Data Privacy Addendum

This Data Processing Addendum ("Addendum") is incorporated by reference into the Terms of Service ("Agreement") between vSpirits Technologies Ltd. ("Virtual Spirits") and you ("Customer"). It governs the processing of Personal Data in connection with your use of Virtual Spirits' Services and is subject to the terms of the Agreement.

1. Definitions

For the purposes of this Addendum and in accordance with Israeli law, the following terms shall have the meaning ascribed to them under the Israeli Protection of Privacy Law, 1981, including its amendments (e.g., Amendment 13 – תיקון 13), and the Protection of Privacy Regulations (Data Security), 2017:

  • Personal Data (מידע אישי): Any data relating to an identified or identifiable individual.

  • Database Owner (בעל מאגר מידע): The customer, who controls the purpose and means of processing.

  • Data Holder / Processor (מעבד מידע): Virtual Spirits, acting on behalf of the Customer in providing the Services.

  • Data Subject: Any natural person whose Personal Data is collected or processed via the Services.

  • Basic Security Level (רמת אבטחה בסיסית): The default data protection level under Israeli law.


    • All other capitalized terms used but not defined in this Addendum shall have the meanings set forth in the Agreement.


    2. Scope of the Addendum

    2.1 This Addendum applies only where Virtual Spirits processes Personal Data on behalf of the Customer in the course of providing its Services.

    2.2 This Addendum is governed by Israeli law and is designed to meet the requirements of the Israeli Protection of Privacy Law (PPL), 1981, including Amendment 13.

    2.3 Unless otherwise agreed in writing, the data protection level applicable to processing performed by Virtual Spirits under this Addendum is "Basic" (רמת אבטחה בסיסית). If the Customer requires a Medium (רמה בינונית) or High (רמה גבוהה) level of data security, this must be:

  • Explicitly communicated in writing

  • Approved by Virtual Spirits

  • Subject to additional requirements and fees



    • 3. Roles and Responsibilities

    3.1 Customer as Database Owner
    You are considered the Database Owner under Israeli law. You are solely responsible for:

  • Determining whether your database requires registration with the Registrar of Databases

  • Providing end users with all required privacy notices and disclosures at the point of data collection

  • Obtaining all required consents under applicable law

  • Selecting appropriate data security options in the Service (e.g., IP restrictions, log retention, anonymization)

  • Ensuring that your use of the Services complies with applicable data protection laws and the Agreement


    • 3.2 Virtual Spirits as Data Holder / Processor
    Virtual Spirits processes Personal Data solely for the purpose of providing the Services in accordance with this Addendum, the Agreement, and the Customer's documented instructions. In particular, Virtual Spirits will:

  • Process Personal Data only as necessary to provide the Services and in accordance with Customer’s written instructions

  • Implement and maintain appropriate technical and organizational security measures, as described in the Privacy Policy

  • Assist the Customer with responding to data subject rights requests when feasible

  • Ensure its personnel are subject to confidentiality obligations and data protection training

  • Provide options for data retention control, such as log deletion or anonymization, upon Customer request

  • Notify the Customer without undue delay upon becoming aware of any personal data breach



    • 4. Security Measures

    4.1 Virtual Spirits applies basic security level measures by default, including:

  • SSL/TLS encryption in transit

  • Account-based access controls

  • Options for IP restriction and anonymization of personal identifiers

  • Data minimization practices

  • Role-based access to administrative systems


    • 4.2 Customers are responsible for configuring these options to match their own internal security and compliance needs.

    4.3 Higher security level requirements (such as storing medical records, biometric data, or politically sensitive information) are not covered under the basic plan and may require separate agreement and infrastructure.


    5. Subprocessors and International Transfers

    5.1 Virtual Spirits may use selected third-party subprocessors, including cloud providers, messaging API platforms, and analytics tools, to deliver the Services. The updated list of subprocessors is available upon request and reflected in the Privacy Policy.

    5.2 By using the Services, the Customer authorizes such subprocessors, provided they are subject to obligations of data confidentiality and data protection no less protective than those set out in this Addendum.

    5.3 For customers using services hosted on:

  • virtualspirits.co.il: Data is stored in Israel

  • virtualspirits.com: Data is stored in USA

  • virtualspirits.eu: Data is stored in the EU

    • The Customer may request to migrate between these platforms depending on regional or legal requirements.


    6. Data Subject Rights

    6.1 The Customer is solely responsible for handling data subject rights requests (such as access, correction, deletion, or objection) under Israeli law.

    6.2 Virtual Spirits will provide reasonable assistance in responding to such requests only where technically feasible and upon written request by the Customer.


    7. Data Retention and Deletion

    7.1 Virtual Spirits processes data for the duration of the Agreement unless otherwise instructed by the Customer.

    7.2 Upon termination of the Agreement, Virtual Spirits will, at the Customer’s written instruction:

  • Delete all Personal Data, or

  • Anonymize the Personal Data, or

  • Retain the data for a legally required period


    • 7.3 Customers may configure retention settings or provide written instructions for:

  • Chat log deletion

  • Anonymization of identifiers (e.g., emails, phone numbers)

  • Retention rules for audit or legal defense purposes



    • 8. Liability and Indemnification

    8.1 The limitations of liability set forth in the Agreement apply to this Addendum.

    8.2 Customer agrees to indemnify Virtual Spirits against any claim or penalty resulting from the Customer’s failure to comply with Israeli data protection requirements or from its failure to notify Virtual Spirits of the need for medium or high security classification.


    9. Precedence and Amendments

    9.1 In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail with respect to data processing and privacy obligations.

    9.2 To the extent permitted by applicable law, any and all liability under this Addendum, including limitations thereof, shall be governed by the relevant provisions of the Agreement.

    9.3 Virtual Spirits may update this Addendum from time to time to reflect changes in legislation or service practices. All changes will be posted at: https://www.virtualspirits.com/dpa.aspx
    Your continued use of the Services constitutes acceptance of any updated version. If you do not agree to a modified Addendum, you must cease using the Services.


    10. Governing Law and Jurisdiction

    This Addendum shall be governed by and interpreted in accordance with the laws of the State of Israel. Any disputes shall be subject to the exclusive jurisdiction of the competent courts in Tel Aviv, Israel.


    This DPA was last updated on September 20, 2025.





    Chatbot - צ'אט בוט -

    © VirtualSpirits 2008-2025 — All Rights Reserved