Privacy Policy

1. Your consent

By using our website, browsing its pages, submitting information through any form, or signing up for any service, you acknowledge that you have read this Privacy Policy and consent to the practices described herein. If you do not agree, please do not use the site.

Where the law does not require you to provide information, you are not obliged to do so. However, withholding certain information may prevent us from providing some services (e.g., we cannot reply to your inquiry without your name or email).

2. Information we collect

2.1 Information you provide voluntarily

• Contact forms: name, email address, phone number, message content.
• ROBOCUTE chat: the content of messages and conversations you initiate.
• Comments: if you post a comment, your display name and content.
• Newsletter signup: email address (only if you opt in).

2.2 Information collected automatically

Under GDPR Art. 4 and CCPA, digital identifiers are considered personal data. We therefore disclose that we automatically collect:

• IP address, browser fingerprint (User-Agent), cookie IDs, device identifiers.
• Browser language and translation preferences (via GTranslate).
• Site usage: pages visited, time on page, referral source, search keywords.
• Interaction data: clicks, scroll depth, form interactions.
• Anonymized session recordings and heatmaps via Microsoft Clarity (see §6).
• Technical server logs (Hostinger): access timestamp, response status, referrer.

3. How we use your information

Following the principle of data minimization, we only collect what we need for:

• Site operation — delivering content, navigation, improving user experience.
• Responding to inquiries — replying to messages from contact forms or chat.
• Service improvement — analyzing aggregated, anonymized behavior to improve content and design.
• Security — detecting suspicious activity, preventing attacks, resolving issues.
• Legal compliance — record-keeping required by tax, social security, or other authorities.
• Direct marketing — only with your explicit opt-in consent (see §12).

We do not sell your personal information to third parties.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases under Article 6 of the GDPR:

• Consent (Art. 6(1)(a)) — for non-essential cookies, marketing emails, and analytics with personal identifiers.
• Performance of a contract (Art. 6(1)(b)) — when you request a quote, service, or response.
• Legitimate interests (Art. 6(1)(f)) — for security, fraud prevention, and aggregated analytics; we balance these against your rights.
• Legal obligation (Art. 6(1)(c)) — for tax, accounting, and statutory record-keeping.

You may withdraw consent at any time by contacting us (see §15).

5. Cookies & tracking

We use cookies — small text files stored in your browser — to operate the site and improve your experience. The site uses these categories:

Managing cookies: you can block or delete cookies via your browser settings (Chrome, Firefox, Safari). Blocking strictly necessary cookies may break parts of the site.

For EEA/UK visitors, non-essential cookies are loaded only after you provide explicit consent via our cookie banner.

6. Third-party services

We share limited data with the following processors. Each operates under its own privacy policy, which we recommend you review:

• Google Analytics 4 (Google Ireland Ltd.) — anonymized traffic measurement. IP anonymization enabled. Google's privacy policy
• Microsoft Clarity (Microsoft Corporation) — session recordings and heatmaps for UX improvement. Sensitive fields are auto-masked. Microsoft's privacy statement
• Hostinger (Hostinger International Ltd.) — website and database hosting. Hostinger's privacy policy
• Google Fonts & Cloudflare CDN — font delivery and static assets. May temporarily log IP addresses.
• GTranslate — automated translation of site content.
• Email / form delivery providers — for processing form submissions and delivering them to our inbox.

The list of processors may change. We will update this policy accordingly. We do not transfer your personal data to third parties for marketing or commercial purposes.

7. International data transfers

Some of our processors (Google, Microsoft, Hostinger, Cloudflare) host data on servers located outside Israel — in the EU, the United States, and other jurisdictions. By using this site, you consent to such transfers.

All processors we work with comply with international information security standards (ISO 27001, SOC 2) and rely on legal transfer mechanisms, including:

• EU Standard Contractual Clauses (SCCs) for EEA→non-EEA transfers.
• The EU-US Data Privacy Framework for transfers to certified US processors.
• The UK International Data Transfer Agreement (IDTA) for UK transfers.

8. Data security

We take reasonable measures to safeguard your information, including:

• HTTPS/TLS encryption on every page.
• Hashed (not plaintext) password storage.
• Least-privilege admin access with strong authentication.
• Encrypted periodic backups of the database.
• Ongoing security updates for WordPress core, plugins, and infrastructure.
• Secure session cookies (Secure + HttpOnly flags).

Important note: no system is 100% secure. Despite our efforts, we cannot guarantee absolute protection against intrusion. In the event of a data breach affecting personal information, we will notify you and the relevant authorities as required by applicable law (GDPR Art. 33-34; US state breach-notification laws).

9. Data retention

• Contact inquiries and chat conversations — up to 24 months from your last contact.
• Comments — for the lifetime of the published content, unless you request deletion.
• Analytics data (GA4) — up to 14 months, then aggregated only.
• Clarity recordings — up to 12 months.
• Technical logs — up to 90 days.
• Backups — up to 90 days, then automatically deleted.

You may request earlier deletion at any time (see §10).

10. Your rights

Regardless of your location, you have the following core rights regarding your personal data (specific rights vary by jurisdiction):

1. Right of access — confirm whether we hold your personal data and obtain a copy.
2. Right to rectification — request correction of inaccurate or outdated data.
3. Right to erasure ("right to be forgotten") — request deletion of your data. We will process the request within 30 days, except where law requires us to retain it (accounting, ongoing legal disputes).
4. Right to object — object to processing for certain purposes (e.g., direct marketing).
5. Right to data portability — receive your data in a structured, machine-readable format.
6. Right to withdraw consent — at any time, without affecting prior lawful processing.
7. Right to lodge a complaint with a supervisory authority:
   • EEA: your local data protection authority (find yours here).
   • UK: the ICO.
   • California: the California Attorney General.

To exercise any right, contact us at meir@offart.space. We will respond within 30 working days (extendable to 60 days for complex requests).

11. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act grants you specific rights regarding your personal information. We disclose:

• Categories of personal information collected in the past 12 months: identifiers (name, email, IP), internet activity (browsing, interactions), inferences (analytics).
• Source: directly from you, or automatically via your device.
• Business purpose: as described in §3 above.
• Categories disclosed: identifiers and internet activity to service providers (see §6).
• "Do Not Sell or Share My Personal Information": we do not sell personal information for monetary value, and we do not engage in cross-context behavioral advertising. No opt-out is required, but you may still request confirmation by contacting us.

California residents may also exercise the rights listed in §10.

12. Marketing & direct communications

We will not send you marketing messages (email, SMS, WhatsApp) unless you have explicitly opted in by ticking a subscribe checkbox.

Every marketing message includes a simple way to unsubscribe (an "Unsubscribe" link). You may also unsubscribe by emailing meir@offart.space.

13. Children's privacy

Our site is not directed at children under 16 (under 13 for the US). We do not knowingly collect personal data from minors. If we learn that we have collected information from a child without verifiable parental consent, we will delete it promptly. Parents who discover such data are invited to contact us.

14. Changes to this policy

We may update this Privacy Policy from time to time — for example, in response to changes in law, new services, or operational adjustments. The current version is always published at this URL, with the effective date shown at the top.

For material changes affecting your rights, we will post a prominent notice on the site and/or email registered users.