Privacy Policy

At PointFive Ltd. ("Company," "we," "us," or "our"), we recognize that privacy is important. This Privacy Policy ("Policy") applies to your access to our website located at https://www.pointfive.co/ (the "Website") and the use of services available through the Website (the "Services"). This Policy describes how we collect, use, disclose, and otherwise process Personal Information in connection with the Services, and explains the rights and choices available to you with respect to your information.

"Personal Information" is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

When you, the user (the "User") uses the Services, your Personal Information will be processed subject to the terms of this Privacy Policy. Please read our Privacy Policy carefully to get a clear understanding of how We organize, collect, use, protect or otherwise handle your Personal Information.

You are not legally required to provide Personal Information, but certain information is necessary for us to provide the Services (for example, to create and maintain your account and to provide customer support).

Please read this Policy carefully. By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, please do not access or use the Services.

If you have any questions about this Policy, please contact us at: [email protected]

II. Data Controller / Responsible Party

PointFive acts as the data controller (or "business" under U.S. state privacy laws) for the Personal Information processed through the Services. For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we are the controller responsible for your Personal Data under the General Data Protection Regulation ("GDPR"). For users in Israel, we are the database owner (and/or holder) under the Israeli Privacy Protection Law, 5741-1981.

Our principal place of business is:

• Israel Headquarters: Tel Aviv, Israel
• USA Headquarters: 1178 Broadway New York, NY 10001

Our Data Protection Officer can be contacted at: [email protected]

Our EU/UK Representative can be contacted at: [email protected]

III. Categories of Personal Information We Collect

We collect Personal Information in the following categories, depending on how you interact with our Services:

A. Information You Provide Directly

Account and Registration Data: When you create an account or register on our Website, we collect your name, email address, telephone number, and other information you provide ("Account Data"). We use this data to create and manage your account, provide the Services, communicate with you, and ensure security.

Communications Data: We collect information contained in communications you send to us, including inquiries, feedback, survey responses, and newsletter sign-ups ("Communications Data"). This includes communication content and metadata. We use this data to respond to your inquiries, improve our Services, and for record-keeping.

B. Information Collected Automatically

Device and Usage Data: When you access our Services, we automatically collect information about your device and usage, including: IP address, device type and identifiers, browser type and version, operating system, referring URLs, pages viewed, time spent on pages, click patterns, and other usage statistics ("Usage Data"). We collect this data through cookies, pixels, and similar technologies as described in Section XI below.

Location Data: We may collect precise or approximate location information based on your IP address or, with your consent, through your device's location services. We use this data to provide location-based features and login and for analytics.

C. Information from Third Parties

We may receive Personal Information about you from third parties, including: business partners, marketing partners, social media platforms (if you interact with our social media presence), publicly available sources, and service providers who assist us in verifying information or preventing fraud.

IV. How We Use Your Personal Information

We use the Personal Information we collect for the following purposes:

• Providing and Improving Services: To create and manage your account; provide, maintain, and improve the Services; process transactions; and respond to your requests and inquiries.
• Communications: To send you service-related communications, updates, security alerts, and administrative messages; and, with your consent, to send you marketing communications.
• Security and Fraud Prevention: To protect the security and integrity of our Services; detect, prevent, and respond to fraud, abuse, or security incidents; and enforce our terms of service.
• Analytics and Personalization: To analyze usage patterns and trends; conduct research and analytics; and personalize your experience with our Services.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests; establish, exercise, or defend legal claims; and protect our rights and the rights of others.
• Business Operations: To conduct internal administration, audits, and business planning; facilitate corporate transactions (such as mergers or acquisitions); and maintain business records.

V. Legal Bases for Processing (EEA/UK/Swiss Users)

If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your Personal Data based on the following legal bases:

• Consent: Where you have provided your consent for specific processing activities (e.g., marketing communications). You may withdraw consent at any time.
• Contractual Necessity: Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject.
• Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include: operating and improving our Services; ensuring security; preventing fraud; and conducting analytics.

VI. How We Share Your Personal Information

We may disclose your Personal Information to the following categories of recipients:

• Affiliates: We may share Personal Information with our subsidiary PointFive US Inc., and affiliates for the purposes described in this Policy.
• Service Providers: We engage third-party service providers to perform functions on our behalf, such as hosting, analytics, payment processing, customer service, and marketing. These providers are contractually obligated to use Personal Information only as necessary to provide services to us and in accordance with this Policy.
• Professional Advisors: We may share Personal Information with our attorneys, accountants, auditors, and insurers as necessary for professional advice, risk management, and legal proceedings.
• Legal and Regulatory: We may disclose Personal Information when required by law, regulation, court order, or governmental request; to protect our legal rights or defend against legal claims; to investigate potential violations of our terms; or to protect the safety of any person.
• Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your Personal Information may be transferred to the acquiring entity. We will provide notice before your Personal Information becomes subject to a different privacy policy.
• With Your Consent: We may share your Personal Information with other parties when you direct us to do so or provide your consent.

VII. International Data Transfers

Your Personal Information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, and/or Israel and other countries where we or our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers from the EEA, UK, or Switzerland, we rely on the following safeguards:

• Adequacy Decisions: Transfers to countries recognized by the European Commission as providing adequate data protection (including Israel).
• Standard Contractual Clauses: For transfers to countries without an adequacy decision, we use the European Commission's Standard Contractual Clauses (SCCs) adopted pursuant to Commission Implementing Decision (EU) 2021/914.
• EU-U.S. Data Privacy Framework: For transfers to the United States, the Company has certified under the EU-U.S. Data Privacy Framework ("DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. For detailed information about our DPF certification, please refer to our separate DPF Privacy Statement.

For transfers from Israel, we comply with the Israeli Privacy Protection Law, 5741-1981 and the Privacy Protection Regulations (Transfer of Data to Databases Abroad), 5761-2001. We transfer Personal Information from Israel only to countries that ensure an adequate level of protection or where we have implemented appropriate safeguards.

Our servers and hosting facilities are located in the United States. By using our Services, you acknowledge that your Personal Information may be transferred internationally as described in this Section.

You may request additional information about our data transfer safeguards by contacting us at [email protected].

VIII. Data Retention

We retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

The retention period for different categories of data depends on:

• The nature and sensitivity of the Personal Information
• The purposes for which we process the data
• Applicable legal, regulatory, and contractual requirements
• Our legitimate business needs (e.g., maintaining records for audits, defending legal claims)

Customer data is stored for as long as the engagement or contract is active, or for the period of time defined in each customer's master services agreement. Customers can submit a data deletion request for all or some of the data stored and processed within the Production environment and used for delivering services.

When Personal Information is no longer needed for the purposes described in this Policy, we will securely delete or anonymize it in accordance with our data retention procedures and applicable law. Notwithstanding the above, we may retain Personal Information where required by law, to resolve disputes, enforce our agreements, or protect our legal rights.

IX. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your Personal Information. This Section describes the rights that may be available to you and how to exercise them.

Rights for All Users

• Access/Review: You may request confirmation of whether we process your Personal Information and, if so, request a copy of that information.
• Correction: You may request that we correct inaccurate or incomplete Personal Information.
• Deletion: You may request that we delete your Personal Information, subject to certain exceptions permitted by applicable law.
• Opt-Out of Marketing: You may opt out of receiving marketing communications from us by following the unsubscribe instructions in our emails or contacting us directly.
• Withdraw Consent: Where we rely on your consent for processing, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before withdrawal.

Additional Rights for EEA/UK/Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may also have the following rights:

• Restriction: You may request that we restrict the processing of your Personal Information in certain circumstances.
• Objection: You may object to processing based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
• Data Portability: Where processing is based on consent or contract and is automated, you may request your Personal Information in a structured, commonly used, machine-readable format.
• Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. We do not currently make decisions based solely on automated processing that produce legal effects concerning you.
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

To exercise any of the rights described above, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond to your request within the timeframe required by applicable law (typically 30–45 days, depending on jurisdiction).

