Privacy Policy

Last Updated: March 18, 2026

Note: This is an English translation provided for convenience only. In case of any conflict or discrepancy between this English version and the Hebrew version, the Hebrew version shall prevail and be the binding legal document.

Table of Contents

1. Introduction
2. Definitions
3. Data Controller and Contact Information
4. Data the Company Collects
5. Use of Artificial Intelligence and Data Transfer to Third Parties
6. Legal Basis and Purposes of Processing
7. Data Sharing and Sub-Processors
8. International Data Transfers
9. Data Retention Periods
10. Cookies and Tracking Technologies
11. Your Privacy Rights
12. Information Security
13. Children's Privacy
14. Email Communications
15. Changes to this Privacy Policy
16. Complaints and Regulatory Authority
17. Contact the Company

1. Introduction

Shay Asoulin (Sole Proprietorship, License No. 307874974, hereinafter: "the Company", "BizPlanner") operates the website biz-planner.com and mobile applications (collectively: "the Platform"), which provide cloud-based business planning services with an interactive financial simulator and artificial intelligence-powered business assistant ("the Services").

The Company values your privacy and is committed to protecting your personal data. This Privacy Policy explains how the Company collects, uses, stores, shares, and protects your personal information in accordance with:

• Israeli Privacy Protection Law, 1981 and its regulations (including Amendment 13 to the Privacy Protection Regulations regarding Information Security and Data Transfer to Countries Outside Israel)
• General Data Protection Regulation (GDPR) (EU) 2016/679 (for users in the European Union)
• Israeli Database Registration Law
• Israeli Communications Law (spam and marketing communications)
• Relevant consumer protection, accessibility, and electronic commerce laws

This Privacy Policy applies to all users of the Platform, whether registered or unregistered visitors.

By using the Platform, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Services.

2. Definitions

• Personal Data / Personal Information: Any information relating to an identified or identifiable natural person, including but not limited to: name, email address, phone number, business details, financial data, IP address, usage data.
• Sensitive Data: Under Israeli Privacy Law Amendment 13, financial data (business plans, financial forecasts, revenue projections, cost structures) is classified as sensitive information requiring explicit consent for processing.
• User / You: Any person using the Platform, whether registered or a visitor.
• Account: A registered user profile on the Platform, created via email, Google, or Apple authentication.
• Project: A business plan created by a user in the simulator, containing financial forecasts, assumptions, and AI-generated insights.
• AI Services / AI Assistant: Features powered by a third-party AI service that provide business analysis, chat-based recommendations, and automated report generation (see Section 5 for details).
• Processing: Any operation performed on personal data, including collection, storage, use, disclosure, deletion, or transfer.
• Sub-Processor: A third-party service provider that processes personal data on behalf of the Company.

3. Data Controller and Contact Information

Data Controller: Shay Asoulin Sole Proprietorship License No. 307874974 Kaf Tet BeNovember 8, Ashkelon, Israel

Phone: 050-990-6988 Email: support@biz-planner.com Website: https://biz-planner.com Business Hours: Sunday–Thursday, 9:00–17:00 (Israel Time)

For privacy-related inquiries, data access requests, or exercising your rights, please contact the Company at: support@biz-planner.com

4. Data the Company Collects

The Company collects personal data in the following ways:

4.1 Data You Provide Directly

Registration and Account Information:

• Email address (required for all registration methods)
• Full name (collected via Google/Apple OAuth or user input)
• Profile photo (if provided via Google/Apple login)
• Password (if using email/password registration; stored securely encrypted)
• Language preference (Hebrew/English)
• Theme preference (dark/light mode)

Business and Project Data:

• Business name and type (product-based, service-based, SaaS, restaurant/cafe)
• Financial assumptions: initial investment, monthly revenue, cost structures, pricing, employee salaries, inventory costs, fixed and variable expenses
• Financial forecasts: profit/loss projections, cash flow analysis, breakeven analysis (generated by the simulator)
• Scenario data: "what-if" scenario adjustments, version history (Pro feature)
• AI chat messages: Questions, follow-up messages, and AI-generated responses stored per project
• Shared project invitations: Email addresses of people you invite to view your projects (Pro feature)

⚠️ Financial Data as Sensitive Information: Under Israeli Privacy Protection Law Amendment 13, financial data (revenue forecasts, cost structures, business financial plans) is classified as sensitive information. Processing such data requires your explicit informed consent, which is obtained during AI feature usage and Pro upgrade flows.

