Privacy Policy
Version 2.0 · Last Updated: May 16, 2026 · Effective: May 16, 2026
1. Who We Are (Data Controller)
This Privacy Policy describes how 90 Minutes a Week ("we," "us," "our") collects, uses, discloses, and safeguards your personal information when you use our websites, mobile applications (ImHome, Shuffle Date, Shalema, LoveSync, Date Roulette), guided audio sessions, and reflection workbooks (together, the "Services").
The data controller responsible for your personal information under the Israeli Protection of Privacy Law, 5741-1981 ("PPL") and (where applicable) the EU General Data Protection Regulation 2016/679 ("GDPR") is:
Jacob Lipsky, founder of 90 Minutes a Week (operating as a sole individual; Israeli business registration pending)
Address: [TO BE FILLED — registered Israeli address]
Email: jacoblipsky@90minutes-a-week.com
Phone: [TO BE FILLED]
Business ID: Not yet registered with Israeli authorities — this notice will be updated once registration is complete.
2. What Personal Information We Collect
2.1 Information you give us directly
- Account & profile data: name, email address, authentication credentials, optional profile details about you and your relationship (used inside our mobile apps).
- Lead-magnet email signups: when you request a free workbook from one of our landing pages, we store your email address and the page you signed up from in our mailing list (Firestore collection
mailing_list). - Waiting-list signups: when you join the LoveSync waiting list, we store your email address.
- Contact form submissions: name, email, and the message you send us. (The website's contact form opens your email client to send the message directly to us; we receive whatever you submit.)
- User content inside apps: answers to questionnaires, journal entries, conversation prompts and reflections you create.
- Purchase information: when you buy a guided experience, our payment processor (see §4) collects the data needed to process your card. We do not receive or store full card numbers.
2.2 Information we collect automatically
- Usage / analytics data (only if you accept analytics cookies): pages viewed, buttons clicked, scroll depth, session duration, audio play/pause events, language toggled.
- Device / log data: device type and OS, browser type and version, approximate location (country/region — derived from IP), timestamp, referring URL.
- Cookies and similar storage: see our Cookie Policy. Essential storage is used to remember your language and consent choice; analytics storage is only set with your consent.
2.3 Information from third parties
If you reach us through a Meta (Facebook/Instagram) ad and interact with a ManyChat conversational flow, Meta and ManyChat may share certain attributes with us (the ad you clicked, your messaging-app handle, the answers you gave the bot). We import only the information necessary to follow up on your request.
3. Purposes & Legal Bases
We process your personal information for the following purposes, on the following legal bases (PPL §11 / GDPR Art. 6):
| Purpose | Legal basis |
|---|---|
| Deliver the free workbook you requested and follow-up emails about it | Consent (ticked at the form) / performance of pre-contract steps |
| Process a purchase, deliver the audio + workbook, send the receipt | Performance of a contract |
| Send marketing emails about new experiences / apps | Consent — you may withdraw any time |
| Web/app analytics, performance monitoring | Consent (via cookie banner) |
| Detect fraud, prevent abuse, secure our infrastructure | Legitimate interest / legal obligation |
| Comply with tax, accounting, and consumer-protection laws | Legal obligation |
4. Recipients and Third-Party Processors
We do not sell or rent your personal information. We share it only with the service providers listed below, each of whom is contractually bound to use it solely on our instructions:
| Recipient | Purpose | Where the data goes |
|---|---|---|
| Google LLC — Firebase (Hosting, Firestore, Storage, Cloud Functions, Authentication) | Hosts the website, stores account & mailing-list data, delivers free-guide downloads | USA / EU (Google data centers) |
| Google LLC — Firebase Analytics | Aggregated website / app usage analytics (only with consent) | USA |
| Google LLC — Google Fonts | Delivers the Inter typeface used on the website (your IP and User-Agent are exposed to Google when fonts load) | USA / EU |
| Dodo Payments — merchant of record for guided-experience purchases | Card payment processing; tax handling; receipts. Dodo Payments is the seller of record for these transactions and its own privacy notice governs how it processes payment data. | EU (Lithuania) / USA |
| Apple Inc. & Google Play | App-store purchases and in-app subscriptions for our mobile apps | USA / per their data residency |
| Meta Platforms Ireland Ltd. — Meta Ads / Pixel / Conversions API | Advertising attribution and lookalike audience building, when used. (Pixel only fires after you accept marketing cookies.) | Ireland / USA |
| ManyChat, Inc. | Runs the conversational flows attached to our Meta ads; stores your messaging handle and the answers you give the bot | USA |
| ElevenLabs, Inc. | Generates voice for some of our guided audio sessions. We do not send your personal data to ElevenLabs. | USA |
| Email delivery provider (currently routed through Google SMTP for transactional emails) | Sends free-guide downloads, receipts, daily admin reports | USA / EU |
We may also disclose your information when required by law, in response to a valid legal process, to protect our rights or the safety of others, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you in advance).
