الوثائق القانونية متاحة باللغة الإنجليزية فقط. النص الإنجليزي هو النسخة المعتمدة.
chaimagal / Website Privacy

Website Privacy

Updated · 25 April 2026

This policy covers the chaimagal.com website. Each of our apps — Bambino, Mr. Anxiety, Spring, and Super — has its own privacy policy describing what that app collects in addition to or instead of what is described here.

Who we are

The data controller is Chai Magal, registered as a sole proprietor in Israel, at Shani 4, Modiin, Israel — referred to in this policy as "chaimagal," "we," or "us." For privacy questions, write to support@chaimagal.com.

What we may collect

We may collect the categories of personal data listed below. Whether a category actually applies depends on which features are live and how you use the website; this list reserves what the policy permits, not what is necessarily collected today.

  • Server access data — IP address, user agent, referring URL, request path, timestamps, and similar log fields.
  • Device and browser data — operating system, browser, screen size, language, time zone, performance metrics.
  • Account data, if you create an account — email, display name, password hash, authentication tokens, account preferences.
  • Communications data — content of messages you send to us by email, contact form, or social channel.
  • Usage data — pages viewed, links clicked, session duration, feature interactions, product feedback.
  • Marketing-list data — email if you sign up to a newsletter, opt-in source, engagement (opens, clicks).
  • Cookie and tracking data — see "Cookies" below.
  • Inferred data — interests, segments, propensities derived from any of the above.

Why we use it

We may process personal data for any of the following purposes:

  • Operating the website, delivering content you request, securing access.
  • Detecting and preventing abuse, fraud, scraping, and security incidents.
  • Maintaining records required by law, including tax, accounting, and regulator response.
  • Communicating with you about products, support requests, releases, and changes.
  • Marketing and promotional communications, where you opt in or where we have a legitimate interest balanced against your rights.
  • Personalizing content and recommendations.
  • Measuring website performance, A/B testing, analytics, and user research.
  • Building, training, fine-tuning, evaluating, and improving artificial-intelligence and machine-learning models — both our own and those of providers we engage — including via human review of representative samples (see "AI and machine learning").
  • Serving, measuring, and personalizing advertising and marketing across our properties and third-party networks.
  • Sharing with affiliates, present or future, for any of the above purposes.
  • Sharing with successors, acquirers, investors, and their advisors in connection with mergers, acquisitions, financing, due diligence, asset sales, restructurings, or insolvency.
  • Generating de-identified, aggregated, or anonymized data, which we may use, disclose, license, or sell for any purpose without further restriction.
  • Any other purpose disclosed at the point of collection or to which you consent.

Under GDPR our legal bases include performance of a contract, compliance with a legal obligation, your consent (which you may withdraw at any time without affecting processing already done), and our legitimate interests in operating, improving, marketing, and protecting our products. Our legitimate-interest balancing records are available on request.

Who we may share with

We may disclose personal data, in the categories above, to:

  • Cloud, hosting, content-delivery, storage, backup, email, customer-support, and similar infrastructure providers.
  • Analytics, error-reporting, observability, and product-research providers.
  • Artificial-intelligence and machine-learning model providers, prompt-evaluation services, and human-review contractors.
  • Payment processors and tax-compliance providers, when transactions occur.
  • Advertising networks, ad-measurement, attribution, retargeting, and marketing-automation providers — including for cross-context behavioral advertising.
  • Marketing-list providers, customer-data platforms, and email-delivery services.
  • Professional advisors — lawyers, accountants, auditors, insurers, consultants.
  • Authorities, regulators, courts, and law-enforcement, where we are legally compelled or where, in good faith, we believe disclosure is necessary to comply with legal process or to protect rights, property, or safety.
  • Affiliates, present or future, and successors in mergers, acquisitions, financing, asset sales, restructurings, or insolvency proceedings.
  • Other recipients to whom you direct us to share or to whom you consent.

A list of categories of recipients, and where reasonably possible the names of specific providers, is available on request from support@chaimagal.com.

AI and machine learning

We may use the personal data and content you provide to train, fine-tune, evaluate, and improve artificial-intelligence and machine-learning models that we develop or that third-party providers develop. This may include human review of representative samples by our personnel or contractors, subject to confidentiality obligations and access controls. We may also engage AI providers to process your data on our behalf as part of features we offer; the providers we use change over time.

Advertising and marketing

We may use your personal data to send marketing communications and to serve, measure, and personalize advertising — both on our own properties and through advertising and marketing partners, including for cross-context behavioral advertising as defined under California privacy law. You can unsubscribe from email marketing at any time using the link in each marketing email. California, Virginia, Colorado, Connecticut, Texas, and several other US-state residents can opt out of "sale" or "sharing" — see "California rights" below.

International transfers

We are based in Israel. The European Commission has recognized Israel as providing an adequate level of data protection for transfers from the EU/EEA. Where we use providers based in other countries (including the United States), we rely on the European Commission's 2021 Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent legal mechanisms to safeguard those transfers.

How long we keep it

We keep personal data for as long as we have a legitimate purpose. Server logs are typically deleted within 30 days unless retained for security investigations. Account data is kept for as long as the account exists, plus a reasonable period for records, taxation, and defense of legal claims (typically up to seven years from last activity). Marketing-list data is kept until you unsubscribe, plus a suppression record so we don't accidentally re-contact you. We may keep de-identified or aggregated data indefinitely.

Your rights

Subject to applicable law, you have the right to access, rectify, delete, port, restrict, and object to processing of your personal data; to withdraw consent (without affecting processing already done); and to lodge a complaint with a supervisory authority. To exercise these rights, write to support@chaimagal.com from the email associated with your account, or otherwise verifiably. We will respond within the periods required by your applicable law (typically 30 days under GDPR; 45 days under CCPA, extendable once).

California rights

California residents have additional rights under CCPA/CPRA: the right to know what we collect and how we use it; the right to delete; the right to correct; the right to opt out of "sale" or "sharing" of personal information; the right to limit use of sensitive personal information; and the right to non-discrimination for exercising these rights. We honor Global Privacy Control (GPC) signals as opt-out requests for sale and sharing. To opt out by email, write to support@chaimagal.com with the subject "Do Not Sell or Share." Authorized agents may submit requests on your behalf with verifiable written authority.

Cookies

See our Cookie Policy for details on cookies and similar technologies.

Minors

Our services are intended for users 13 and older. Where the age of digital consent in your jurisdiction is higher (e.g. 16 in Germany, Ireland, the Netherlands, Poland, and several other EU member states), users below that age need parental consent. In California, users between 13 and 15 must opt in to "sale" or "sharing" of their personal information rather than opt out. We do not knowingly collect personal data from children under 13. If you believe we have done so, contact us and we will delete it.

What we will not do

We will not:

  • Sell raw, identifiable personal data to data brokers (we may sell de-identified or aggregated data).
  • Share personal data with insurers, employers, or law enforcement absent valid legal process or your consent.
  • Use personal data for political-advertising targeting.

Changes

We may update this policy from time to time. The "Updated" date at the top reflects the latest revision. For material changes we will provide notice — by banner, email, or in-app message — as appropriate. Continued use after the effective date of a change constitutes acceptance of the revised policy.

Contact

Chai Magal · Shani 4, Modiin, Israel · support@chaimagal.com

Website Privacy — chaimagal