Privacy policy.

01 Who we are

Commit Labs Ltd is an engineering studio registered in Israel under company number 517291001. We provide software engineering services to businesses, primarily in autonomous AI agents and blockchain systems.

02 What we collect

We collect personal data only when you choose to provide it. Specifically:

Through the contact form

• Name — required, so we know who we're talking to
• Email address — required, so we can reply
• Company name — optional, for context
• Project description — required, so we can assess fit

Through email or messaging

If you contact us via email (hello@commitlabs.io), WhatsApp, or LinkedIn, we receive whatever information you choose to send. This typically includes your name, contact details, and the content of your message.

Automatically

We do not use tracking cookies, analytics scripts, or third-party trackers on this website. The site is hosted as static files and does not log visitor activity beyond standard server logs (IP address, request time, browser type) retained by our hosting provider.

03 Why we collect it

We use your personal data only for the purposes you provide it for:

• Responding to inquiries — to evaluate fit, answer questions, and communicate about potential engagements
• Managing client relationships — for active clients, to deliver agreed services and maintain records required by Israeli accounting and tax law
• Legal compliance — to meet obligations under Israeli law (including the Protection of Privacy Law and tax reporting requirements)

We do not use your data for marketing emails, profiling, automated decision-making, or sale to third parties.

04 Who has access

Your personal data is accessed only by Commit Labs personnel who need it to do their job. We share data with third parties only in these cases:

Service providers we use

• Web3Forms — processes contact form submissions and forwards them to us via email. Their privacy policy: web3forms.com/privacy
• Email infrastructure — Google Workspace handles our email delivery
• Static hosting — Amazon Web Services (AWS S3) hosts this website
• Accounting software — Morning (Green Invoice) for clients only, to issue legally required invoices

Legal obligations

We may disclose data when required by law — for example, to Israeli tax authorities or in response to a valid court order.

05 How long we keep it

• Inquiries that don't lead to an engagement — retained for up to 12 months, then deleted
• Client records — retained for 7 years after the engagement ends, as required by Israeli tax and commercial law
• Email correspondence — retained per our standard email retention (currently indefinite for active threads, can be deleted on request)

06 Your rights

Under the Israeli Protection of Privacy Law (5741-1981, as amended) and the EU General Data Protection Regulation (GDPR) where applicable, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request that we correct inaccurate or outdated information
• Deletion — request that we delete your data (subject to legal retention requirements)
• Object — object to specific uses of your data
• Portability — receive your data in a structured, machine-readable format
• Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, email hello@commitlabs.io. We will respond within 30 days.

If you believe we are not handling your data correctly, you may file a complaint with the Israeli Privacy Protection Authority or, if you are in the EU, your local data protection authority.

07 International data transfers

Some of our service providers (Web3Forms, AWS, Google Workspace) are based outside Israel. Where personal data is transferred internationally, we rely on:

• Adequacy decisions (Israel has been recognized as providing adequate data protection by the EU Commission)
• Standard contractual clauses with our service providers
• The recipient's compliance with frameworks such as GDPR

08 Security

We implement reasonable technical and organizational measures to protect your data:

• HTTPS encryption for all website traffic and form submissions
• Access controls limiting who can view client data
• Vetted third-party service providers with their own security certifications (AWS, Google, Web3Forms)
• No storage of payment card data — payments are handled by Morning

No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you and the relevant authorities as required by law.

09 Changes to this policy

We may update this policy as our practices evolve or as required by law. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated by email to active clients.

10 Contact

Questions about this policy, or about how we handle your data, can be sent to: