Privacy Policy

Last updated: 24 May 2026

This Privacy Policy explains how Hekesh ("we", "us") processes personal data collected via this website. We aim to comply with the EU General Data Protection Regulation (GDPR) and the Israeli Privacy Protection Law.

1. Controller

Hekesh is operated by Raanan Nevet. For any questions about this policy or about how we handle your personal data, please use the contact form on our homepage.

2. Data we collect

When you use the contact form or the CRA Readiness Report request form, we collect:

• Identification & contact data — name, email address, and (optionally) phone number.
• Message content — anything you write in the message field.
• Technical data — your IP address and basic request metadata, processed by our anti-bot mechanism (Cloudflare Turnstile) to distinguish humans from automated submissions. No tracking cookies are set.

3. Purposes and legal basis

• Responding to your inquiry — legal basis: Art. 6(1)(b) GDPR (steps prior to entering into a contract) and/or Art. 6(1)(f) GDPR (our legitimate interest in answering business enquiries).
• Preventing spam and abuse — legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security and integrity of our website).

4. Processors and recipients

We use the following providers to operate this website and receive form submissions. They process personal data on our behalf:

• Cloudflare, Inc. — website hosting (Cloudflare Workers) and bot protection (Cloudflare Turnstile). See Cloudflare's Privacy Policy.
• Resend (Drest Inc.) — transactional email delivery used to forward your form submission to our inbox. See Resend's Privacy Policy.
• Google LLC (Gmail) — once delivered, your message is received and stored in a Gmail mailbox operated by Google. See Google's Privacy Policy.
• Yahoo Inc. (Yahoo Mail) — your message is also forwarded to a Yahoo Mail mailbox where it is stored and processed by Yahoo. See Yahoo's Privacy Policy.

Some of these providers are based outside the EU/EEA. Transfers are protected by the EU Standard Contractual Clauses and additional safeguards where required.

5. Retention

Form submissions delivered to our inbox are kept for as long as needed to handle your request and for follow-up correspondence, and in any case no longer than 24 months after our last interaction, unless a longer period is required by law.

6. Your rights

Under the GDPR you have the right to:

• access the personal data we hold about you;
• request correction or deletion of your data;
• request restriction of processing or object to processing;
• data portability;
• withdraw consent at any time (where processing is based on consent);
• lodge a complaint with a supervisory authority — for users in Germany, this is the data protection authority of the federal state where you reside.

To exercise any of these rights, please use the contact form on our homepage. Mention "data protection request" in your message so we can route it appropriately.

7. Security

Submissions are transmitted over HTTPS. We use Cloudflare's infrastructure and apply standard organisational and technical measures to protect personal data against unauthorised access, alteration, or disclosure.

8. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest revision.