NDA & Data Processing Agreement

Non-Disclosure Agreement (NDA)

1. Purpose & Scope

This NDA governs the confidential information shared between you and Zahavi Automation during our Deep Traffic Audit and marketing services engagement.

2. What We Keep Confidential

• Your business metrics, revenue data, and customer information
• Traffic sources, conversion rates, and funnel performance data
• Marketing strategies, ad creatives, and messaging frameworks
• Any proprietary information you share with us
• CRM data, email lists, and subscriber information

3. How We Protect Your Data

• Read-only access: We access your GA4, CRM, and ad accounts via read-only connections
• No billing access: We never access your payment methods or billing information
• Encrypted connections: All data transfers use industry-standard encryption (HTTPS/SSL)
• Secure storage: Audit reports and findings stored on encrypted servers
• Limited team access: Only authorized auditors can access your data
• No third-party sharing: We do not sell, share, or distribute your data

4. Your Rights

• You can revoke our access anytime by removing our connections from your accounts
• You own all reports, findings, and recommendations we create for you
• You can request deletion of your data from our systems
• We will never use your data for case studies without explicit written permission

Data Processing Agreement (DPA)

1. Our Role as Data Processor

Under GDPR and similar data protection laws, Zahavi Automation acts as a Data Processor on your behalf. You remain the Data Controller.

2. Types of Personal Data We Process

• Email addresses and contact information from lead forms
• Customer names and account information (from your CRM)
• IP addresses and session data (from GA4, Hotjar)
• Behavioral data about lead interactions
• Any personal data in your traffic and conversion logs

3. Processing Activities

We process this data only for:

• Analyzing your website traffic and user behavior
• Identifying funnel leaks and conversion barriers
• Creating audit reports and recommendations
• Improving your lead generation and sales processes

4. Data Retention

• Audit reports: Retained for 2 years for reference and support
• Raw data analysis: Deleted after 90 days of engagement completion
• Backup copies: Retained for 30 days for disaster recovery
• You can request immediate deletion of all data anytime

5. Your Data Subject Rights

You have the right to:

• Access: Request a copy of all data we hold
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Restriction: Limit how we process your data
• Portability: Receive your data in a standard format

To exercise these rights, contact: zahaviautomation@gmail.com

Your Data Access Rights

What Access You Grant Us

• GA4: Read-only access to analytics data
• Google Search Console: Read-only access to search performance
• Facebook Ads: Read-only access to campaign metrics
• Google Ads: Read-only access to campaign data
• CRM: Read-only access to leads and contacts
• Email platforms: Read-only access to subscriber data

What We NEVER Access

How to Revoke Access

You can disconnect us from your accounts anytime via your account settings. No notice required. Access is revoked immediately.