Payment Information:

• Billing name and email (collected during checkout)
• Payment method details (credit card number, expiration date, CVV) are NOT stored by the Company – they are processed directly by the payment provider via secure redirect
• Transaction history: purchase dates, amounts, product type (Pro Project, AI Chat Bundle, Bank Report, Investor Report, Plus subscription, Consultant subscription)
• Invoices and tax documentation (stored for 7 years per Israeli tax law)

Communications:

• Support tickets and email correspondence
• Feedback and feature requests
• Unsubscribe preferences for marketing emails

4.2 Data Collected Automatically

Usage and Analytics Data:

• Device information: device type, operating system, browser type and version
• IP address and geolocation (country/city level, not precise location)
• Session data: timestamps, pages viewed, features used, time spent on Platform
• Referral source: how you found the website (search engine, direct link, social media)
• User interactions: button clicks, form submissions, error messages encountered

When analytics tools are enabled (with your explicit consent), this data may be used for:

• Understanding user behavior and improving UX
• Identifying technical issues and bugs
• Measuring feature adoption and engagement
• Optimizing performance and load times

Analytics Tools in Use: The Company uses the following analytics services, which are activated only after your explicit consent via the cookie consent banner:

• PostHog (product analytics) — hosted via EU proxy (p.biz-planner.com) for GDPR compliance. Collects anonymized usage events (page views, feature usage). Session replay is disabled.
• Google Analytics 4 (GA4) — collects anonymized traffic data (page views, referral sources, device type). No personally identifiable information is sent to Google.

Both tools are configured to not collect any data until you accept analytics cookies. If you decline or do not interact with the consent banner, no analytics data is collected.

Cookies and Local Storage:

See Section 10 for detailed information about cookies.

4.3 Data from Third Parties

• OAuth authentication providers (Google, Apple): The Company receives your email, name, and profile photo when you sign in via Google/Apple
• Payment processor: Transaction status, payment confirmation, refund events
• Email service provider: Email delivery status for transactional emails

5. Use of Artificial Intelligence and Data Transfer to Third Parties

5.1 AI Service Provider

BizPlanner uses a third-party AI service provider based in the United States to provide AI-powered business assistant features, including:

• Chat-based business advice and recommendations
• Automated financial report generation (bank reports, investor reports)
• Analysis of financial forecasts and identification of risks
• AI-driven project creation based on user prompts

For details about the AI provider, contact support@biz-planner.com.

5.2 What Data is Transferred to the AI Provider?

When you use AI features, the Company sends ONLY the following financial and business data to the AI provider:

• Business type and name
• Financial assumptions: revenue, costs, pricing, employee count
• Monthly financial forecasts: revenue, expenses, profit/loss, cash flow (aggregate numbers only)
• Scenario adjustments: changes made in what-if scenarios
• Chat message history: your questions and AI responses (per-project context)

What the Company Does NOT Send to the AI Provider:

• Your name, email address, or any personally identifiable account information
• IP address, device information, or location data
• Payment information or transaction history
• Data from projects you have not explicitly chosen to use AI features with

5.3 AI Provider's Data Handling

According to the AI provider's commercial terms:

• Commercial API data is NOT used for training: Your business data is not used to train or improve AI models.
• Data retention: The AI provider retains request data for a limited period for abuse monitoring, then permanently deletes it.
• Encryption: All data transferred to the AI provider is encrypted in transit and at rest.

For details about the AI provider's privacy practices, contact support@biz-planner.com.

