Legal
Privacy Policy
How we collect, use, and protect your information when you visit shani.digital, subscribe to our newsletter, or book a call.
Effective: April 17, 2026 · Last updated: April 17, 2026
Contents
1. Who we are
This Privacy Policy describes how Shani Wolf (trading as shani.digital and hireyourcmo.ai) ("we," "us," "our") collects, uses, and shares information when you visit our websites shani.digital and hireyourcmo.ai, subscribe to our newsletter, download resources, book a call, or otherwise interact with us.
Contact for privacy matters:
Email: shani@shani.marketing
Location: Israel
We are the data controller of your personal data under the EU General Data Protection Regulation (GDPR) and Israel's Privacy Protection Law, 5741-1981 (as amended).
2. Information we collect
2.1 Information you give us directly
- Contact details: name, email, company, job title, LinkedIn profile, phone number (if provided).
- Content of messages: anything you write in forms, emails, live chat, or when booking a meeting.
- Newsletter preferences: opt-in status and topics of interest.
2.2 Information collected automatically
- Device and usage data: IP address, browser type, operating system, pages viewed, time on site, referrer.
- Cookies and similar technologies: see our Cookie Policy for the full list.
- Email engagement: whether you opened an email and which links you clicked (via HubSpot tracking pixels).
2.3 Information from third parties
- Enrichment providers (e.g., Amplemarket, LinkedIn Sales Navigator): publicly available business information such as company, role, seniority, and work email — used to qualify whether you are a relevant B2B contact.
- Google Analytics: aggregated behavioral data about site visitors.
We do not knowingly collect information from children under 16.
3. Why we use it & legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Respond to inquiries, provide consultations, deliver services | Performance of a contract / pre-contractual steps — Art. 6(1)(b) |
| Send our newsletter and promotional emails | Your explicit consent — Art. 6(1)(a). You can unsubscribe at any time. |
| B2B outreach to prospects at target companies | Legitimate interest — Art. 6(1)(f). Promoting B2B services to relevant business roles. |
| Analyze site traffic, improve content and UX | Legitimate interest — Art. 6(1)(f) / consent for non-essential cookies |
| Comply with tax and accounting obligations | Legal obligation — Art. 6(1)(c) |
| Protect against fraud, abuse, security threats | Legitimate interest — Art. 6(1)(f) |
Where we rely on legitimate interest, we have balanced our interest against your rights and concluded the processing is proportionate. You may object at any time (see Section 7).
4. Who we share it with
We do not sell your personal data. We share data only with service providers who help us run our business, professional advisors, and authorities where legally required.
4.1 Service providers (processors)
- HubSpot, Inc. — CRM, forms, email, website hosting (EU1 / Frankfurt)
- Amplemarket — B2B prospecting and outbound email
- LinkedIn (Microsoft) — Sales Navigator prospecting
- Google LLC — Analytics 4, Workspace (email, Drive), Fonts
- Make.com (Celonis) — automation between tools
- HubSpot Meetings — call scheduling
4.2 Professional advisors
Accountants, lawyers, auditors — only when necessary and under a duty of confidentiality.
4.3 Legal and compliance
When required by law, regulation, court order, or to protect our legal rights.
4.4 Business transfers
If we merge, sell, or reorganize, we will notify you and ensure the recipient honors this policy.
5. International data transfers
We are based in Israel. Some service providers (e.g., HubSpot, Google, LinkedIn) may process your data in the United States or other countries.
- Transfers from the EEA/UK are protected by the EU Standard Contractual Clauses (SCCs) and supplementary measures. HubSpot is certified under the EU–US Data Privacy Framework.
- Israel has been recognized by the European Commission as providing adequate protection for personal data.
6. How long we keep it
| Category | Retention |
|---|---|
| Newsletter subscribers | Until you unsubscribe + 30 days |
| CRM contacts (leads, prospects) | Up to 3 years from last meaningful interaction, then deleted or anonymized |
| Clients & project records | Duration of engagement + 7 years (Israeli tax and accounting law) |
| Website analytics (Google Analytics) | Up to 26 months |
| Cookies | See the Cookie Policy for each cookie's lifetime |
| Email correspondence | Up to 3 years unless longer retention is required |
7. Your rights
7.1 Under GDPR (EU/EEA/UK residents)
- Access — get a copy of your data.
- Rectification — correct inaccurate data.
- Erasure ("right to be forgotten") — ask us to delete your data.
- Restriction — limit how we use it.
- Portability — receive it in a machine-readable format.
- Object to legitimate-interest processing, including direct marketing.
- Withdraw consent at any time, without affecting past lawful processing.
- Lodge a complaint with your local data protection authority.
7.2 Under Israeli law
- Right to inspect personal data we hold about you.
- Right to correct or delete inaccurate data.
- Right to be removed from direct marketing databases at any time.
- Complaints may be filed with the Israeli Privacy Protection Authority (PPA).
7.3 Under California (CCPA/CPRA)
- Right to know, delete, correct, and opt out of "sale" or "sharing" of personal information.
- We do not sell personal information. We may share limited business-contact data with advertising partners, which could be considered "sharing" — you may opt out at any time.
How to exercise your rights
Email shani@shani.marketing with the subject "Privacy Request". We will respond within 30 days (GDPR) or as required by applicable law. We may need to verify your identity.
You can also manage your email subscriptions directly on the Email Preferences page.
8. How we protect your data
- HTTPS/TLS encryption across all web properties.
- Multi-factor authentication on CRM and internal systems.
- Vendors selected for security certifications (SOC 2, ISO 27001) where applicable.
- Regular review of access permissions.
No system is 100% secure. If a breach affects your data, we will notify you and the relevant authority as required by law.
9. Cookies
We use cookies and similar technologies — see our dedicated Cookie Policy for the full list and for how to manage your preferences.
10. Children
Our services are directed at business professionals. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced on our homepage and, where legally required, by email. The "Last updated" date at the top reflects the most recent version.
12. Contact
Questions? Requests?
Email: shani@shani.marketing
Response time: within 5 business days for general inquiries; within 30 days for formal data subject requests.