where the user has given explicit consent (for example, for receiving marketing communications). Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before the withdrawal
• Legitimate interests: Service improvement, fraud prevention, system security, and improving user experience — provided these interests do not override the user's rights and freedoms
• Legal obligation: Where required by law, including tax law, anti-money laundering regulations, and court orders

4. How We Use Information

4.1 Information About Users (Business Owners)

We use information about our users for the following purposes:

• Providing and operating the platform and services
• Technical support and customer service
• Billing, invoicing, and payment processing
• Improving and developing the platform
• Sending service updates and system notifications
• Marketing communications (subject to your consent — you may unsubscribe at any time)
• Compliance with legal requirements
• Fraud prevention and system security
• Analytics and reporting (aggregated and anonymized where possible)

4.2 Information of Users' Customers

We do not use information belonging to our users' customers (leads, end customers) for our own purposes. Such information is processed solely for the purpose of providing the services requested by the user.

We do not sell, trade, rent, or disclose information belonging to our users' customers to third parties, except:

• Essential service providers: Payment processors (for processing payments), WhatsApp/Meta (for sending messages), SMS and email providers — solely for the purpose of performing the action requested by the user
• Legal requirements: When required by law, court order, or legal proceeding

5. Meta Platform Data Usage

5.1 Meta (Facebook, Instagram, WhatsApp) Data

The platform may access data from Meta in accordance with permissions granted by the user. We commit to the following:

• We use data received from Meta only for the purposes the user has authorized and only to provide the requested services
• We do not sell, transfer, or share data received from Meta with third parties except as necessary to provide the services
• We do not use Meta data for advertising, profiling, data brokering, or purposes unrelated to the services the user requested
• We allow users to revoke access to Meta data at any time through their account settings
• We delete all data received from Meta upon permission revocation or account closure
• We comply with Meta Platform Terms and Meta Developer Policies

Types of data that may be received from Meta:

• Public profile information (name, profile picture)
• Business page data (subject to user permission)
• WhatsApp Business API message data (subject to user permission)
• Campaign and advertising data (subject to user permission)

Users are solely responsible for obtaining all necessary consents from their end users/customers before sending messages via WhatsApp, Facebook, or Instagram, and for complying with all applicable anti-spam laws and Meta messaging policies.

5.2 Google Data

Where the platform accesses data from Google services (such as Google Calendar, Gmail, Google Contacts), we commit to the following:

• We use data received from Google only for the purposes the user has authorized
• We do not transfer Google data to third parties except as necessary to provide the services
• We do not use Google data for advertising or marketing
• We comply with the Google API Services User Data Policy, including the Limited Use requirements
• We allow users to revoke access to Google data at any time
• We delete all Google data upon permission revocation or account closure

6. Data Security

We invest significant resources in data security and employ industry-standard measures, including:

• Encryption of data in transit (SSL/TLS)
• Encryption of data at rest where applicable
• Role-based access control (each user can only see their own data)
• Logical separation of data between users/tenants
• Regular backups and system redundancy
• Continuous monitoring and logging
• Access restricted to employees and vendors on a "need-to-know" basis only
• Periodic security reviews and assessments

Important: Despite our efforts, no method of transmission or storage over the Internet can be guaranteed to be 100% secure. We follow industry-standard practices, but the user is also responsible for backing up their critical data.

7. Third-Party Service Providers

The platform integrates with external services to provide its functionality. Categories of third-party processors include:

• WhatsApp / Meta: Messaging and bot management — WhatsApp Privacy Policy
• Facebook / Instagram (Meta): Campaign management and business pages — Meta Privacy Policy
• Google: Analytics, API services — Google Privacy Policy
• Payment processors: Payment processing (credit card details are processed directly by the payment provider and are not stored by us)
• SMS providers: Sending text messages
• Email service providers: Sending emails
• Invoicing providers: Generating accounting documents
• AI services: Artificial intelligence for bots, content generation, and design

Each third-party service operates under its own privacy policy. We select providers that meet stringent data security and privacy protection standards.

8. International Data Transfers

Data stored on the platform may be processed and stored on servers located outside of Israel, including in the European Union and other jurisdictions.

We ensure that all international transfers of personal data are conducted with appropriate safeguards, including:

• Use of providers that comply with international security standards
• Encryption of data in transit and at rest
• Contractual agreements with providers that include data protection clauses (Standard Contractual Clauses — SCC, where applicable)
• Ensuring data is transferred only to countries with adequate levels of protection or using appropriate protective measures

9. Cookies and Tracking Technologies

The website and platform use cookies and similar technologies:

• Essential cookies: Required for basic functionality (login, language settings, security). These cookies are necessary and cannot be disabled
• Performance cookies: Analytics and measurement (Google Analytics) — used to improve the services
• Marketing cookies: Tracking pixels (Facebook Pixel, Google Ads) — used to measure campaign effectiveness. You may disable these cookies
• Functional cookies: Saving accessibility and display preferences

You can manage or block cookies through your browser settings. Blocking essential cookies may impair platform functionality.

For more information about specific cookies and their duration, contact us at [email protected].

10. Your Rights

In accordance with the Israeli Privacy Protection Law and GDPR principles (for users in the EU/EEA), you have the following rights:

• Right of Access: View and receive a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or outdated data
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data. See our Data Deletion Instructions for full details
• Right to Restriction of Processing: Request that we limit the processing of your data under certain circumstances
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (such as CSV or JSON)
• Right to Object: Object to the processing of your data for direct marketing or processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent given at any time, without affecting the lawfulness of processing carried out before the withdrawal

Note for customers of OIA users: If you are a customer of a business that uses OIA and you have a request regarding your data, please contact the business directly. OIA processes this data on behalf of the business only.

To submit a request, email us at: [email protected]. We will respond to your request within 30 days.

11. Data Deletion and Data Requests

We respect your right to control your personal data. Here is how you can exercise your rights:

11.1 Account and Data Deletion

• You may request deletion of your account and all associated data
• Deletion requests will be processed within 30 days of receipt
• Before deletion, you may request an export of all your data
• Certain data may be retained for an additional period in accordance with legal requirements (such as accounting documents)

11.2 Facebook / Meta Data Deletion

If you used Facebook Login or connected your Facebook account, you may request deletion of all data received from Meta. See our Data Deletion Instructions for the full process.

11.3 How to Submit a Request

• Email: [email protected] with the subject line "Data Deletion Request"
• Phone: +972-55-976-3383
• Dedicated page: https://oia.co.il/data-deletion
• If available in your account settings, you can also request deletion from within the platform

For identity verification purposes, we may request additional identifying information.

12. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

• User account data: Retained while the account is active, and up to 90 days after account closure
• Billing and invoice data: Up to 7 years in accordance with Israeli tax law
• User customers' data: Retained while the user's account is active. Deleted within 90 days after account closure
• Usage and analytics data: Up to 26 months
• Cookie data: According to the type of cookie (see Section 9)

13. Children's Privacy

Our services are not intended for individuals under the age of 13 (or under 16 in certain EU jurisdictions). We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe that a child has provided personal data to us, please contact us at: [email protected].

14. Limitation of Liability Regarding Data

The Company takes reasonable measures to secure data, but shall not be liable for any loss, damage, or exposure of data resulting from technical failure, cyberattack, force majeure, or any cause beyond its control.

In particular, the Company is not responsible for the manner in which users collect, manage, or use their customers' data. Each user is solely responsible for compliance with privacy laws regarding their customers' data.

15. Data Breach Notification

In the event of a security breach that may affect your personal data, we commit to:

• Notifying affected users as soon as practicable, and no later than 72 hours after becoming aware of the breach
• Reporting to the relevant data protection authority as required by law
• Detailing the type of data affected, the potential consequences, and the steps taken to mitigate the impact

16. GDPR Compliance (EU/EEA Users)

For users located in the European Union or European Economic Area (EEA), we commit to upholding the principles of the GDPR:

• Lawfulness, fairness, and transparency: Data processing is conducted on a lawful basis and with full transparency
• Purpose limitation: Data is collected for defined purposes and is not processed in a manner incompatible with those purposes
• Data minimization: We collect only the data necessary for the defined purposes
• Accuracy: We take reasonable steps to ensure that data is accurate and up to date
• Storage limitation: Data is retained only for the duration necessary (see Section 12)
• Integrity and confidentiality: We implement appropriate security measures (see Section 6)

You may contact us with any GDPR-related question at: [email protected].

You also have the right to file a complaint with the data protection supervisory authority in your country.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be published on the website and/or sent by email. Continued use of the platform after publication of changes constitutes acceptance of the updated policy.

We recommend reviewing this policy periodically. The date of the last update is indicated at the top of this page.

18. Contact Us

For questions, requests, or complaints regarding this Privacy Policy or the handling of your personal data:

• Company: Etex Global Ltd., Reg. No. 516532314
• Data Protection Contact: [email protected]
• Email: [email protected]
• Phone: +972-55-976-3383
• Address: 22 Gibore Israel St., Netanya, Israel

We aim to respond to all inquiries within 30 days.