[ Adelina ]

Privacy Policy

Effective July 2026

1. Who We Are

This Privacy Policy is issued by Dr. Ronen Shoval, operating as a sole proprietorship ("Adelina," "we," "us"), operating the Adelina platform. For matters relating to this Policy, contact: hello@adelina.media.

2. Scope of This Policy

This Policy covers personal data of Client Account Users — the individuals who register for, log into, and operate the Adelina dashboard on behalf of a Client business (e.g., an owner or staff member of a Client organization). Their use of the platform itself is governed by the Product Terms of Service.

Data collected from anonymous visitors to Adelina's marketing website — cookies, analytics, contact-form submissions — is governed by the separate Website Privacy Notice, not by this document. That split exists because the point of collection, and the data involved, genuinely differ between a website visitor and a Client using the product — see the Website Privacy Notice for the reasoning.

This Policy does not primarily govern personal data that may incidentally appear *within* Client Content (for example, a guest speaker or audience member visible or named in a Client's uploaded lecture). For that category, Adelina generally acts as a processor on the Client's instructions, and the Client is the controller responsible for its own lawful basis for including that data and for its own disclosures to those individuals. A separate Data Processing Agreement (DPA) between Adelina and the Client governs that processor relationship where applicable — see the note in Section 7.

3. Legal Basis for Processing

Under the Israeli Protection of Privacy Law, personal data may lawfully be processed on one of two grounds: (a) the data subject's consent, or (b) where processing is necessary for the legitimate activity of the database owner and is consistent with the purpose disclosed to the data subject at the time of collection. Unlike the GDPR's six-basis framework, Israeli law does not recognize a freestanding "legitimate interest" ground separate from this purpose-consistency test.

We rely on the following grounds for the purposes described in Section 6:

PurposeBasis
Creating and operating the Client's accountLegitimate activity — necessary to deliver the Service the Client requested
Connecting to and publishing on social accountsLegitimate activity, scoped to the specific authorization the Client grants per platform
BillingLegitimate activity — necessary to charge for the Service
Security and fraud preventionLegitimate activity
Marketing communicationsConsent (see Section 17)

4. What Personal Data We Collect

For each category below, in line with Israeli disclosure requirements, we note whether providing the data is mandatory (required to use the Service) or voluntary.

CategoryExamplesMandatory / Voluntary
Account dataName, email, business name, billing addressMandatory
Connected-platform credentialsOAuth access tokens for the Client's own social media accounts, obtained via Post-for-MeMandatory (only for platforms the Client chooses to connect)
Billing dataPayment details, processed by Paddle as merchant of record — Adelina does not directly store card numbersMandatory
Content dataUploaded video/audio, transcripts, rendered clips, captionsMandatory (this is the substance of the Service)
CommunicationsSupport messages, Telegram bot interactions where usedVoluntary
Technical dataIP address, device/browser information, access logsMandatory (collected automatically for security and service operation)

4.1 A note on face-detection processing

The Service uses automated face-detection technology to identify the position of a speaker's face within source video, solely to frame the vertical crop of each rendered clip. This process generates transient facial landmark data during rendering.

5. Automated Processing and AI Use

Significant parts of the Service are performed by automated systems, including transcription of audio to text, semantic selection of which portions of source content become individual clips, and captioning and cropping decisions (including the face-detection process described in Section 4.1). These processes operate on Client Content to produce Output; they do not make legal or similarly significant decisions *about* individual data subjects in the sense that would trigger automated-decision-making protections in most frameworks.

6. Why We Process It (Purposes)

We process personal data to: create and operate the Client's account and dashboard access; connect to and publish content on the Client's own social media accounts, strictly as authorized; process, edit, render, and deliver Client Content as the core function of the Service; bill for the Service via our payment processor; respond to support requests; and maintain security, detect abuse, and comply with legal obligations. See Section 3 for the legal basis applicable to each.

We do not sell personal data, and we do not use Client Content or Client Account User data to train models for purposes unrelated to delivering the Service to that Client, without separate notice and consent.

7. Who We Share It With

We share personal data only with the following categories of sub-processors, each acting under contractual confidentiality and security obligations, and only to the extent needed to deliver the Service:

Sub-processorRoleData involvedLocation
Post-for-MeOAuth aggregator for connecting and publishing to social platformsConnected-account OAuth tokensUnited States
PaddlePayment processing, acting as merchant of recordBilling/payment dataUnited Kingdom
HetznerInfrastructure hosting (VPS)All platform data at restGermany (Nuremberg)
Anthropic (Claude)AI content analysis for clip selection and topic taggingTranscripts and derived textUnited States
Destination social platforms (YouTube, Instagram, Facebook, TikTok, X, Telegram, Rumble, as connected by the Client)Publication of finished clipsRendered clip content, published per Client authorizationPer each platform's own terms

Each Client's data is technically isolated from every other Client's data at the infrastructure level (separate database, storage, and credentials per Client) — this isolation is architectural, not just a policy statement.