5.4 Legal Basis for AI Data Processing

Explicit Consent: Before using AI features for the first time, you are presented with a clear consent dialog explaining:

• That your financial data will be sent to a US-based AI service provider
• The purpose of data transfer (AI-powered business analysis)
• That financial data is classified as sensitive information under Israeli law (Amendment 13)
• Your right to refuse consent (AI features will remain disabled)

You can withdraw consent at any time by disabling AI features in your project settings, which will:

• Stop all future data transfers to the AI provider for that project
• Prevent AI chat messages from being sent
• Disable AI report generation

⚠️ Important: Withdrawing consent does not retroactively delete data already sent to the AI provider (which is automatically deleted per the provider's data retention policy).

5.5 Data Security During AI Processing

• Security measures are in place to prevent misuse of AI features and protect user data during processing.
• Usage limits are in place to prevent abuse and excessive data processing.
• No storage of raw AI responses: The Company stores only the final formatted chat messages, not intermediate AI processing data.

5.6 AI Limitations and Disclaimers

The AI assistant is a BUSINESS ASSISTANT, NOT a professional advisor.

• AI-generated content is for informational purposes only and does not constitute professional financial, legal, tax, or investment advice.
• You must consult with licensed professionals (accountants, lawyers, financial advisors) before making business decisions based on AI recommendations.
• AI responses may contain errors, inaccuracies, or outdated information. You are solely responsible for verifying and validating all AI-generated insights.

Full terms of AI usage are detailed in the Terms of Service, Section 7.

6. Legal Basis and Purposes of Processing

The Company processes your personal data based on the following legal grounds:

6.1 Contract Performance (Terms of Service)

• Creating and managing your user account
• Providing access to the simulator and saving your projects
• Processing payments and delivering Pro features
• Providing customer support and responding to inquiries

6.2 Explicit Consent

• AI features: Processing financial data (sensitive information under Amendment 13) via AI service provider (see Section 5)
• Marketing emails: Sending promotional newsletters, product updates, special offers (opt-in only)
• Cookies: Analytics cookies (PostHog, Google Analytics 4) require consent banner acceptance before activation

6.3 Legitimate Interests

• Platform security: Fraud prevention, abuse detection, spam filtering
• Service improvement: Analyzing usage patterns to fix bugs and optimize UX
• Legal compliance: Maintaining audit logs, tax records, and transaction history
• Business operations: Internal analytics, financial reporting, capacity planning

6.4 Legal Obligations

• Tax law: Retaining invoices and payment records for 7 years (Israeli Tax Ordinance)
• Consumer Protection Law: Honoring cancellation requests and refunds
• Privacy Protection Law: Responding to data access requests, breach notifications, data deletion requests

7. Data Sharing and Sub-Processors

The Company does not sell, rent, or trade your personal data to third parties for marketing purposes.

The Company shares data only with trusted sub-processors who provide essential services under strict Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) for GDPR compliance.

7.1 Categories of Service Providers

The Company shares data with trusted service providers in the following categories:

• Cloud hosting and database — Account data, project data, financial forecasts
• Authentication providers — Email, name, profile photo (for login via Google/Apple)
• AI business analysis — Financial data only, no personal identifiers (see Section 5)
• Payment processing — Billing details and transaction data (Israeli provider)
• Email delivery — Email addresses for transactional messages (receipts, invitations)
• Error monitoring — Technical error logs for debugging (no personal data). Session replay is disabled.
• Product analytics — Anonymized usage analytics via EU-proxied service (requires user consent)
• Traffic analytics — Anonymized traffic data via Google Analytics 4 (requires user consent)

Some service providers are located in the United States. All international data transfers are protected by Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) in accordance with GDPR.

For a full list of sub-processors and their privacy policies, see our Data Processing Agreement (DPA) or contact support@biz-planner.com.

7.2 Changes to Service Providers

If the Company adds or changes a service provider that processes sensitive data, the Company will update this Privacy Policy and notify active users via email where the change materially affects data handling.

8. International Data Transfers

BizPlanner is an Israeli company, but some of the Company's sub-processors are located in the United States and other countries outside Israel/EU.