5. International Data Transfers
Most of our service providers are based outside Israel (primarily in the EU and USA). When your data is transferred outside Israel or the EEA we rely on the following lawful transfer mechanisms:
- From Israel: recipient countries either appear on the Israeli Privacy Protection Authority's list of countries offering adequate protection, or the transfer is made under the conditions of the Protection of Privacy Regulations (Transfer of Data to Foreign Databases), 5761-2001.
- From the EEA / UK: we (and our processors) use the European Commission's Standard Contractual Clauses (SCCs, 2021/914), plus supplementary technical measures (encryption in transit and at rest).
You can request a copy of the safeguards in place for a specific transfer by emailing jacoblipsky@90minutes-a-week.com.
6. How Long We Keep Your Information
| Category | Retention period |
|---|---|
| Mailing-list / lead-magnet emails | Until you unsubscribe, or after 24 months of inactivity |
| App account & profile | For the lifetime of the account; deleted within 30 days of your deletion request |
| Purchase records, invoices, tax documents | 7 years (Israeli Income Tax Ordinance and VAT Law) |
| Analytics events | 14 months (Firebase Analytics default) |
| Cookie consent record | 13 months from the date you set it, then re-asked |
| Contact-form correspondence | As long as needed to handle your request, then archived for 24 months |
7. Your Rights
Depending on where you live, you may have some or all of the following rights:
7.1 Under the Israeli Protection of Privacy Law (PPL) and Amendment 13
- Right to know which information about you we hold (§13 PPL).
- Right to ask us to correct, complete, or delete inaccurate information (§14 PPL).
- Right to withdraw consent at any time (the withdrawal does not affect prior lawful processing).
- Right to lodge a complaint with the Israeli Privacy Protection Authority (הרשות להגנת הפרטיות) — https://www.gov.il/en/departments/the_privacy_protection_authority.
7.2 Under the GDPR (EU/EEA/UK residents)
- Right of access (Art. 15), rectification (Art. 16), erasure / "right to be forgotten" (Art. 17).
- Right to restrict processing (Art. 18), data portability (Art. 20), object to processing (Art. 21).
- Right to withdraw consent at any time (Art. 7(3)) and to lodge a complaint with your local Data Protection Authority.
7.3 Under the CCPA / CPRA (California residents)
- Right to know what categories of personal information we have collected and to whom we have disclosed it.
- Right to delete personal information.
- Right to correct inaccurate information.
- Right to opt out of "sale" or "sharing" — we do not sell or share personal information for cross-context behavioral advertising in the CCPA sense.
- Right not to be discriminated against for exercising any of these rights.
To exercise any right, email jacoblipsky@90minutes-a-week.com with the subject line "Privacy Request". We respond within 30 days (extendable to 60 days for complex requests, with notice to you).
8. How We Secure Your Information
- HTTPS / TLS for all traffic between you and our servers.
- Firebase Authentication for account access; passwords are hashed by Firebase and never visible to us.
- Firestore Security Rules restrict who can read or write each collection; lead-magnet emails are writable only via authenticated paths.
- Backend secrets (SMTP credentials, API keys) are stored in Google Cloud Secret Manager — never in the client bundle or in source control.
- Access to administrative tooling is restricted to the founder and protected by Firebase Authentication.
No system is 100% secure. If a breach occurs that is likely to put your rights at risk, we will notify you and the relevant authority within 72 hours (GDPR) and follow PPL Amendment 13 §17B notification rules.
9. Children
The Services are not intended for, and we do not knowingly collect personal information from, individuals under 18 years of age. If you believe a child has provided us personal information, contact us at jacoblipsky@90minutes-a-week.com and we will delete it.
10. Automated Decision-Making
We do not make decisions with legal or similarly significant effect using solely automated means.
11. Changes to This Policy
We will post the updated policy on this page with a new "Version" number and "Last Updated" date, and (for material changes) send a notice to registered users. The current and prior versions are kept on file; email us to request an earlier version.
12. Contact & Complaints
Privacy contact: jacoblipsky@90minutes-a-week.com
Israeli residents may also complain to the Israeli Privacy Protection Authority (הרשות להגנת הפרטיות): https://www.gov.il/en/departments/the_privacy_protection_authority.
EEA/UK residents may complain to their national Data Protection Authority (a list is maintained by the European Data Protection Board).