This Privacy Policy is issued by Dr. Ronen Shoval, operating as a sole proprietorship ("Adelina," "we," "us"), operating the Adelina platform. For matters relating to this Policy, contact: hello@adelina.media.
This Policy covers personal data of Client Account Users — the individuals who register for, log into, and operate the Adelina dashboard on behalf of a Client business (e.g., an owner or staff member of a Client organization). Their use of the platform itself is governed by the Product Terms of Service.
Data collected from anonymous visitors to Adelina's marketing website — cookies, analytics, contact-form submissions — is governed by the separate Website Privacy Notice, not by this document. That split exists because the point of collection, and the data involved, genuinely differ between a website visitor and a Client using the product — see the Website Privacy Notice for the reasoning.
This Policy does not primarily govern personal data that may incidentally appear *within* Client Content (for example, a guest speaker or audience member visible or named in a Client's uploaded lecture). For that category, Adelina generally acts as a processor on the Client's instructions, and the Client is the controller responsible for its own lawful basis for including that data and for its own disclosures to those individuals. A separate Data Processing Agreement (DPA) between Adelina and the Client governs that processor relationship where applicable — see the note in Section 7.
Under the Israeli Protection of Privacy Law, personal data may lawfully be processed on one of two grounds: (a) the data subject's consent, or (b) where processing is necessary for the legitimate activity of the database owner and is consistent with the purpose disclosed to the data subject at the time of collection. Unlike the GDPR's six-basis framework, Israeli law does not recognize a freestanding "legitimate interest" ground separate from this purpose-consistency test.
We rely on the following grounds for the purposes described in Section 6:
| Purpose | Basis |
|---|---|
| Creating and operating the Client's account | Legitimate activity — necessary to deliver the Service the Client requested |
| Connecting to and publishing on social accounts | Legitimate activity, scoped to the specific authorization the Client grants per platform |
| Billing | Legitimate activity — necessary to charge for the Service |
| Security and fraud prevention | Legitimate activity |
| Marketing communications | Consent (see Section 17) |
For each category below, in line with Israeli disclosure requirements, we note whether providing the data is mandatory (required to use the Service) or voluntary.
| Category | Examples | Mandatory / Voluntary |
|---|---|---|
| Account data | Name, email, business name, billing address | Mandatory |
| Connected-platform credentials | OAuth access tokens for the Client's own social media accounts, obtained via Post-for-Me | Mandatory (only for platforms the Client chooses to connect) |
| Billing data | Payment details, processed by Paddle as merchant of record — Adelina does not directly store card numbers | Mandatory |
| Content data | Uploaded video/audio, transcripts, rendered clips, captions | Mandatory (this is the substance of the Service) |
| Communications | Support messages, Telegram bot interactions where used | Voluntary |
| Technical data | IP address, device/browser information, access logs | Mandatory (collected automatically for security and service operation) |
The Service uses automated face-detection technology to identify the position of a speaker's face within source video, solely to frame the vertical crop of each rendered clip. This process generates transient facial landmark data during rendering.
Significant parts of the Service are performed by automated systems, including transcription of audio to text, semantic selection of which portions of source content become individual clips, and captioning and cropping decisions (including the face-detection process described in Section 4.1). These processes operate on Client Content to produce Output; they do not make legal or similarly significant decisions *about* individual data subjects in the sense that would trigger automated-decision-making protections in most frameworks.
We process personal data to: create and operate the Client's account and dashboard access; connect to and publish content on the Client's own social media accounts, strictly as authorized; process, edit, render, and deliver Client Content as the core function of the Service; bill for the Service via our payment processor; respond to support requests; and maintain security, detect abuse, and comply with legal obligations. See Section 3 for the legal basis applicable to each.
We do not sell personal data, and we do not use Client Content or Client Account User data to train models for purposes unrelated to delivering the Service to that Client, without separate notice and consent.
