Backעברית

Privacy Policy

Updated: 30 May 2026 · Privacy Protection Law, Amendment 13 · https://pushconsole.com

This document is intended to help you understand our privacy practices. It does not constitute legal advice. For specific compliance decisions, consult a qualified privacy attorney.

1. Introduction and legal framework

PushConsole ("we", "the operator") operates PushConsole — a B2B SaaS service for national sentiment monitoring and operational marketing recommendations.

Platform URL: https://pushconsole.com

This policy is drafted in accordance with the Israeli Privacy Protection Law, 1981, including Amendment 13 (effective 14 August 2025), and the Security Regulations (2017).

The service is intended for business use; the organization (customer) is typically the data controller for its employees' information, and we act as a processor on its behalf.

2. Operator details and contact

  • Service name: PushConsole
  • Contact / privacy officer: Lior Barak
  • Privacy email: privacy@pushconsole.com
  • Support email: support@pushconsole.com
  • Phone (accessibility and general inquiries): 054-5242228

3. Information we collect

  • User details: name (if provided), email, password (hash only), organizational role (Membership / RBAC).
  • Configuration and operational data: Workspaces (countries), queries, alert thresholds, ScanRuns, AI reports, API key (hash).
  • Communication data: email recipient lists for operational alerts.
  • Technical information: IP, session, server logs — for authentication, security, and incident investigation.
  • Public news content (Serper, GDELT): headlines and snippets for AI analysis — not personal information about users.

4. Purposes of processing

Alert emails are not "advertising material" under Israel's Communications Law (Bezeq and Broadcasting) — the "Spam Law". You can manage recipients and remove yourself under Settings → My alert subscriptions.

We do not sell personal information for advertising and are not "information traders".

  • Providing the service, authenticating users, and preventing unauthorized access.
  • Managing RBAC and credit billing.
  • Sending email alerts (SES) when an event threshold is met — an integral part of the operational service.
  • Information security, backups, service improvement, and support.

5. Sub-processors and third parties

To provide the service, we share necessary information with sub-processors under strict agreements:

  • Hetzner Online GmbH (Germany (European Union)) — server hosting, Postgres, Redis.
  • Amazon Web Services (SES) — operational email and alerts.
  • OpenRouter / Google Gemini — AI analysis; only public signals are sent, not users' personal information.
  • Serper — search and news.
  • GDELT Project — news source (optional, per configuration).

6. Cross-border transfers

Data is stored in the European Union (Hetzner). AI and search services may process data outside Israel (typically the US), subject to processing agreements and statutory exceptions.

Israel is recognized by the European Union as a country with adequate protection.

7. Data retention

  • Personal information and organization settings — for as long as the organization account is active.
  • Account deletion (self-service): user details are deleted; if the User becomes orphaned — fully removed from the DB.
  • Organization deletion (OWNER): full cascade — Workspaces, reports, API keys — permanently deleted from the system.
  • Security logs: limited period (up to ~12 months) unless retention is required for investigation.

8. Information security and cyber defense

  • Password hashing, HTTPS, RBAC, API key hashing, firewalls, and environment separation.
  • Backups, monitoring, security updates.
  • Internal incident response plan (breach plan).

9. Security incidents (breach)

B2B customers: in the event of an incident affecting organization data — we will notify the agreed contact point.

  • Report to the Privacy Protection Authority: within 72 hours of discovery, where required.
  • Notice to data subjects: without undue delay when high risk exists — in clear language.
  • Documentation of all incidents, including below reporting thresholds.

10. Database registration and authority notification

Under Amendment 13, registration applies mainly to public bodies and "information traders" (10,000+ subjects + primary purpose of disclosure to third parties).

PushConsole does not define itself as an information trader. Responsibility for registration/notification regarding data processed by the organization rests with the organization, with legal counsel.

11. User rights — access, portability, and deletion

Under applicable law: right of access (Sec. 13), correction (Sec. 14), opt-out from direct marketing (Sec. 17v), withdrawal of consent (Amendment 13, Sec. 8g) where processing is consent-based.

Self-service under Settings → Privacy and personal data:

  • Access and portability: JSON export of all personal information and history.
  • Deletion: account deletion; OWNER — full organization deletion.
  • Additional requests: privacy@pushconsole.com (Lior Barak). Response within 30 days, subject to identity verification.

12. Cookies and local storage

If analytics is added — an explicit opt-in consent mechanism will be displayed in accordance with Amendment 13.

  • No cookies for marketing, advertising, or third-party analytics — therefore no cookie banner.
  • Essential cookies/storage only: Session (NextAuth JWT), theme, accessibility preferences — localStorage on device.

13. Automated decision-making and AI

Sentiment reports are generated by AI (Gemini/OpenRouter) — marketing insights, not binding legal or financial decisions.

The organization is responsible for prudent use; human review is recommended before sensitive campaigns.

14. Minors

The service is not intended for minors. If we become aware of such information — we will act to delete it.

15. Policy changes

We will update this policy from time to time. The "Updated" date at the top reflects the latest version. Material changes — notice to OWNER (email / in-app).