US Residents

For California residents' rights, see the Privacy Notice for California Residents supplement below.

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, or another U.S. state with a comprehensive privacy law, you may have rights similar to those described in the California Residents Privacy Notice below, including the right to access, correct, delete, and port your personal data, and the right to opt out of targeted advertising, profiling, and the sale of personal data. To exercise any of these rights, please contact us at [email protected].

X. Information Security

We implement appropriate technical and organizational measures designed to protect your Personal Information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls limiting data access to authorized personnel
• Regular security assessments and vulnerability testing
• Employee training on data protection and security
• Incident response procedures for security events

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your Personal Information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of any account credentials.

XI. Cookies and Tracking Technologies

Our Website uses cookies, pixels, and similar tracking technologies to collect information about your browsing activities and to distinguish you from other users. This helps us provide you with a better experience, analyze usage, and deliver relevant content.

Types of Cookies We Use

• Essential Cookies: Required for the Website to function properly. These cannot be disabled.
• Performance/Analytics Cookies: Help us understand how visitors interact with our Website by collecting anonymous usage data.
• Functional Cookies: Enable personalized features and remember your preferences.
• Advertising/Targeting Cookies: Used to deliver advertisements relevant to your interests and measure advertising effectiveness.

Managing Cookies: Most web browsers allow you to control cookies through settings. You can typically set your browser to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may affect the functionality of our Website.

For detailed information about the specific cookies we use, please see our Cookie Policy.

XII. Children's Privacy

Our Services are not directed to children under 13 years of age (or 16 in the EEA). We do not knowingly collect Personal Information from children under these ages. If we learn that we have collected Personal Information from a child under the applicable age without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us at [email protected].

XIII. Data Breach Notification

In the event of a data breach affecting your Personal Information, we will notify you and relevant authorities as required by applicable law. For breaches affecting EEA residents, we will notify the relevant supervisory authority within 72 hours where required by GDPR. We will provide affected individuals with information about the breach and steps they can take to protect themselves.

XIV. Email and Marketing Communications

We may send you service-related communications (such as account notifications and transaction confirmations) that are necessary for the operation of our Services. These communications are not marketing, and you cannot opt out of them while using the Services.

With your consent, we may also send you marketing communications about our products, services, and promotions. You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at [email protected]

We comply with the CAN-SPAM Act and will honor opt-out requests within 10 business days. We will not use false or misleading subject lines, will identify messages as advertisements where required, and will include our physical address in commercial emails.

XV. Third-Party Services and Links

Our Website may contain links to third-party websites, applications, or services that are not operated by us. This Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

We may integrate third-party services (such as analytics providers, payment processors, and social media platforms) into our Services. These third parties may collect information directly from you or receive information from us. Their collection and use of information is governed by their own privacy policies.

XVI. EU-U.S. Data Privacy Framework

The Company has certified to the EU-U.S. Data Privacy Framework ("DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. This certification covers Personal Data transferred from the EU, UK, and Switzerland to the United States.

For detailed information about our DPF certification and practices, please refer to our DPF Privacy Statement. Under the DPF, you may invoke binding arbitration for complaints not resolved by other means, and you may file complaints with your local data protection authority.

XVII. Governing Law and Dispute Resolution

This Policy and any disputes arising out of or relating to this Policy or your use of the Services shall be governed by the laws of the State of Israel without regard to conflict of law principles.

Any disputes shall be resolved exclusively in the courts located in Tel Aviv, Israel and you consent to the personal jurisdiction of such courts.

XVIII. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will notify you by:

• Posting the updated Policy on our Website with a new "Last Updated" date
• Sending you an email notification (for material changes)
• Displaying a prominent notice on our Website

Your continued use of the Services after any changes to this Policy constitutes your acceptance of the updated Policy. If you do not agree with the changes, you should discontinue use of the Services.

Where required by applicable law, we will obtain your consent before implementing material changes that affect how we process your Personal Information.

XIX. Contact Us

If you have questions, concerns, or requests regarding this Policy or our privacy practices, please contact us at: