PRIVACY NOTICE

Privacy notice

Last updated June 29, 2026.

This notice explains what personal data Mitoderm collects when you visit the Site (mitoderm.com) or contact us, why we collect it, how we protect and share it, and the rights you have under Israeli law. It is written to align with Israel's Protection of Privacy Law, 5741-1981 as amended by Amendment 13 (in force August 2025), and — for visitors in the EU/EEA — with the GDPR.

Who we are — the database holder

The Site is operated by Mitoderm Academy, of Rafael Eitan 38, Ramat Gan 5590500, Israel ("Mitoderm", "we", "us").

For the purposes of the Protection of Privacy Law, Mitoderm is the Owner and the Manager of the customer-enquiries database that this Site feeds. Our hosting and email providers act as Holders / processors on our behalf. Questions about the database may be directed to our privacy contact below.

What we collect

We collect the minimum necessary to answer your enquiries and keep the Site functional. We do not collect special-category data and ask that you not send clinical or patient information through the Site.

  • Contact-form data: name, email, phone (optional), clinic name (optional) and the message you write.
  • Clinic-application data: the above plus city, professional licence number and an optional referral code.
  • Waitlist sign-ups for upcoming product lines: email address.
  • Marketing-attribution data, only when present: UTM parameters and the page you arrived on.
  • Technical logs created by our hosting provider — IP address, user agent, request path — retained briefly for security and abuse prevention.
  • Cookies and analytics, only if you opt in at the banner: a consent cookie plus, on consent, Google Analytics 4. We never sell your data.

Why we collect it (purposes)

Each category is used only for the purpose it was given for:

  • To answer your enquiry and provide the information you requested.
  • To onboard your clinic and manage our commercial relationship.
  • To send product, training and protocol information you have asked for.
  • To send marketing communications — only where you have given separate, specific consent (see below).
  • To secure the Site, prevent abuse, and meet our legal and accounting obligations.
  • To understand, in aggregate, which content is useful — analytics only, and only after consent.

Legal basis

We process your contact data on the basis of your consent — you chose to send the form. Security logging rests on our legitimate interest in protecting the Site. Analytics and any marketing run only on the separate consent you give. You can withdraw any consent at any time, without affecting processing already carried out.

Marketing communications

We send marketing messages (email, SMS or WhatsApp) only where you have actively opted in, in line with section 30A of the Communications Law (Telecommunications and Broadcasting), 5742-1982. Every marketing message carries a one-click way to unsubscribe, and you can also opt out at any time by writing to the contact below. Operational replies to your own enquiry are not marketing and are sent regardless.

Who we share it with

We do not sell personal data. We disclose the minimum necessary to:

  • Our service providers acting as processors under contract — website hosting (Vercel Inc.) and transactional email (Resend, Inc.).
  • Our partner clinics — only where you ask us to route your enquiry to a specific clinic.
  • Authorities or advisers where we are legally required to, or to establish or defend legal claims.

International transfers

Some of our processors (Vercel, Resend) store data on servers located outside Israel, including in the United States. We transfer data abroad only in accordance with the Protection of Privacy (Transfer of Data to Databases Abroad) Regulations, 5761-2001 and, for EU/EEA data, on the basis of appropriate safeguards. Recipients are bound by contract to protect the data to a standard comparable to Israeli law and not to transfer it onward without a lawful basis.

How long we keep it (retention)

We keep data only as long as the purpose requires:

  • Enquiry / lead records: up to 24 months after the last contact, then deleted or anonymised.
  • Clinic-partner accounts: for the life of the relationship plus the period required by accounting and tax law (currently 7 years).
  • Waitlist emails: until the line launches plus 12 months, then deleted.
  • Security logs: rolled off within 30 days.

How we protect it

We apply technical and organisational measures appropriate to the sensitivity of the data: encryption in transit (HTTPS/HSTS), strict access controls, rate limiting, signed administrative sessions and audit logging. No system is perfectly secure, but we work to industry-standard safeguards.

Data-breach notification

In line with Amendment 13 to the Protection of Privacy Law, if a serious security incident affecting your personal data occurs, we will notify the Israeli Privacy Protection Authority and, where required, the affected individuals, within the statutory timeframes.

Your rights

Under Israeli law (and the GDPR where it applies) you may:

  • Access the data we hold about you (s.13 of the Law).
  • Have inaccurate data corrected or completed (s.14).
  • Request deletion of your data, subject to our legal retention duties.
  • Object to direct-marketing use of your data at any time.
  • Withdraw consent, and — for EU/EEA visitors — request portability or restriction.
  • Lodge a complaint with the Privacy Protection Authority (see below).

Cookies

We use three cookie categories — strictly necessary, analytics and marketing. Only strictly-necessary cookies run without your consent. You control the rest at the banner, and can change your choice at any time. Full details are on our Cookies page.

Children

The Site addresses healthcare professionals and is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us data, contact us and we will delete it.

Supervisory authority

You may contact or complain to the Israeli Privacy Protection Authority ("the Authority") — https://www.gov.il/en/departments/the_privacy_protection_authority. EU/EEA visitors may also contact their local data-protection authority.

Changes & governing language

We may update this notice; material changes are reflected in the "Last updated" date above. This notice is published in English, Russian and Hebrew. In the event of any discrepancy, the Hebrew version prevails.

Contact

Privacy questions, requests or to exercise a right: write to info@mitoderm.com. We will respond within 30 days.