NDA & DPA - Zahavi Automation

NDA & Data Processing Agreement

Zahavi Automation - Marketing Audit Services

Quick Navigation

Non-Disclosure Agreement (NDA)

1. Purpose & Scope

This NDA governs the confidential information shared between you and Zahavi Automation during our Deep Traffic Audit and marketing services engagement.

2. What We Keep Confidential

  • Your business metrics, revenue data, and customer information
  • Traffic sources, conversion rates, and funnel performance data
  • Marketing strategies, ad creatives, and messaging frameworks
  • Any proprietary information you share with us
  • CRM data, email lists, and subscriber information

3. How We Protect Your Data

  • Read-only access: We access your GA4, CRM, and ad accounts via read-only connections
  • No billing access: We never access your payment methods or billing information
  • Encrypted connections: All data transfers use industry-standard encryption (HTTPS/SSL)
  • Secure storage: Audit reports and findings stored on encrypted servers
  • Limited team access: Only authorized auditors on our team can access your data
  • No third-party sharing: We do not sell, share, or distribute your data

4. Your Rights

  • You can revoke our access anytime by removing our connections from your accounts
  • You own all reports, findings, and recommendations we create for you
  • You can request deletion of your data from our systems
  • We will never use your data for case studies without explicit written permission

5. Confidentiality Duration

Our confidentiality obligations continue indefinitely, even after our engagement ends. We protect your information permanently.

6. Exceptions

We may disclose your information only if:

  • Required by law or legal process (court order, subpoena)
  • To protect our legal rights or security
  • You provide written consent

Data Processing Agreement (DPA)

1. Our Role as Data Processor

Under GDPR and similar data protection laws, Zahavi Automation acts as a Data Processor on your behalf. You remain the Data Controller.

2. Types of Personal Data We Process

  • Email addresses and contact information from lead forms
  • Customer names and account information (from your CRM)
  • IP addresses and session data (from GA4, Hotjar)
  • Behavioral data about lead interactions
  • Any personal data in your traffic and conversion logs

3. Processing Activities

We process this data only for:

  • Analyzing your website traffic and user behavior
  • Identifying funnel leaks and conversion barriers
  • Creating audit reports and recommendations
  • Improving your lead generation and sales processes

4. Data Security Measures

  • Encryption: All data encrypted in transit and at rest
  • Access controls: Role-based access, authentication
  • Regular audits: Security assessments and testing
  • Employee training: Our team trained on data protection practices
  • Incident response: We have a data breach response plan in place

5. Data Retention

  • Audit reports: Retained for 2 years for reference and support
  • Raw data analysis: Deleted after 90 days of engagement completion
  • Backup copies: Retained for 30 days for disaster recovery
  • You can request immediate deletion of all data anytime

6. Sub-processors

We may use the following third-party tools:

  • Google (GA4, Search Console): Your read-only access connector
  • Meta (Facebook Ads): Your read-only access connector
  • AWS/Google Cloud: Secure data storage and analysis

7. Your Data Subject Rights

You have the right to:

  • Access: Request a copy of all data we hold
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a standard format

To exercise these rights, contact: zahaviautomation@gmail.com

Your Data Access Rights

What Access You Grant Us

  • GA4: Read-only access to analytics data
  • Google Search Console: Read-only access to search performance
  • Facebook Ads: Read-only access to campaign metrics
  • Google Ads: Read-only access to campaign data
  • CRM (HubSpot, Pipedrive, etc.): Read-only access to leads and contacts
  • Email platforms: Read-only access to subscriber data

What We NEVER Access

  • ❌ Billing information or credit card data
  • ❌ Payment account credentials
  • ❌ Admin login credentials
  • ❌ Your ad account budgets
  • ❌ Customer passwords

How to Revoke Access

You can disconnect us from your accounts anytime via your account settings. No notice required. Access is revoked immediately.

What Happens to Your Data After

  • Audit report: You own forever
  • Raw analysis data: Deleted 90 days after engagement
  • Backup data: Deleted 30 days after engagement
  • Case study use: Never without your written permission

Questions or Concerns?

Data Protection Inquiries

Email: zahaviautomation@gmail.com

Subject line: "Data Protection Request" or "NDA Question"

Report a Data Breach

If you suspect a security issue:

  • Email: zahaviautomation@gmail.com
  • Include: Description, affected data, date

Revoke Access

Disconnect us from your accounts anytime. Or email us at zahaviautomation@gmail.com with "Revoke Access" in subject line.

Last Updated

January 2026