Terms of Service

Privacy Policy

Salestor AI

1. General

This Privacy Policy forms an integral part of the Website Terms and Conditions.

This Privacy Policy explains how the website operator collects, uses, stores, and protects your personal information, in accordance with the Israeli Protection of Privacy Law, 1981, including Amendment No. 13 (effective as of August 14, 2025), the Privacy Protection Regulations (Data Security), 2017, and the Communications Law (Telecommunications and Broadcasting), 1982.

By using the website operated by Salestor AI Ltd., Company No. 517167318, located at 3 Shoham Street, Petah Tikva (the "Company" or "Website Operator"), you confirm that you have read and understood this Privacy Policy.

2. Definitions

Personal Data - Any information relating to an identified or identifiable individual, directly or indirectly (including name, address, email address, IP address, location data, payment details).

Sensitive Data - Medical, financial, biometric or genetic data, precise location data, political opinions, sexual orientation, criminal history.

Data Processing - Any operation performed on Personal Data, including collection, storage, use, transfer, disclosure, deletion, or destruction.

Database Owner / Data Controller - The entity determining the purposes and means of data processing, as defined under the Protection of Privacy Law.

Data Subject - An individual who can be identified, directly or indirectly, by data contained in a database.

Artificial Intelligence (AI) - Any system, software, or service using algorithms, machine learning, or computational models to analyze data, learn from it, identify patterns, or generate insights or recommendations, including the processing of Personal Data.

3. Data Protection Principles

The Company undertakes not to misuse Personal Data without the user's consent, except where required by law, to prevent misuse, or to protect its rights.

Access to Personal Data is granted only to employees and authorized parties who require such access for the provision of services, subject to role-based access controls and internal security procedures.

At the time of data collection, users will be informed of:

  • The purposes of data use
  • Whether providing the data is mandatory or optional
  • The identity of the database owner
  • The data retention period

Failure to provide mandatory information may prevent access to certain services. Providing optional information is not required but may affect the scope or personalization of the services.

4. AI-Based and Technology-Driven Services

Where the services include data analytics tools, call recording, voice processing, or AI-based technologies, this Privacy Policy also applies to such processing, in accordance with applicable data protection laws and regulations governing automated data processing.

5. Databases and Roles

The Company manages its databases in compliance with the Protection of Privacy Law and its regulations. Where required by law, databases are registered or reported to the Israeli Privacy Protection Authority.

The Company operates under a hybrid processing model:

  • Data Controller - for data required to operate and manage its services.
  • Data Processor - for Personal Data processed on behalf of users and in accordance with their instructions.

All processing is performed strictly in accordance with user instructions, applicable law, and binding Data Processing Agreements (DPA), where required.

6. Prohibition on Unlawfully Collected Data

The Company strictly prohibits any processing of Personal Data collected unlawfully and is committed to verifying the legality of data sources.

7. Compliance with Law

The Company complies with all applicable laws, including data protection laws, and refrains from using Personal Data for unlawful purposes.

Users undertake not to use the services in violation of the law. The Company reserves the right to take reasonable measures, including suspension or blocking of access, to prevent unlawful use.

8. Purposes of Data Collection and Processing

Personal Data is collected and processed solely for explicit, legitimate purposes, including:

  1. Provision of website services, registration, orders, and user account management
  2. Improving user experience and personalizing services
  3. Statistical analysis and behavioral insights (using anonymized or minimized data where possible)
  4. Sending system messages, updates, feedback requests, and essential service communications
  5. Sending marketing communications, subject to explicit user consent
  6. Fraud prevention, enforcement of terms, and protection of Company rights
  7. Sharing with third parties as outlined in this Policy
  8. Compliance with legal and regulatory obligations

9. Smart Technologies and AI Data Processing

Where services include call analysis, voice processing, or AI-based insights, data may also be used for:

  1. Automated transcription and analytical reporting
  2. Algorithm improvement using anonymized data only
  3. Business insights and performance optimization
  4. Pattern detection and anomaly identification

Such processing is conducted in accordance with principles of data minimization, anonymization, and security, and does not involve automated decision-making with legal or personal effects on users.

10. Call Recording Notice

Where services include call recording or voice processing, the responsibility for providing lawful notice and obtaining required consents rests solely with the user.

The Company is not responsible for violations resulting from unlawful recording by users.

Recordings and raw data are retained for up to one (1) year, unless otherwise required by law. Data deletion is initiated by the user through system actions. The Company does not retain copies beyond this period, except where necessary for legal compliance, security, or protection of rights.

11. AI and Algorithmic Processing

When services include AI-based analysis (e.g., transcription, sentiment analysis, business insights):

  1. Data is processed automatically, encrypted, and anonymized
  2. No automated decisions with legal or personal consequences are made
  3. Users may request explanations regarding algorithmic processing
  4. Training data undergoes full anonymization
  5. Requests to exclude data from model training may be sent to: [email protected]

12. Marketing Communications

By providing contact details, registering on the website, or placing an order, users consent to receive communications related to the website and services, including marketing messages, subject to explicit opt-in and in accordance with Section 30A of the Communications Law.

13. Opt-Out

Users may unsubscribe at any time:

  • Email - via the unsubscribe link in marketing emails or by contacting the Company
  • SMS - according to instructions included in the message

Unsubscribing from one channel does not automatically unsubscribe from others.

14. Data Subject Rights

Data subjects may:

  1. Access their Personal Data
  2. Request correction or deletion
  3. Request data portability in a machine-readable format
  4. Object to processing for direct marketing or profiling
  5. Request restriction of processing

The Company will respond within 30 days.

15. Data Sharing with Third Parties

Personal Data may be shared only as necessary with:

Service Providers - cloud hosting, payment processors, analytics, marketing, and technical support providers, bound by confidentiality and DPAs.

Business Partners - subject to explicit user consent.

Examples of service providers:

  • Microsoft Azure - secure cloud infrastructure (ISO 27001, SOC 2)
  • iCount / Isracard - PCI DSS Level 1 payment processing
  • Google Analytics - anonymized traffic analytics

The Company does not sell or rent Personal Data.

16. International Data Transfers

Data may be transferred abroad only to jurisdictions with adequate data protection or under legally binding safeguards.

17. Cookies

The website uses cookies and pixels for functionality, security, analytics, and user experience improvement, including Google Analytics and Facebook Pixel, subject to consent where required.

Users may block or delete cookies via browser settings. Blocking essential cookies may impair website functionality.

18. Information Security

The Company implements advanced technical and organizational security measures, including:

  1. Encryption in transit (TLS 1.3) and at rest (AES-256)
  2. Role-based access control and multi-factor authentication
  3. Real-time security monitoring (SIEM)
  4. Periodic risk assessments and penetration testing

In the event of a data breach, the Company will notify authorities and affected users as required by law (within 72 hours in cases involving sensitive data).

19. Policy Updates

The Company may update this Privacy Policy from time to time. Material changes will be published prominently on the website. Continued use constitutes acceptance of the updated policy.

20. Contact

For questions or requests regarding this Privacy Policy:

Last updated: August 12, 2025