BOTENWhatsApp marketplace · Israel
HEEN
Start on WhatsApp
Privacy Policy · 2025 edition

Privacy Policy.

What information we collect, how we process it, and what rights you have — as a paying subscriber and as an end user — under the Israeli Privacy Protection Law, Amendment 13, and the EU GDPR.

Last updated · October 2025 Version 1.4 ← Back to documents
Who's responsibleBOTEN, the service operator — based in Tel Aviv.
What we collectSubscriber details, end-user details, conversation content, metadata.
Who it's shared withWhatsApp/Meta, Anthropic (Claude), Grow by Meshulam (payments), infrastructure providers.
Your rightsAccess, correct, delete, object, port — within 30 days.

01 · Introduction & scope

This Privacy Policy describes how BOTEN ("we", "the Company", "the service operator") collects, processes, stores, uses and protects personal information. The policy applies to two groups:

  • Customers (subscribers) — business owners and private subscribers who purchase a subscription to BOTEN and run it on their own WhatsApp account.
  • End users — event guests, business customers or anyone who messages a BOTEN subscriber's WhatsApp account.

This policy is aligned with the Israeli Privacy Protection Law, 5741-1981, Amendment 13 (in force as of August 14, 2025), the Privacy Protection (Information Security) Regulations, 5777-2017, and any other applicable Israeli data-protection law. Because the system's primary database is hosted in the European Union (Frankfurt, Germany), we also follow GDPR principles, including data minimisation, purpose limitation and accuracy.

02 · What information we collect

2.1 Information about the customer (business owner / private subscriber)

  • Identifiers: full name, business name (if applicable), WhatsApp phone number, email address.
  • Service details: business sector / event type, approved services, pricing, opening hours, custom messages.
  • Subscription details: plan, signup date, payment history (without credit card details).
  • Usage data: conversation count, settings changes, report views.

2.2 Information about end users

  • Basic identifiers: name and phone number as shown in the user's WhatsApp profile.
  • Conversation content: messages sent and received within the Service.
  • Metadata: date and time of contact, conversation language, conversation length.

2.3 What we do not collect

We do not knowingly collect: credit card details (processed and stored only by Grow by Meshulam), location data, biometric data, genetic information, medical information, or any other particularly sensitive information as defined by Amendment 13.

03 · Why we use this information

  • Delivering the Service: running BOTEN, routing messages, sending conversation summaries and performance reports, managing the subscriber account.
  • Customer communication: notices about service changes, incidents, price updates, invoices, and technical support.
  • Service improvement: analysing aggregate usage patterns (without personal identification) to improve system performance and answer accuracy.
  • Legal compliance: retaining records for reporting obligations, responding to court orders, meeting regulatory duties.
  • Abuse prevention: detecting and preventing fraud, unauthorised use, and breaches of the Terms of Service.

04 · Legal basis for processing

  • Consent — the subscriber gives consent at signup.
  • Contract performance — processing is necessary to deliver the purchased service.
  • Legitimate interest — service improvement, fraud prevention, information security.
  • Legal obligation — compliance with the Privacy Protection Law, Consumer Protection Law, and tax law.

05 · Sharing with third parties

BOTEN does not sell, rent or trade personal information about customers or end users. Information is shared only with the following parties, and only for the purposes listed:

  • WhatsApp / Meta — to operate the Service through the WhatsApp Business API. Meta processes messages under WhatsApp's terms of service and privacy policy.
  • Grow by Meshulam — for payment processing only. Grow handles payment details under PCI DSS standards.
  • Anthropic (Claude AI) — for natural-language processing only. Per Anthropic's API policy, content sent through the API is not used to train models. Details: Anthropic Privacy Policy.
  • Infrastructure providers (hosting, servers) — secure servers hosting service data. All providers are bound by Data Processing Agreements (DPAs).
  • Law-enforcement authorities — only when required by court order, legal obligation, or to protect public safety.

06 · Storage, retention and security

6.1 Retention periods

  • Conversation content: retained for 90 days, for reporting and support. Deleted automatically thereafter.
  • Conversation summaries and aggregate reports: 12 months, after which they are deleted or moved to anonymous archive.
  • Customer details and subscription data: retained for the lifetime of the subscription and up to 36 months afterwards (legal and tax obligations).
  • Payment data: stored exclusively by Grow by Meshulam. BOTEN keeps only accounting records (amount, date, reference).
  • After cancellation: 30 days of full access, archive up to 36 months, then final deletion.

6.2 Information security

  • Encryption in transit (TLS 1.2+) and at rest.
  • Role-based access controls (RBAC).
  • Audit logs for access to data.
  • Regular backups and disaster recovery plan.
  • Periodic security testing.

07 · Your rights as a data subject

Under the Israeli Privacy Protection Law and Amendment 13, every individual (subscriber or end user) has the following rights:

  • Right of access — to request and receive a copy of the personal information we hold about you. We respond within 30 days.
  • Right of rectification — to ask us to correct inaccurate, incomplete or outdated information.
  • Right of erasure — to request deletion of personal information, subject to legal limits (tax retention, court orders).
  • Right to object — to object to processing for specific purposes.
  • Right to portability — to receive the data in a structured, machine-readable format.

To exercise these rights, see the contact details in section 11.

08 · Cookies and tracking

BOTEN runs primarily through WhatsApp and does not use cookies. Web report pages (links sent over WhatsApp) may use only essential session cookies for the page to function, with no advertising or analytics tracking.

09 · International data transfers

Some of our infrastructure providers (Anthropic, cloud providers) may process data in jurisdictions that either have an adequate level of protection or where we have appropriate contractual safeguards in place. The primary database is hosted on Supabase servers in the European Union (Frankfurt, Germany), under GDPR. Anthropic (Claude AI) services run in the United States and are covered by a Data Processing Agreement (DPA) including Standard Contractual Clauses (SCCs).

10 · Minors

The Service is intended only for adults (18+). We do not knowingly collect personal information about minors. If we become aware that such information has been collected, it is deleted immediately. A parent or guardian may contact us if they believe their child has provided information.

11 · Contact and exercise of rights

  • Service operator: Omer Levy
  • Email: info@boten.biz
  • Operational WhatsApp: +972 53-717-2151
  • Data Protection Officer (DPO): Omer Levy, info@boten.biz
  • Response time: up to 30 business days (or sooner, as required by law).
Note The original canonical document lists a second WhatsApp number. The current operational contact details — to be used today — are the number listed above. The next legal revision will consolidate these.

12 · Updates to this policy

BOTEN may update this policy from time to time. Material changes will be announced with 30 days' prior notice via WhatsApp and/or email. The updated version will carry the new last-updated date.