8.1 Transfer Mechanisms

Data transfers to countries without an adequacy decision from the EU Commission are protected by:

1. Standard Contractual Clauses (SCCs): EU-approved contractual terms ensuring GDPR-level protection
2. Supplementary security measures: Encryption in transit and at rest, access controls, pseudonymization where possible
3. Israeli Privacy Law Amendment 13 compliance: Transfers to countries with "adequate protection" or with explicit user consent for sensitive data (financial forecasts sent to AI provider)

8.2 Countries Receiving Your Data

• United States: Cloud hosting, AI services, email delivery, error monitoring (all via SCC)
• Israel: Payment processing (local entity)
• European Union: Potential CDN edge locations

8.3 Your Rights Regarding International Transfers

• You can object to specific data transfers (e.g., opt out of analytics when available, disable AI features to stop AI provider transfers)
• You can request a copy of the Standard Contractual Clauses by contacting support@biz-planner.com
• For sensitive financial data (Amendment 13), the Company obtains explicit consent before transferring to the AI provider (USA)

9. Data Retention Periods

The Company retains personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law.

9.1 Retention Periods by Data Type

9.2 Data Sent to AI Provider

• Retention by AI Provider: Per the AI provider's commercial terms (see Section 5.3), data is retained for a limited period then permanently deleted
• Retention by BizPlanner: The Company stores final AI chat messages (not raw API requests) for a limited period

9.3 Account Deletion Process

When you request account deletion:

1. Grace period (7 days): Account marked for deletion but recoverable if you change your mind
2. Permanent deletion (after 7 days):
   • All projects and business data permanently deleted from active database
   • Email address removed from all marketing lists
   • Account login credentials invalidated
   • Personal data pseudonymized in audit logs (for security and fraud prevention)

Exceptions (data NOT deleted):

• Payment records (retained for 7 years per tax law)
• Aggregated anonymous analytics (no personal identifiers)
• Legal compliance data (e.g., if account involved in fraud investigation)

You can request immediate deletion without a grace period by contacting support@biz-planner.com and explicitly waiving the recovery period.

10. Cookies and Tracking Technologies

The Company uses cookies and similar technologies to provide, secure, and improve the Services.

10.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. They allow websites to remember your preferences, login status, and usage patterns.

10.2 Types of Cookies Used

Essential Cookies (No Consent Required)

These cookies are strictly necessary for the Platform to function and cannot be disabled:

Analytics Cookies (Requires Consent)

The following analytics cookies are used only after you accept analytics via the cookie consent banner:

These cookies:

• Require your explicit consent before activation (opt-in via cookie consent banner)
• Are used only for understanding usage patterns and improving the Platform
• Never include personally identifiable information
• Can be disabled at any time via the cookie consent banner

No Advertising/Third-Party Tracking Cookies

The Company does not use:

• Third-party advertising networks (Google Ads, Facebook Pixel, etc.)
• Cross-site tracking cookies
• Retargeting or behavioral advertising cookies

10.3 Local Storage

The Company uses browser local storage (not cookies) for:

• Simulator state: Temporarily storing unsaved project data before registration
• UI preferences: Sidebar collapse state, chart zoom levels, table sort preferences

Local storage data:

• Remains on your device (never sent to the Company's servers until you explicitly save a project)
• Can be cleared via browser settings (may result in loss of unsaved data)

10.4 Managing Cookie Preferences

You can control cookies via:

1. Browser settings: Most browsers allow you to block/delete cookies (may affect Platform functionality)
2. Do Not Track (DNT): The Company currently does not respond to DNT signals (no industry standard implementation)

You can manage your analytics cookie preferences at any time via the cookie consent banner on the Platform.

11. Your Privacy Rights

Under Israeli Privacy Protection Law and GDPR (if you are in the EU), you have the following rights:

11.1 Right to Access (Data Portability)

• Request a copy of all personal data the Company holds about you in a structured, machine-readable format (JSON/CSV)
• Includes: account details, project data, AI chat history, payment records

How to request: Email support@biz-planner.com with "Data Access Request" in subject line Response time: Within 30 days (may extend to 60 days for complex requests)

11.2 Right to Rectification (Correction)

• Correct inaccurate or incomplete personal data
• Update your email, name, or business details via Settings → Profile
• For data you cannot edit yourself, email support@biz-planner.com

