Skip to content
Legal

Privacy Policy

Last updated: May 24, 2026

Mslahtk ("we", "us", "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data.

1. Information We Collect

We collect the minimum amount of information needed to deliver our services and operate our business. The categories of information are:

  • Contact information you provide voluntarily — name, phone number, email address, business name, business location.
  • Order information — the service you subscribed to, billing dates, subscription status.
  • Payment information — processed by our third-party payment provider. We do not store, log, or have access to your full credit card details on our servers.
  • Technical information — IP address, browser type, device type, pages visited, basic analytics data, collected through standard server logs and cookies.
  • Communications — messages you send us via WhatsApp, email, phone, or contact forms.

2. Mandatory vs. Optional Information

Israeli Privacy Protection Law (Amendment 13) requires us to clearly state which information is mandatory to provide and which is optional.

  • Required (you cannot use our service without it): email address, phone number, payment information, and basic billing details. These are needed to deliver the service and meet Israeli tax/accounting law.
  • Optional (improves the service but not required): business profile details, communication language preference, marketing consent, and additional contact channels.
  • You may decline to provide optional information without affecting your ability to use the core service.

3. How We Collect Your Information

We collect information through the following methods:

  • Directly from you — when you contact us via WhatsApp, phone, email, or signup forms.
  • Automatically — through a few essential cookies (your language preference and your cookie choice) and standard server logs (IP address, browser type, page visits) used for security and basic analytics.
  • From our payment processor — transaction confirmations and billing status from Stripe or similar PCI DSS-compliant providers.
  • We do NOT collect data from social media, data brokers, or third-party advertising networks.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the services you subscribed to.
  • To process payments through our payment provider.
  • To send service-related notifications, billing confirmations, and important account updates.
  • To respond to your questions and provide customer support.
  • To comply with legal obligations under Israeli law (including tax and accounting requirements).
  • To prevent fraud and abuse of our services.

5. Sharing Your Information

We do not sell, rent, or trade your personal information. We share information only with the following third parties, and only to the extent necessary:

  • Payment processors — to process subscription payments securely. Your card data is handled directly by the processor under PCI DSS standards.
  • Hosting and infrastructure providers — to operate the websites and systems we build.
  • Communication tools — such as email and WhatsApp Business, to communicate with you.
  • Third-party AI infrastructure providers — that process inbound message content at inference time to generate automated replies, take bookings, and capture leads on behalf of our customer. They act as sub-processors under a data-processing agreement and use the content solely to provide the service, not for their own purposes.
  • Authorities — when required by law, court order, or to protect our legal rights.

6. Data Received from Meta Platforms (WhatsApp Business Platform)

When a customer connects a WhatsApp Business Account ("WABA") to Mslahtk through Meta's Embedded Signup, we receive data from Meta Platforms, Inc. ("Platform Data") in order to operate the messaging service on behalf of our customer. For Platform Data, our customer is the data controller and Mslahtk acts as a data processor on their behalf.

Platform Data we receive includes:

  • WABA identifier, business display name, business profile information, and verification status.
  • Phone number identifier, display phone number, and phone-number quality rating.
  • Incoming and outgoing message content (text, media, templates, interactive messages) exchanged between our customer and their end users.
  • Message metadata: timestamps, delivery status (sent / delivered / read / failed), and conversation identifiers.
  • End-user identifiers limited to the phone number and the display name the end user has set on their WhatsApp profile.
  • We use Platform Data strictly to: (a) display conversations to our customer inside their Mslahtk dashboard so they can reply to their own end users, (b) send reminders, confirmations, and follow-ups that the customer has pre-configured, (c) provide the customer with delivery and engagement reporting on the messages they sent, and (d) automatically process the content of inbound messages using AI to draft replies, take bookings, and capture leads on the customer's behalf, according to the customer's configuration.
  • What we do NOT do with Platform Data: we do not sell it; we do not use it for advertising or to build advertising profiles; we do not use it to train machine-learning or generative AI models; and we do not share it across customers — each customer's Platform Data is logically isolated and accessible only to authorized users of that customer.
  • End users who messaged a business that uses Mslahtk can request deletion of their data by following our Data Deletion Instructions (linked in the footer of this page) or by contacting the business they messaged directly.