We share personal data only with the following categories of sub-processors, each acting under contractual confidentiality and security obligations, and only to the extent needed to deliver the Service:
| Sub-processor | Role | Data involved | Location |
|---|---|---|---|
| Post-for-Me | OAuth aggregator for connecting and publishing to social platforms | Connected-account OAuth tokens | United States |
| Paddle | Payment processing, acting as merchant of record | Billing/payment data | United Kingdom |
| Hetzner | Infrastructure hosting (VPS) | All platform data at rest | Germany (Nuremberg) |
| Anthropic (Claude) | AI content analysis for clip selection and topic tagging | Transcripts and derived text | United States |
| Destination social platforms (YouTube, Instagram, Facebook, TikTok, X, Telegram, Rumble, as connected by the Client) | Publication of finished clips | Rendered clip content, published per Client authorization | Per each platform's own terms |
Each Client's data is technically isolated from every other Client's data at the infrastructure level (separate database, storage, and credentials per Client) — this isolation is architectural, not just a policy statement.
Adelina's infrastructure is hosted in Germany (an EU member state), and certain sub-processors may be based outside Israel and outside the EU, including the United States. This means personal data may be transferred from Israel to the EU (hosting), and from Israel or the EU to other countries via specific sub-processors.
Under the Israeli Protection of Privacy Law, as amended by Amendment 13 (effective 14 August 2025), transfers of personal data outside Israel require that the receiving country offer an adequate level of protection, or that an appropriate transfer agreement is in place with the receiving party.
Under the Israeli Protection of Privacy Law, individuals whose personal data we hold have the right to:
To exercise any of these rights, contact hello@adelina.media. We will respond within a reasonable period, and in a format the requester can understand, as required by law.
Where a request relates to data embedded in Client Content rather than Adelina's own account records, we may direct the request to the relevant Client, who controls that data as described in Section 2.
A note on portability: Israeli law does not currently grant a freestanding right to receive personal data in a portable, machine-readable format, unlike GDPR Article 20. If a data subject's rights happen to be governed by GDPR rather than Israeli law — for example, because they are located in the EU — that additional right may apply to them specifically. Worth confirming case by case rather than assuming uniform treatment across all data subjects.
Under Amendment 13, appointment of a Data Protection Officer (DPO) is mandatory for public bodies, and for controllers whose primary purpose is collecting personal data for transfer to others as a business (or for compensation) where the database contains data on more than 10,000 individuals, among other narrow categories.
At its current scale, Adelina's primary purpose is delivering a video-processing service to a small number of B2B clients, not data brokerage, and it does not hold data on 10,000+ individuals. On that basis, a DPO does not currently appear to be mandatory.
Separately from the DPO requirement, Amendment 13 narrows — but does not eliminate — the requirement to register certain databases with the Privacy Protection Authority. Registration is required where a database's *primary purpose* is collecting personal data for transfer to others as a business or for compensation, and it holds data on more than 10,000 individuals, or where the controller is a public body. Adelina's database does not appear to meet either condition at current scale.
We maintain technical and organizational measures appropriate to the sensitivity of the data we hold, including:
If Adelina becomes aware of a security incident affecting personal data, Adelina will assess the incident and, where required by law or where the incident poses a real risk of harm, notify affected Clients without undue delay, and notify the Privacy Protection Authority where required under Israeli law.
The Service is intended for business use by adults. We do not knowingly collect personal data from individuals under 18. If we become aware that we have done so, we will delete it.
This Policy currently addresses Client Account Users and website visitors only. If Adelina engages employees or contractors in the future, a separate internal privacy notice addressing employee data — which carries its own enhanced disclosure obligations under Amendment 13 — should be prepared at that time. Employee data is out of scope of this Policy.
Where Adelina sends product updates or marketing communications by email, the Client Account User may opt out at any time via the unsubscribe mechanism in the email or by contacting hello@adelina.media.
Cookies and tracking on Adelina's marketing website are governed by the separate Website Privacy Notice, not by this document — see Section 2 above for why this is split out rather than covered here.
The Service and Adelina's website may link to third-party platforms, including the Client's own connected social accounts. Those platforms' own privacy policies govern data handled on their side; this Policy does not cover them.
We may update this Policy from time to time. Material changes will be notified to active Clients with reasonable advance notice, consistent with the disclosure obligations described in Section 3.
Questions or requests regarding this Policy: hello@adelina.media.
If you believe we have not adequately addressed a concern, you may also contact Israel's Privacy Protection Authority (הרשות להגנת הפרטיות), the regulator responsible for enforcement of the Protection of Privacy Law.