Privacy Policy
Last Updated: July 2026
1. Introduction
SporeSec ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website sporesec.com and use our services.
We comply with Israel's Privacy Protection Law, 5741-1981, including Amendment 13 (in force since August 2025). Our services are directed at customers in Israel and are not directed at residents of the EU or EEA: we have no establishment or representative in the EU and do not knowingly collect personal data of EU residents. Wherever you browse from, we keep collection minimal and honor the Global Privacy Control (GPC) signal.
2. Information We Collect
Information You Provide - Contact Information: Name, email address, phone number when you submit a contact form or subscribe to our mailing list. - Business Information: Company name, website URL, account type (business/personal) when provided. - Communications: Content of messages you send through our contact form. - Free Website Audit tool: The URL you scan is processed through our server-side proxies: Google PageSpeed Insights for performance scores, our own edge scanner for security headers and DNS email records, Google Safe Browsing for malware status, and a passive read of the returned page for obvious exposure signals (for example an exposed key pattern or a CORS misconfiguration). The scan is read-only and is not a penetration test. We do not store the target's page content; only the URL and the computed result summary. If you request the emailed report, we store the scanned URL, the results, your email address, and your separate marketing opt-in choice.
Automatically Collected Information - Log Data: IP address, browser type, pages visited, timestamps. Processed by our hosting provider (Cloudflare) for performance and security. - Cookies: Essential and functional cookies only: language preference, theme, the embedded Cal.com scheduler, and the Cloudflare Turnstile bot check (operated under Cloudflare's Turnstile Privacy Addendum; it evaluates the browser without tracking you across sites). - Analytics: First-party and cookieless by default: aggregate page and event counts, with your IP hashed and never stored. Richer analytics run only if you opt in through the cookie banner (reopen it anytime via "Manage Cookies" in the footer) and include: referrer and UTM campaign tags, a random session id, coarse country (from Cloudflare, never your address), scroll depth, time on section, and interaction signals such as repeated or dead clicks and abandoned forms; Google Analytics 4 loads only under the same opt-in. Advertising attribution (a Meta/Facebook pixel) is wired but inactive, loads only under the separate marketing opt-in, and is disclosed here by name. We honor the Global Privacy Control (GPC) signal, keep everything non-essential off by default, and run no on-site ads or third-party ad tracking. - Client portal (app.sporesec.com): available as a free self-serve account or as a client account when we work together; it stores your account details (name, email, phone, business name and address, language), projects and milestones, documents you receive, contract signatures (signer name, time, a hashed IP, and the document fingerprint, per the Electronic Signature Law), invoices, messages with us, notification preferences, and a security access log (event type, hashed IP, browser). You can export all of it as a file or request deletion from Settings. On deletion we erase your portal data and the CRM contact, and irreversibly anonymize your earlier lead and scan records on the marketing site (identifiers and the scanned address removed; only a de-identified score is kept for aggregate benchmarks); signed contracts and tax records are retained as the law requires.
3. How We Use Your Information
- To respond to your inquiries and provide our services
- To send the audit report you requested (transactional, sent once per request)
- To send security insights, service updates, and marketing communications, only if you opted in; every marketing email includes a working unsubscribe link, as required by Israel's spam law (Communications Law section 30A), the US CAN-SPAM Act, and the Australian Spam Act 2003
- To improve our website performance and user experience
- To comply with legal obligations
4. Data Sharing
We do not sell your personal data. We may share data with: - Cloudflare: Hosting, edge network, bot protection (Turnstile), and secure storage of form submissions (Cloudflare D1, server-side only) - Brevo: Transactional email and contact management - Cal.com: Meeting scheduling when you book a call through the embedded calendar - Google: PageSpeed Insights processes the URL you scan to produce the lab performance results; Google Analytics 4 runs only after you opt in to analytics cookies - Meta: the advertising pixel loads only after a separate marketing opt-in, for campaign attribution
We may create and share aggregated, anonymized statistics that cannot identify you or your business (for example, industry benchmarks and research derived from scan results and site usage). De-identification is irreversible before any such use, per accepted anonymization standards; this is not a sale of personal data, and we still never sell personal data.
5. Your Rights
Under Israel's Privacy Protection Law (as amended by Amendment 13) you have the right to: - Access the personal data we hold about you - Request correction or deletion of your data - Withdraw analytics or advertising consent at any time via "Manage Cookies" in the footer - Withdraw consent for marketing communications at any time (every marketing email also carries an unsubscribe link) - Request data portability - Lodge a complaint with the Israeli Privacy Protection Authority
To make a request, email contact@sporesec.com or use our contact form and select "Privacy / data request". We honor the Global Privacy Control (GPC) browser signal automatically.
6. Data Security
We implement industry-standard security measures including encryption in transit (TLS), secure hosting infrastructure, and strict access controls. Security engineering is one of our services; we hold our own systems to the same standard.
7. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Marketing list subscribers can unsubscribe at any time.
8. Contact Us
For privacy-related inquiries or to exercise your rights: - Email: contact@sporesec.com - Security issues: security@sporesec.com - Location: Tel Aviv, Israel
SporeSec. Tel Aviv, Israel.