Enterprise clients: where a Client requires a separate Data Processing Agreement covering Adelina's role as processor for personal data embedded in Client Content, Adelina can execute one on request — referenced here, not included in this Policy.

8. International Data Transfers

Adelina's infrastructure is hosted in Germany (an EU member state), and certain sub-processors may be based outside Israel and outside the EU, including the United States. This means personal data may be transferred from Israel to the EU (hosting), and from Israel or the EU to other countries via specific sub-processors.

Under the Israeli Protection of Privacy Law, as amended by Amendment 13 (effective 14 August 2025), transfers of personal data outside Israel require that the receiving country offer an adequate level of protection, or that an appropriate transfer agreement is in place with the receiving party.

9. Data Retention

10. Your Rights

Under the Israeli Protection of Privacy Law, individuals whose personal data we hold have the right to:

To exercise any of these rights, contact hello@adelina.media. We will respond within a reasonable period, and in a format the requester can understand, as required by law.

Where a request relates to data embedded in Client Content rather than Adelina's own account records, we may direct the request to the relevant Client, who controls that data as described in Section 2.

A note on portability: Israeli law does not currently grant a freestanding right to receive personal data in a portable, machine-readable format, unlike GDPR Article 20. If a data subject's rights happen to be governed by GDPR rather than Israeli law — for example, because they are located in the EU — that additional right may apply to them specifically. Worth confirming case by case rather than assuming uniform treatment across all data subjects.

11. Data Protection Officer

Under Amendment 13, appointment of a Data Protection Officer (DPO) is mandatory for public bodies, and for controllers whose primary purpose is collecting personal data for transfer to others as a business (or for compensation) where the database contains data on more than 10,000 individuals, among other narrow categories.

At its current scale, Adelina's primary purpose is delivering a video-processing service to a small number of B2B clients, not data brokerage, and it does not hold data on 10,000+ individuals. On that basis, a DPO does not currently appear to be mandatory.

12. Database Registration

Separately from the DPO requirement, Amendment 13 narrows — but does not eliminate — the requirement to register certain databases with the Privacy Protection Authority. Registration is required where a database's *primary purpose* is collecting personal data for transfer to others as a business or for compensation, and it holds data on more than 10,000 individuals, or where the controller is a public body. Adelina's database does not appear to meet either condition at current scale.

13. Security Measures

We maintain technical and organizational measures appropriate to the sensitivity of the data we hold, including:

14. Data Breach Notification

If Adelina becomes aware of a security incident affecting personal data, Adelina will assess the incident and, where required by law or where the incident poses a real risk of harm, notify affected Clients without undue delay, and notify the Privacy Protection Authority where required under Israeli law.

15. Children's Data

The Service is intended for business use by adults. We do not knowingly collect personal data from individuals under 18. If we become aware that we have done so, we will delete it.

16. Employee Data

This Policy currently addresses Client Account Users and website visitors only. If Adelina engages employees or contractors in the future, a separate internal privacy notice addressing employee data — which carries its own enhanced disclosure obligations under Amendment 13 — should be prepared at that time. Employee data is out of scope of this Policy.

17. Marketing Communications

Where Adelina sends product updates or marketing communications by email, the Client Account User may opt out at any time via the unsubscribe mechanism in the email or by contacting hello@adelina.media.

18. Cookies and Website Tracking

Cookies and tracking on Adelina's marketing website are governed by the separate Website Privacy Notice, not by this document — see Section 2 above for why this is split out rather than covered here.

19. Third-Party Links

The Service and Adelina's website may link to third-party platforms, including the Client's own connected social accounts. Those platforms' own privacy policies govern data handled on their side; this Policy does not cover them.

20. Changes to This Policy

We may update this Policy from time to time. Material changes will be notified to active Clients with reasonable advance notice, consistent with the disclosure obligations described in Section 3.

21. Contact and Complaints

Questions or requests regarding this Policy: hello@adelina.media.

If you believe we have not adequately addressed a concern, you may also contact Israel's Privacy Protection Authority (הרשות להגנת הפרטיות), the regulator responsible for enforcement of the Protection of Privacy Law.