Privacy Policy

Last updated: April 2026

1. Who We Are

dataoncapital.com (“the Site”) is operated by an individual developer based in Israel. The Site is an open data platform that presents publicly available pension and provident fund data from the Israel Capital Markets, Insurance and Savings Authority (CMISA).

For any privacy-related questions, you can contact us at: info@dataoncapital.com

2. What Personal Data We Collect

The Site does not require registration, login, or any form of account creation. We do not ask you to submit any personal information to use the Site.

However, the following data is collected automatically when you visit:

a) Server Logs

Our web server (nginx) automatically records standard access logs for each request. These logs may include:

Your IP address
Date and time of the request
Pages and resources you accessed
HTTP status codes
Referring URL (the page you came from)
Your browser type and version (user agent string)

Purpose: Server logs are used solely for maintaining the security and stability of the Site, diagnosing technical issues, and protecting against abuse (e.g., automated scraping, denial-of-service attacks).

Legal basis: Legitimate interest in maintaining a secure and functional website.

Retention: Server logs are retained for up to 14 days and then automatically deleted.

b) No Analytics (Current State)

The Site does not currently use Google Analytics or any other third-party analytics or tracking service. No analytics cookies are set.

If we add analytics in the future, this privacy policy will be updated before any tracking is enabled, and a cookie consent mechanism will be implemented.

3. Cookies

a) Essential Cookies

The Site may set strictly necessary cookies required for basic site functionality (such as session management or security tokens). These cookies do not track you and are not used for analytics or advertising purposes.

Essential cookies do not require your consent under Israeli law or EU law.

b) Non-Essential Cookies

The Site does not currently set any non-essential cookies. There are no analytics cookies, advertising cookies, or third-party tracking cookies.

If non-essential cookies are introduced in the future, we will implement a cookie consent banner that requires your explicit opt-in consent before any such cookies are placed.

4. How We Use Your Data

We use the automatically collected data (server logs) exclusively for the following purposes:

Ensuring the security and proper functioning of the Site
Detecting and preventing unauthorized access or abuse
Diagnosing and resolving technical issues
Understanding general usage patterns in aggregate (e.g., which pages are most visited) based on server logs only

We do not:

Sell your data to anyone
Share your data with advertisers
Use your data for profiling or automated decision-making
Build individual user profiles from server logs

5. Third-Party Services

a) Hosting

The Site is hosted on a server provided by Hetzner Online GmbH, located in Helsinki, Finland (EU). Hetzner may have access to server infrastructure data as part of their hosting service. Hetzner’s privacy policy is available at: hetzner.com/legal/privacy-policy

b) Fonts

The Site uses the DM Sans and JetBrains Mono typefaces, loaded via Next.js built-in font optimization. These fonts are served from the Site’s own domain after being downloaded at build time. No requests are made to Google Fonts or any external font CDN when you visit the Site.

c) No Other Third Parties (Current State)

The Site does not currently integrate with any other third-party services that process your personal data. There are no social media widgets, advertising networks, embedded videos, or external tracking scripts.

6. Data About Funds (Not Personal Data)

The fund performance data, fee information, risk metrics, and other financial statistics displayed on the Site are institutional data about pension and provident funds, sourced from the Capital Markets Authority (GemelNet). This data does not contain any personal information about individual savers, account holders, or investors. It is publicly available government data about financial products.

7. International Data Transfers

Our server is located in Finland (EU). If you access the Site from outside the EU, your request data (IP address, etc.) is transmitted to our server in Finland.

We do not currently transfer personal data to countries outside the EU/EEA. If this changes in the future (e.g., by adding a US-based analytics service), this policy will be updated with details about the transfer mechanism and safeguards.

8. Data Security

We take reasonable measures to protect the data we collect:

The Site is served exclusively over HTTPS (encrypted connection)
SSH access to the server is restricted to key-based authentication only; password login is disabled
The database is not publicly accessible (bound to localhost only)
Fail2ban is active to block repeated unauthorized access attempts
Firewall (ufw) restricts open ports to HTTP, HTTPS, and SSH only
Regular security updates are applied to the server

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of data transmitted over the internet.

9. Your Rights

Under Israel’s Protection of Privacy Law (PPL), as amended by Amendment 13 (effective August 14, 2025), you have the following rights regarding your personal data:

Right of access — You can request to know what personal data we hold about you.
Right to correction — You can request correction of inaccurate data.
Right to deletion — You can request deletion of your personal data, unless we have a legitimate legal reason to retain it.
Right to restrict processing — You can request that we limit how we use your data.
Right to data portability — You can request your data in a structured, commonly used format.

In practice, the only personal data we hold about you is server log entries (IP address, timestamps, pages visited) which are automatically deleted after 14 days. We do not maintain any persistent database of visitor information.

To exercise any of these rights, contact us at: info@dataoncapital.com

We will respond to your request within 30 days.

You also have the right to lodge a complaint with the Israel Privacy Protection Authority (PPA / הרשות להגנת הפרטיות): gov.il — Privacy Protection Authority

10. Children’s Privacy

The Site is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at info@dataoncapital.com and we will take steps to delete that data.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically.

If we make material changes (such as adding analytics tracking or collecting new types of personal data), we will provide notice on the Site before the changes take effect.

12. Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us at:

Email: info@dataoncapital.com