Data Privacy Addendum

This Data Processing Addendum ("Addendum") is incorporated by reference into the Terms of Service ("Agreement") between vSpirits Technologies Ltd. ("Virtual Spirits") and you ("Customer"). It governs the processing of Personal Data in connection with your use of Virtual Spirits' Services and is subject to the terms of the Agreement.

1. Definitions

For the purposes of this Addendum and in accordance with Israeli law, the following terms shall have the meaning ascribed to them under the Israeli Protection of Privacy Law, 1981, including its amendments (e.g., Amendment 13 – תיקון 13), and the Protection of Privacy Regulations (Data Security), 2017:

  • Personal Data (מידע אישי): Any data relating to an identified or identifiable individual.

  • Database Owner (בעל מאגר מידע): The customer, who controls the purpose and means of processing.

  • Data Holder / Processor (מעבד מידע): Virtual Spirits, acting on behalf of the Customer in providing the Services.

  • Data Subject: Any natural person whose Personal Data is collected or processed via the Services.

  • Basic Security Level (רמת אבטחה בסיסית): The default data protection level under Israeli law.


    • All other capitalized terms used but not defined in this Addendum shall have the meanings set forth in the Agreement.


    2. Scope of the Addendum

    2.1 This Addendum applies only where Virtual Spirits processes Personal Data on behalf of the Customer in the course of providing its Services.

    2.2 This Addendum is governed by Israeli law and is designed to meet the requirements of the Israeli Protection of Privacy Law (PPL), 1981, including Amendment 13.

    2.3 Unless otherwise agreed in writing between the parties, and confirmed in writing by Virtual Spirits, the data protection level applicable to processing performed by Virtual Spirits under this Addendum is "Basic" (רמת אבטחה בסיסית). If the Customer requires a Medium (רמה בינונית) or High (רמה גבוהה) level of data security, this must be:

  • Explicitly communicated in writing

  • Approved by Virtual Spirits

  • Subject to additional requirements and fees



    • 3. Roles and Responsibilities

    3.1 Customer as Database Owner
    You are considered the Database Owner under Israeli law. You are solely responsible for:

  • Determining whether your database requires registration with the Registrar of Databases

  • Providing end users with all required privacy notices and disclosures at the point of data collection

  • Obtaining all required consents under applicable law

  • Selecting appropriate data security options in the Service (e.g., IP restrictions, log retention, anonymization)

  • Ensuring that your use of the Services complies with applicable data protection laws and the Agreement


    • 3.2 Virtual Spirits as Data Holder / Processor
    Virtual Spirits processes Personal Data solely for the purpose of providing the Services in accordance with this Addendum, the Agreement, and the Customer's documented instructions. In particular, Virtual Spirits will:

  • Process Personal Data only as necessary to provide the Services and in accordance with Customer’s written instructions

  • Implement and maintain appropriate technical and organizational security measures, as described in the Privacy Policy

  • Assist the Customer with responding to data subject rights requests when feasible

  • Ensure its personnel are subject to confidentiality obligations and data protection training

  • Provide options for data retention control, such as log deletion or anonymization, upon Customer request

  • Notify the Customer without undue delay upon becoming aware of any personal data breach

  • Virtual Spirits reserves the right to notify the Israeli Privacy Protection Authority or other relevant regulatory bodies in the event of a data security incident, suspected unlawful processing, or upon determining in good faith that such notification is necessary to comply with legal obligations or to mitigate legal or security risks.


    • 3.3 Transient Data Processing
    Where Virtual Spirits acts as a Data Holder, it does so solely for the purpose of transient (non-persistent) data processing as part of delivering the Services. The Customer remains the sole Database Owner and is exclusively responsible for determining data retention policies, handling data subject rights, and complying with all legal obligations under applicable privacy laws.

    For the avoidance of doubt, Virtual Spirits' may enable end-users to send file attachments (such as documents, images, or audio files) during Whatsapp conversations as implemented by META. These files are processed transiently and Virtual Spirits does not provide long-term storage of such attachments. The Customer is solely responsible for reviewing, downloading, and storing such attachments in their own systems (e.g., CRM, file archive) if required for legal, operational, or business purposes.


    4. Security Measures

    4.1 Virtual Spirits applies basic security level measures by default, including:

  • SSL/TLS encryption in transit

  • Account-based access controls

  • Options for IP restriction and anonymization of personal identifiers

  • Data minimization practices

  • Role-based access to administrative systems


    • 4.2 Customers are responsible for configuring these options to match their own internal security and compliance needs.

    4.3 Higher security level requirements (such as storing medical records, biometric data, or politically sensitive information) are not covered under the basic plan and may require separate agreement and infrastructure.


    5. Subprocessors and International Transfers

    5.1 Virtual Spirits may use selected third-party subprocessors, including cloud providers, messaging API platforms, and analytics tools, to deliver the Services. The updated list of subprocessors is available upon request and reflected in the Privacy Policy.

    5.2 By using the Services, the Customer authorizes such subprocessors, provided they are subject to obligations of data confidentiality and data protection no less protective than those set out in this Addendum.

    5.3 For customers using services hosted on:

  • virtualspirits.co.il: Data is stored in Israel

  • virtualspirits.com: Data is stored in USA

  • virtualspirits.eu: Data is stored in the EU

    • The Customer may request to migrate between these platforms depending on regional or legal requirements.


    6. Data Subject Rights

    6.1 The Customer is solely responsible for handling data subject rights requests (such as access, correction, deletion, or objection) under Israeli law.

    6.2 Virtual Spirits will provide reasonable assistance in responding to such requests only where technically feasible and upon written request by the Customer.


    7. Data Retention and Deletion

    7.1 Virtual Spirits processes data for the duration of the Agreement unless otherwise instructed by the Customer.

    7.2 Upon termination of the Agreement, Virtual Spirits will, at the Customer’s written instruction:

  • Delete all Personal Data, or

  • Anonymize the Personal Data, or

  • Retain the data for a legally required period


    • 7.3 Customers may configure retention settings or provide written instructions for:

  • Chat log deletion

  • Anonymization of identifiers (e.g., emails, phone numbers)

  • Retention rules for audit or legal defense purposes


    • 7.4 Conversation Export Reports

    Customers may generate and download conversation history reports (e.g., monthly chat logs) via the Services. These reports may include structured text (e.g., messages, metadata, agent notes), but do not include file attachments (such as documents, photos, or audio files) sent during conversations.
    Once exported, the Customer assumes full responsibility for secure storage, access control, and retention of the downloaded files, in accordance with its own privacy obligations.

    7.5 Access to Historical Data

    Access to historical chat records within the control panel (active view) is limited by default for privacy and security reasons and is determined according to the Customer’s active subscription plan, as published on the pricing page of the Virtual Spirits website at the time of purchase or renewal. The Customer acknowledges that:

  • By default, historical chat records (transcripts) is only accessible (active view) for a defined period based on the selected plan.

  • Active view period for Customer is by default 6 months for Professional/Business/IBusiness plan and 24 months for Whatsapp Plan

  • Customers may configure a shorter active view period at any time via the control panel or with assistance from the Virtual Spirits support team.

  • After the expiration of the active view period, historical data may be permanently deleted or anonymized within 30 days.

  • Customers are provided with multiple export options, including APIs for sending leads/inquiries/closed conversations, as well as downloadable historical reports through the control panel.

  • Customers are responsible for generating and securely storing any required reports or data exports during the available retention window.

    • The pricing page may be updated from time to time. It is the Customer's responsibility to review the current active view and retention limits applicable to their selected subscription plan.

    8. Liability and Indemnification

    8.1 The limitations of liability set forth in the Agreement apply to this Addendum.

    8.2 Customer agrees to indemnify Virtual Spirits against any claim or penalty resulting from the Customer’s failure to comply with Israeli data protection requirements or from its failure to notify Virtual Spirits of the need for medium or high security classification.


    9. Precedence and Amendments

    9.1 In the event of any conflict or inconsistency between the provisions of the Agreement and this Addendum, the provisions of this Addendum shall prevail with respect to data processing and privacy obligations.

    9.2 To the extent permitted by applicable law, any and all liability under this Addendum, including limitations thereof, shall be governed by the relevant provisions of the Agreement.

    9.3 Virtual Spirits may update this Addendum from time to time by posting the updated version at: https://www.virtualspirits.com/dpa.aspx
    We will provide notice of material changes via email or through the Platform. Continued use of the Services after such updates shall constitute the Customer's acceptance of the revised Addendum. If the Customer does not agree to the updated Addendum, they must cease using the Services.


    10. Governing Law and Jurisdiction

    This Addendum shall be governed by and interpreted in accordance with the laws of the State of Israel. Any disputes shall be subject to the exclusive jurisdiction of the competent courts in Tel Aviv, Israel.


    This DPA was last updated on January 8, 2026.





    Chatbot - צ'אט בוט -

    © VirtualSpirits 2008-2025 — All Rights Reserved