7. Cookies & Analytics

Our website uses a few essential cookies (your language preference and your cookie choice). We do not use tracking, advertising, or third-party analytics cookies. Standard server logs are used for security and basic site performance monitoring only. Our site footer includes an embedded Google Map; when a page footer loads, your IP address is sent to Google to display the map.

8. Data Security

We use reasonable technical and organizational measures to protect your information, including encryption in transit (HTTPS), secure hosting, access controls, two-factor authentication on admin accounts, and limited data retention. No system is 100% secure, but we work to protect your data and notify the Israeli Privacy Protection Authority and affected users in the event of a material security incident as required by Amendment 13 of the Privacy Protection Law.

9. Your Rights

Under Israel's Privacy Protection Law (5741-1981) as amended by Amendment 13 (effective August 2025), you have the following rights:

  • Right of access — request a copy of the personal information we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete information.
  • Right to deletion — request deletion of your information, subject to legal retention obligations (e.g., tax records).
  • Right to data portability — receive your data in a structured, machine-readable format (CSV or JSON), provided within 30 days of request.
  • Right to object — object to processing of your data for direct marketing purposes.
  • Right to withdraw consent — withdraw consent for any optional data processing at any time.
  • Right to lodge a complaint — file a complaint with the Israeli Privacy Protection Authority (PPA) at https://www.gov.il/en/departments/the_privacy_protection_authority

10. Data Retention Periods

In compliance with Amendment 13, we retain your data only for as long as necessary, with the following specific periods:

  • Account information: for the duration of your active subscription, plus 7 years after termination (Israeli tax law requirement).
  • Billing and tax records: 7 years (Israeli Income Tax Ordinance requirement).
  • WhatsApp Business Platform message content (Platform Data): up to 180 days from receipt, unless the customer has configured a different retention period in their account settings or a longer period is required by law.
  • WhatsApp Business Platform message metadata and delivery logs: up to 24 months for troubleshooting, billing, and abuse prevention.
  • Email and direct (non-WhatsApp) communications with our team: 3 years from the last interaction.
  • Server logs (IP, browser data): 12 months.
  • Marketing preferences and consent records: until you unsubscribe, plus 1 year for compliance auditing.
  • Language preference cookie: 1 year (or cleared when you decline cookies).
  • When a customer closes their Mslahtk account, Platform Data is deleted or anonymized within 90 days, except where retention is required by law. After all applicable periods, data is permanently deleted or fully anonymized.

11. Marketing Communications

We do not send marketing communications without your explicit, prior opt-in consent, in compliance with Section 30A of Israel's Communications Law (Anti-Spam Law).

  • By default, you only receive transactional emails: invoices, account updates, support replies, and required legal notices.
  • If you opt in to marketing, every promotional message will identify itself as marketing, include our business name and registration number (514184886), and contain a one-click unsubscribe link.
  • Unsubscribe requests are honored within 3 business days.
  • We respect Israel's national "Do Not Call Me" registry. To unsubscribe at any time, email [email protected].

12. Children's Privacy

Our services are intended for businesses and adult users (18+). We do not knowingly collect personal information from children under 16. If you become aware that a child under 16 has provided us with personal information without parental consent, please contact us at [email protected] and we will delete it immediately.

13. International Data Transfers

Some of our service providers (such as hosting and payment processors) may store data on servers located outside Israel, including in the European Union and the United States. We only work with providers that meet adequate data protection standards. The European Union has recognized Israel as providing adequate data protection, allowing free data flow between Israel and the EU. Where automated AI processing is used to generate replies on a customer's behalf, inbound message content may be transferred to third-party AI infrastructure providers for processing at inference time, under a data-processing agreement and appropriate safeguards.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be communicated to active customers by email at least 30 days before they take effect.

Questions about this Privacy Policy or your data? Contact us at [email protected] or through our contact page.