grigoriev.co.il

Privacy Policy

Last updated: May 8, 2026.

This Policy describes what personal data we (Dmitry Grigoriev, sole proprietor doing business as “Marketing Engineering Studio,” hereafter — the “Studio”) collect when you use the website grigoriev.co.il, how we use it, who we share it with, and what your rights are.

This document complies with Israeli Privacy Protection Law (PPL) Amendment 13 (in effect from August 14, 2025) and GDPR (for visitors from the EEA).

1. Data Controller

  • Name: Dmitry Grigoriev
  • Address: Nahariya, Israel
  • Data contact (DPO): [email protected]
  • Identification details: available on request

2. Data we collect

2.1. Data you provide directly

When you fill out the contact form, request an audit, or contact us via WhatsApp/Telegram/email:

  • Name
  • Email
  • Phone (optional)
  • Request type (SEO Audit / Implementation / Retainer / Takli / Other)
  • Message (text you enter in the form)

2.2. Technical data collected automatically

When you visit the site:

  • IP address (anonymized before upload to GA4)
  • Device type, browser, OS
  • Referrer URL
  • UTM parameters, gclid, fbclid (if you came from an ad)
  • Behavioral data (pages, time on site, clicks) — only after your consent

2.3. Cookies

  • Necessary cookies — for site functioning (session, language preference)
  • Analytics cookies (GA4, Cloudflare Web Analytics) — only after opt-in
  • Marketing cookies (Meta Pixel, Google Ads) — only after opt-in

You can manage cookies via the cookie banner at the bottom of the site.

3. Why we collect this data

  • To respond to your request (legitimate interest / contractual necessity)
  • To contact you for service clarification
  • To improve site performance via anonymous analytics (only after consent)
  • To measure marketing effectiveness (only after consent)
  • To comply with legal obligations (e.g., tax reporting)

4. Who we share data with

We use the following third-party processors (all with DPAs):

  • Cloudflare — hosting, CDN, Pages Functions, D1 database. Data centers: Israel/EU. Cloudflare DPA.
  • Google LLC — GA4, GTM, Google Ads. Only after opt-in. Google DPA.
  • Resend — email delivery via API. Resend DPA.
  • Anthropic / OpenAI — if you interact with the AI bot on Takli, dialog content is processed by the LLM provider with PII redaction. See the separate DPA.

We do not sell your data to third parties.

5. Retention periods

Data typePeriodBasis
Form data (name, email, message)7 years after last contactIL tax obligations
Anonymized analytics data26 months (GA4 default)Performance analytics
Cookie consent state365 daysCompliance evidence
Email correspondence7 yearsIL tax obligations
Takli AI dialog records12 monthsService quality + safety review

After the period expires, data is deleted or anonymized.

6. Your rights

Under PPL Amendment 13 and GDPR, you have:

  • Right to access — find out what data we hold about you
  • Right to rectification — ask us to correct inaccurate data
  • Right to erasure (right to be forgotten) — ask us to delete your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to opt out of marketing communications at any time
  • Right to lodge a complaint with the Israel Privacy Protection Authority or an EEA supervisory authority

To exercise any right — email [email protected] with subject “Privacy Request.” We respond within 30 days.

7. Security

We apply technical and organizational security measures per Israeli Privacy Protection Regulations (Information Security) 2017:

  • Encryption in transit (TLS 1.3 everywhere)
  • Encryption at rest for D1 database
  • Access control — only Dmitry has access to production data
  • Logging of all access operations
  • Regular security audits via automated tools

In case of a data breach — we notify affected individuals and the Privacy Protection Authority within 72 hours per PPL Amendment 13.

8. Cookies — detailed

See the Cookies section above. By default, only necessary cookies are loaded. All others — after explicit opt-in via the cookie banner.

9. Children

We don’t work with children under 16. If we discover that a child’s data has been collected — we delete it within 7 days.

10. Policy changes

We may update this Policy. The latest version is always here, with the last update date at the top. Material changes — we notify via email those who provided contact details.

11. Contact

For any questions — [email protected].

See also: Terms of Service, Data Processing Addendum.