11.3 Right to Erasure (Deletion / "Right to be Forgotten")

• Request permanent deletion of your account and all associated data
• Grace period: 7 days (account recoverable during this time)
• Exceptions: Payment records retained for 7 years (tax law requirement)

How to request: Email support@biz-planner.com with the subject "Delete My Account"

11.4 Right to Restrict Processing

• Limit how the Company uses your data (e.g., storage-only, no active processing) in specific cases:
  • You contest the accuracy of data (while the Company verifies)
  • Processing is unlawful but you prefer restriction over deletion
  • You need data for legal claims but the Company no longer needs it

How to request: Email support@biz-planner.com with details

11.5 Right to Object

• Object to AI data processing: Disable AI features in project settings (stops data transfer to the AI provider)
• Object to marketing emails: Click "Unsubscribe" in any email or update preferences in Settings
• Object to analytics: Decline or revoke analytics cookies via the cookie consent banner to stop PostHog and Google Analytics data collection

11.6 Right to Withdraw Consent

For processing based on consent (AI features, marketing, cookies):

• Withdraw at any time without affecting lawfulness of prior processing
• How: Disable AI features (Settings), unsubscribe from emails, reject cookies in consent banner

11.7 Right to Data Portability

• Receive your data in a portable format (JSON, CSV, PDF)
• Transfer data directly to another service (if technically feasible)
• Includes: project exports, AI chat history, financial forecasts

How to request: Use built-in AI Export feature (Pro users) or email support@biz-planner.com

11.8 Right to Lodge a Complaint

If you believe the Company has violated your privacy rights, you can file a complaint with:

Israel: Registrar of Databases (רשם מאגרי מידע) Israeli Ministry of Justice, Privacy Protection Authority Email: privacy@justice.gov.il Phone: +972-2-646-6666 Website: https://www.gov.il/he/Departments/the_privacy_protection_authority

European Union (GDPR): Your local Data Protection Authority (DPA) List of EU DPAs: https://edpb.europa.eu/about-edpb/board/members_en

Response to Rights Requests:

• The Company responds to all valid requests within 30 days (may extend to 60 days with notice)
• Free of charge for the first request per year; the Company may charge an administrative fee for repetitive/excessive requests
• The Company may require identity verification (e.g., email confirmation, account login) before processing requests

12. Information Security

The Company implements industry-standard technical and organizational measures to protect your personal data:

12.1 Security Measures

The Company implements industry-standard technical and organizational measures to protect your personal data, including:

• Encryption in transit (HTTPS) and at rest
• Secure authentication with support for OAuth providers (Google, Apple)
• Role-based access controls ensuring users can only access their own data
• Regular automated backups for disaster recovery
• Security monitoring and automated alerts for suspicious activity
• Periodic security assessments and vendor compliance reviews

The Company does not store credit card information — all payment processing is handled by a licensed payment provider.

12.3 Data Breach Response Plan

In the event of a data breach that poses a risk to your rights and freedoms:

1. Regulatory notification: Report to Israeli Privacy Protection Authority within 72 hours of becoming aware of the breach (as required by law)
2. User notification: Notify affected users if the breach involves sensitive data (financial data, credentials)
3. Mitigation: Immediate action to contain the breach and prevent further unauthorized access

12.4 Your Security Responsibilities

To protect your account:

• Use a strong, unique password (minimum 8 characters, mix of letters/numbers/symbols)
• Enable two-factor authentication (2FA) (planned feature, not yet available)
• Do not share your password or session tokens with others
• Log out from shared devices after use
• Report suspicious activity immediately to support@biz-planner.com

13. Children's Privacy

BizPlanner is not intended for users under the age of 18.

• The Company does not knowingly collect personal data from children under 18
• The Terms of Service require users to confirm they are 18 or older
• If the Company discovers that a user is under 18, the account and data will be immediately deleted

If you are a parent or guardian and believe your child has created an account, please contact the Company immediately at support@biz-planner.com and the account will be deleted.

14. Email Communications

14.1 Transactional Emails (No Consent Required)

The Company sends transactional emails necessary for the operation of the Services, including:

• Purchase confirmations and invoices
• Project sharing invitations
• Password reset requests
• Important account or service updates
• Security alerts

These emails are essential for providing the Services and are exempt from anti-spam laws.

