Privacy Policy.

Scope of This Policy

This Privacy Policy applies solely to the informational website operated by SmartEye.AI LTD ("Company", "we", "us"). The website is designed for informational purposes and does not include user accounts, registration forms, or active transactional flows.

It is drafted to satisfy the Israeli Privacy Protection Law, 5741-1981, as amended — including Amendment No. 13, which reshapes the obligations of data controllers operating in or reaching Israeli residents, and expands the enforcement authority of the Israeli Privacy Protection Authority (PPA).

Definitions & Legal Basis

Amendment 13 broadens the definition of personal data and formalizes the concept of a data controller. Key terms used in this policy follow that framework:

Personal Data

Any information relating to an identified or identifiable natural person — including online identifiers, IP addresses, and device fingerprints.

Sensitive Data

Data regarding personality, intimate affairs, health, financial status, opinions, and beliefs — processed only with explicit consent and proportional justification.

Data Controller

SmartEye.AI LTD, which determines the purposes and means of personal data processing in connection with this website.

Data Processor

Any third party processing personal data on our behalf under a written data-processing agreement (hosting, email, font delivery).

Nature of Data Processing & Database Declaration

Any personal data provided via this website (such as through email communication) is held within a limited-scope database used strictly for maintaining contact with users and providing requested information. The database is registered and maintained in accordance with the registration and notification duties introduced under Amendment 13.

We do not use website-sourced data for profiling, automated decision-making with legal effect, training of AI models, or unauthorized direct marketing.

Email Communication

If you contact us via email, your message (including your email address and any information you choose to include) is processed through our secure email service provider.

• Purpose: To respond to your inquiry and maintain professional correspondence.
• Retention: Emails are retained only for as long as necessary to fulfill the purpose of the communication, or as required by law, and are then deleted under a documented retention schedule.
• Confidentiality: We maintain strict confidentiality and do not sell, rent, or trade your contact information to third parties.
• Lawful basis: Processing is based on your implied consent by initiating the communication, and on our legitimate interest in responding.

Technical Data

When accessing the website, certain technical data is automatically processed as part of standard internet communication (IP address, browser type, operating system, device class, referral URL, and timestamp). This data is processed passively at the server layer for security, debugging, and maintenance purposes, and is not linked to any identified individual.

Raw server logs are retained for a maximum of 30 days, then automatically purged or anonymized.

Cookies & Tracking

This website does not use tracking, advertising, behavioral analytics, or cross-site fingerprinting. No third-party tag managers, pixels, or session recorders are deployed.

Only essential technical mechanisms required for basic functionality and security may be used — strictly exempt under applicable consent requirements.

Third-Party Services & International Transfers

The website uses Google Fonts for typographic display. When loading fonts, your IP address may be transmitted to Google servers. Due to the use of global infrastructure (cloud-based email and hosting providers), personal data may be processed or stored outside of Israel.

Such transfers are subject to the protections required by the Privacy Protection (Transfer of Data to Databases Outside the State Borders) Regulations, 5761-2001, and — under Amendment 13 — additional adequacy and contractual safeguards aligned with the PPA's transfer guidance.

Data Security

In accordance with the Privacy Protection (Data Security) Regulations, 5777-2017, and heightened expectations under Amendment 13, we implement appropriate technical and organizational measures proportional to the sensitivity and volume of data processed:

• Encryption in transit. All traffic is served over HTTPS with modern TLS ciphers.
• Encryption at rest. Databases and email stores use provider-managed AES-256 encryption.
• Access control. Least-privilege role assignments, MFA enforcement for all administrative access, and immutable audit logs.
• Incident response. Documented IR playbook with defined escalation paths and post-mortem obligations.
• Vendor due diligence. Processors are vetted and contractually bound to equivalent security baselines.

Your Rights

Under the Israeli Privacy Protection Law and Amendment 13, data subjects have the following rights with respect to data we hold about them:

• Right of access (Review). Request a copy of personal data we hold about you.
• Right to rectification. Request correction of inaccurate or incomplete data.
• Right to deletion. Request deletion of data no longer required for its original purpose.
• Right to object. Object to processing for direct marketing at any time, effective immediately.
• Right to information. Be informed — clearly and in plain language — of the purpose, lawful basis, recipients, and retention period of any processing, as required under Amendment 13.
• Right to lodge a complaint. File a complaint with the Israeli Privacy Protection Authority (PPA) if you believe your rights have been violated.

To exercise any of these rights, contact us at [email protected]. We respond within the statutory timeframe (30 days), and may request reasonable identity verification to protect your data from unauthorized disclosure.

Breach Notification

Amendment 13 formalizes a two-tiered breach notification regime. We adhere to the following protocol in the event of a security incident impacting personal data:

• PPA Notification. Qualifying incidents are reported to the Israeli Privacy Protection Authority without undue delay.
• Individual Notification. Affected data subjects are notified when an incident is likely to result in a significant risk to their rights or interests.
• Documentation. All incidents — reportable or not — are internally documented, reviewed, and used to improve our security posture.

Data Protection Officer

In line with the DPO-appointment criteria introduced by Amendment 13, SmartEye.AI has designated a Data Protection Officer responsible for monitoring compliance, advising on privacy impact assessments, and serving as the contact point for data subjects and the PPA.

Separation from Operational Products

This website is operationally and contractually separate from SmartEye.AI operational systems — including Inspector, Counter, and Lot Monitor. Operational data processing performed for B2B customers is governed by dedicated service agreements, data-processing addendums, and distinct security frameworks.

Our operational platforms are built on a principle of privacy by design: biometric identification is disabled at the model level, anonymization occurs at the edge before data leaves the device, and raw footage is not retained by us.

Children's Privacy

This website is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, contact the DPO and we will delete it promptly.

Changes to This Policy

We may revise this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. The "Effective Date" at the top of this document always indicates the current version. Material changes will be highlighted on this page.

Contact & Registered Office

For privacy-related inquiries, rights exercises, or legal correspondence: