This Privacy Policy (the "Policy") sets forth the manner in which Arcusis LTD (the "Company", "we", "us", or "our") processes Personal Data in connection with hasbara.co.il (the "Website").

This Policy applies to all individuals who access, browse, read, interact with, or otherwise utilize the Website (collectively, "Users"). By accessing or using the Website, you acknowledge that you have read and understand this Policy.

For inquiries regarding this Policy or the Company’s data protection practices, contact: contact@hasbara.co.il.

Data Controller Information

Owner and Data Controller: Arcusis LTD.

Jurisdiction of incorporation and principal operations: State of Israel.

For the purposes of applicable data protection legislation (including the Israeli Privacy Protection Law, 5741–1981), the Company acts as the Data Controller and determines the purposes and means of processing Personal Data collected via the Website.

Where third-party service providers process data on our behalf, such entities act as Data Processors pursuant to contractual arrangements requiring appropriate safeguards.

Types and Categories of Personal Data Collected

We may collect, receive, or otherwise process the following categories of Personal Data, either directly or automatically through technological means.

  • Usage Data (automatically collected): IP address, browser type/version/language, operating system and device characteristics, device identifiers and technical configuration data, referring URLs and exit pages, pages viewed and time spent, timestamps, HTTP request details, response status codes, request methods, and approximate geographic location derived from IP address.
  • Cookies and similar tracking technologies ("Trackers"): used to enable core technical functionality, maintain session integrity, analyze aggregate traffic patterns, detect abuse/fraud/malicious activity, and improve stability and performance. You may refuse/delete cookies in your browser, but some features may not function properly.
  • Administrative and authentication data (internal personnel only): the Website does not provide public user accounts. Authorized internal personnel may access administrative interfaces; in such cases we may process name, professional email, authentication identifiers (e.g., Google or Discord IDs), access logs, and administrative activity records for access control and auditing.

Purposes of Processing and Legal Bases

We process Personal Data solely for legitimate, specified, and lawful purposes, including security, analytics, compliance, and internal access control.

  • Security, integrity, and fraud prevention: protecting the Website against cyber threats and misuse; monitoring stability; investigating suspicious activity. Legal basis: legitimate interests.
  • Website analytics and performance optimization: measuring aggregate traffic; improving load times and user experience; identifying errors. Legal basis: legitimate interests.
  • Compliance with legal obligations: responding to lawful requests; enforcing rights or defending claims. Legal basis: compliance with legal obligations and protection of legal interests.
  • Internal authentication and access control: verifying authorized administrative personnel; maintaining audit logs. Legal basis: legitimate interests and internal operational requirements.

Third-Party Service Providers and Analytics

We utilize carefully selected third-party providers to support Website functionality, analytics, and security.

  • Google Analytics (Google LLC): categories of data processed: Trackers and Usage Data. Processing location: United States. Privacy policy: https://policies.google.com/privacy. Opt-out: https://tools.google.com/dlpage/gaoptout.
  • Cloudflare (Cloudflare, Inc.): provides CDN, DDoS mitigation, security, traffic routing/optimization, and privacy-focused analytics. Categories of data processed: Usage Data, technical metadata, security logs. Processing location: United States. Privacy policy: https://www.cloudflare.com/privacypolicy/.

Methods of Processing and Security Measures

Personal Data is processed using electronic systems and structured organizational procedures designed to ensure integrity, confidentiality, and availability.

Security measures include encryption in transit (TLS/HTTPS), restricted administrative access (role-based permissions), authentication safeguards, Cloudflare infrastructure protections, and continuous monitoring/logging.

No method of electronic transmission or storage is entirely immune from risk.

International Data Transfers

Personal Data may be processed within Israel and transferred to service providers in other jurisdictions, including the United States.

Where cross-border transfers occur, they are conducted in compliance with applicable transfer regulations and contractual safeguards.

Data Retention Policy

We retain Personal Data only for as long as reasonably necessary to fulfill the purposes described in this Policy.

  • Security logs: retained for limited periods sufficient for auditing, forensic analysis, and system monitoring.
  • Analytics data: retained in accordance with provider-defined retention schedules.
  • Administrative records: retained for the duration of authorized access and for a limited archival period thereafter.
  • Legal compliance records: retained as required by applicable law.

Rights of Data Subjects (GDPR – EU Residents)

If you are located within the European Economic Area (EEA), you may be entitled to rights under the GDPR, including access, rectification, erasure (under certain conditions), restriction, portability, objection to processing based on legitimate interests, withdrawal of consent where applicable, and the right to lodge a complaint with a supervisory authority.

Requests may be submitted to contact@hasbara.co.il. We will respond within the timeframes prescribed by applicable law.

Switzerland

Residents of Switzerland may exercise rights under the Swiss Federal Act on Data Protection (FADP), including rights of access, correction, and objection to processing.

Brazil (LGPD)

Individuals located in Brazil have rights under the LGPD, including confirmation of processing, access, correction, anonymization, deletion, and revocation of consent where applicable.

Requests may be submitted via contact@hasbara.co.il.

California (CCPA/CPRA)

We may collect identifiers (such as IP address) and internet or electronic network activity information.

We do not knowingly collect sensitive personal information as defined under the CPRA.

We do not sell Personal Information. We do not share Personal Information for cross-context behavioral advertising.

California residents may have rights to request disclosure, deletion, correction, a portable copy, and to exercise rights without discrimination. Requests may be directed to contact@hasbara.co.il.

Virginia, Colorado, Connecticut, Utah

Residents of these states may have statutory rights including access, correction, deletion, and data portability.

We do not sell personal data and do not process personal data for targeted advertising or profiling activities.

Internal Artificial Intelligence Systems

The Website’s content is generated and curated using proprietary internal artificial intelligence systems operated exclusively by the Company.

The Website does not offer public interactive AI functionality. We do not collect user-generated prompts or submissions for the purpose of training AI systems.

AI systems are internal tools used solely for content production and management.

System Logs and Technical Maintenance

For operational integrity and cybersecurity purposes, the Website and associated service providers may collect and store system logs, including IP addresses, timestamps, request paths, error reports, and technical diagnostic data.

These logs are used strictly for maintenance, troubleshooting, performance monitoring, and security analysis.

Changes to This Privacy Policy

We reserve the right to amend or update this Policy at any time to reflect operational, legal, or regulatory developments. Updates will be posted on this page with a revised "Last Updated" date.

Continued use of the Website following publication of modifications constitutes acknowledgment of the updated Policy.

Definitions and Interpretive Terms

Personal Data: any information relating to an identified or identifiable natural person.

Usage Data: information automatically collected through technological means when interacting with the Website.

Data Subject: the natural person to whom Personal Data relates.

Data Processor: a natural or legal person processing Personal Data on behalf of the Data Controller.

Data Controller: Arcusis LTD, which determines the purposes and means of processing.

For privacy-related inquiries or formal data protection requests: contact@hasbara.co.il.