14.2 Marketing Emails (Consent Required)

Marketing emails (promotions, product updates, newsletters, tips) are sent only to users who have given explicit consent (opt-in) during registration or in account settings.

By consenting, you agree to receive promotional communications in accordance with Amendment 40 to the Israeli Communications Law (Anti-Spam Law) and the CAN-SPAM Act (USA).

14.3 Right to Unsubscribe

You may unsubscribe from marketing emails at any time by:

• Clicking "Unsubscribe" at the bottom of any marketing email
• Updating your preferences in account settings
• Contacting the Company at support@biz-planner.com

The Company will process unsubscribe requests within 10 business days (per CAN-SPAM Act).

14.4 Compliance with Anti-Spam Laws

Every marketing email includes:

• Clear identification of the sender
• Physical business address (per CAN-SPAM requirements)
• Clear and functional unsubscribe mechanism
• Non-deceptive subject line

15. Changes to this Privacy Policy

The Company may update this Privacy Policy from time to time to reflect:

• Changes in the Services or business practices
• New legal or regulatory requirements
• Improvements to data security or privacy protections

How the Company notifies you of changes:

• Material changes (e.g., new sub-processors, changes to data retention, new data uses):

  • Updated "Last Updated" date at the top of this policy
  • Email notification to all active users at least 30 days before changes take effect
  • In-app notification on next login
  • Consent re-confirmation if required by law (e.g., for new sensitive data processing)

• Minor changes (clarifications, typo fixes, formatting):

  • Updated "Last Updated" date
  • No individual notification (encouraged to review periodically)

Continued use of the Platform after changes take effect constitutes acceptance of the updated Privacy Policy.

Version history: Previous versions are archived and available upon request at support@biz-planner.com

16. Complaints and Regulatory Authority

15.1 Internal Complaint Process

If you have concerns about how the Company handles your personal data:

1. Contact the Company first: Email support@biz-planner.com with detailed description
2. Response time: 7 business days (acknowledgment) + 30 days (full resolution)
3. Escalation: If not satisfied, request escalation to company management

15.2 Regulatory Complaints

You have the right to lodge a complaint with supervisory authorities:

Israel:

Registrar of Databases (רשם מאגרי מידע) Privacy Protection Authority Israeli Ministry of Justice Address: 29 Salah ad-Din Street, Jerusalem 9195016 Email: privacy@justice.gov.il Phone: 02-646-6666 Website: https://www.gov.il/he/Departments/the_privacy_protection_authority Online Complaint Form: https://www.gov.il/he/service/lodge_a_complaint_to_the_databases_registrar

European Union (for EU residents):

Your local Data Protection Authority (DPA) Find your DPA: https://edpb.europa.eu/about-edpb/board/members_en

Example DPAs:

• Germany: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI)
• France: Commission Nationale de l'Informatique et des Libertés (CNIL)
• Ireland: Data Protection Commission (DPC) — jurisdiction for many US tech companies

You may lodge a complaint in:

• Your country of residence
• Your place of work
• The place where the alleged infringement occurred

17. Contact the Company

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: support@biz-planner.com Website: https://biz-planner.com

Recommended subject lines:

• Privacy inquiries: "Privacy Inquiry"
• Data access/deletion requests: "Data Request — [Access/Deletion/Correction]"
• Security concerns: "Security Issue"

Mailing Address: BizPlanner — Shay Asoulin Kaf Tet BeNovember 8, Ashkelon, Israel

Response Time:

• Data access/deletion requests: Within 30 days as required by law (may extend to 60 days for complex requests with notice)
• General inquiries: The Company aims to respond promptly

Thank you for trusting BizPlanner with your business data. The Company is committed to protecting your privacy and maintaining the highest standards of data security.

This Privacy Policy is effective as of March 18, 2026 and applies to all users of BizPlanner.

For the Hebrew version of this Privacy Policy (which takes precedence for Israeli users under Israeli law), see: docs/legal/privacy-he.md