wedpo
Log inSign up
Legal · WeDPO

Privacy Policy

How WeDPO collects and uses personal data of users of the WeDPO Compliance Scanner at scanner.wedpo.com.

Effective date: 23 May 2026

At a glance

This Privacy Policy explains how Entero Strategies Ltd., trading under the "WeDPO" brand (the "Company", "we", "us" or "our"), collects and uses personal data of users of the WeDPO Compliance Scanner at scanner.wedpo.com (the "Service"). It is written in line with the transparency requirements of the EU and UK GDPR and the notice and data subject rights requirements of the Israeli Privacy Protection Law, 5741-1981, as amended (the "Israeli PPL").

In short: we process personal data to operate the Service, manage your account, deliver Scan reports, take payment through our merchant of record, respond to support requests, send marketing where you have opted in, and comply with legal obligations. We act as an independent controller for that personal data. We do not sell, rent or trade personal data. You have rights over your personal data, and you can contact us at privacy@wedpo.com.

1. Who we are

The controller responsible for your personal data is Entero Strategies Ltd., a company incorporated in Israel, trading as WeDPO. You can contact our privacy team at privacy@wedpo.com.

2. Scope of this Policy

This Policy applies to personal data we process in connection with your use of the Service, including registering and managing an account, submitting URLs and receiving Scan reports, purchasing a subscription or credits, contacting support, and receiving our marketing communications where you have opted in. This Policy describes our role as controller of personal data we collect through the Service. It does not describe processing carried out by other WeDPO services.

3. Personal data we collect

We collect and process the following categories of personal data, depending on how you use the Service:

(a) Account and contact data: your name, work email address, organization, role and account credentials.

(b) Scan data: the URLs you submit, the contact details used to deliver a report, and the findings produced for the submitted URL.

(c) Technical and usage data: IP address, browser type and version, device identifiers, operating system, pages visited, and log data generated by our hosting, security and analytics tools.

(d) Billing data: billing name, billing address, VAT or tax identification number and a record of your purchases. Payment card details are collected and processed by our merchant of record and are not stored by us.

(e) Marketing and preference data: your subscription status, email engagement signals and content preferences, together with the legal basis recorded for any direct marketing.

(f) Support data: the content of your communications with us when you request support.

We do not seek to collect special category data under Article 9 of the GDPR or highly sensitive information under the Israeli PPL. Please do not submit such data, the personal data of other individuals, or confidential business information through the Scanner. The Service is not directed at children, and we do not knowingly collect personal data from individuals under the age of 16.

4. How we collect personal data

We collect personal data directly from you when you register, submit a URL, make a purchase or contact us; automatically through cookies, similar technologies and server logs when you use the Service; and from our service providers, including our merchant of record and analytics providers, to the extent permitted by Applicable Law.

5. Purposes and legal bases

We process personal data for the following purposes, relying on the legal bases indicated under the EU and UK GDPR and the corresponding permitted bases under the Israeli PPL:

(a) To operate, secure and maintain the Service and your account, relying on our legitimate interests in running and securing the Service, and on the performance of our contract with you.

(b) To deliver Scans and reports you request, relying on the performance of our contract with you.

(c) To take payment and manage billing, relying on the performance of our contract with you, your consent and on compliance with legal obligations. Payment is processed by our merchant of record, as described in section 7.

(d) To respond to support requests and communicate with you about the Service, relying on the performance of our contract and on our legitimate interests in supporting users.

(e) To send marketing communications where you have opted in or where a business-to-business relationship permits it under Applicable Law, relying on consent or legitimate interests, in each case with a clear opt-out.

(f) To detect, prevent and respond to security incidents and abuse, relying on legal obligations and our legitimate interests in security.

(g) To comply with accounting, tax, audit and other legal obligations, relying on compliance with legal obligations.

(h) To establish, exercise or defend legal claims, relying on our legitimate interests and, where applicable, the establishment of legal claims.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Where we rely on legitimate interests, we have carried out or will carry out a legitimate interests assessment.

6. Automated processing

The Scanner produces automated, indicative findings about a submitted website. This processing analyses publicly observable signals of the website you submit; it does not make decisions about you that produce legal or similarly significant effects within the meaning of Article 22 of the GDPR. Scan output is intended for your own review.

7. Payment processing and merchant of record

We sell access to the Service through our third party payment processor which acts as our authorized reseller and merchant of record. When you make a purchase, such a third party payment processor collects and processes your payment and billing data as an independent controller for the purposes of payment processing, fraud prevention, invoicing and tax compliance, in accordance with its own privacy notice. We receive limited transaction data from Paddle, such as your billing contact details and a record of the purchase, which we process as described in this Policy.

8. Who we share personal data with

We share personal data only as necessary and subject to appropriate safeguards, with: (a) our staff and contractors bound by confidentiality obligations; (b) service providers that support the Service, including cloud hosting, email delivery, analytics, security monitoring and our merchant of record; (c) professional advisers under duties of confidentiality; (d) competent authorities and regulators where required by Applicable Law; and (e) an acquirer or successor in the context of a merger, acquisition or sale of assets, subject to confidentiality. We do not sell, rent or trade personal data to third parties for their own marketing purposes.

9. Service providers

The categories of service providers we rely on are: cloud hosting and infrastructure providers; email delivery providers; web and product analytics providers; security, logging and monitoring providers; our merchant of record for payments; and form-protection services, including Google reCAPTCHA, which is subject to Google's own privacy terms. The named list of providers evolves over time; you may request further information at privacy@wedpo.com.

10. International transfers

Where personal data is transferred outside the EEA or the United Kingdom, we rely on an appropriate safeguard, such as an adequacy decision, the EU Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, EU-US Data Protection Framework (DPF) or another valid transfer tool under Article 46 of the EU or UK GDPR. For transfers of personal data originating in Israel, we observe the conditions under the Protection of Privacy (Transfer of Data to Databases Abroad) Regulations, 5761-2001, as amended.

11. How long we keep personal data

We retain personal data for no longer than necessary for the purposes for which it was collected. In general: account and usage data are kept for the duration of your account and for a reasonable period afterwards; Scan data and reports are kept for the period necessary to provide and improve the Service; accounting and tax records are kept for the period required by Applicable Law, commonly six to seven years; marketing data is kept until you actively request a deletion; and security logs are kept for a limited period unless extended for a specific investigation. At the end of the applicable period we delete or anonymize the personal data.

12. Security

We implement appropriate technical and organisational measures to protect personal data, in line with Article 32 of the EU and UK GDPR and the Israeli Protection of Privacy (Data Security) Regulations, 5777-2017. These include access controls, encryption in transit and, where appropriate, at rest, logging and monitoring, personnel confidentiality obligations, and written data protection terms with our service providers. No method of transmission or storage is completely secure, and you are responsible for keeping your credentials confidential.

13. Your rights

Subject to the conditions in Applicable Law, you have the right to access your personal data; to request correction of inaccurate or incomplete data; to request erasure; to request restriction of processing; to data portability; to object to processing based on legitimate interests or for direct marketing; and to withdraw consent where we rely on consent. If you are located in Israel, you have the rights to review, correct and delete personal data and the expanded transparency rights introduced by Amendment 13 of the Israeli PPL.

To exercise any of these rights, contact us at privacy@wedpo.com. We will respond within the time limits set by Applicable Law, generally 30 days under the EU and UK GDPR. We may ask for information to verify your identity before acting on a request.

14. Complaints

You may lodge a complaint with a supervisory authority. Residents of the EU or EEA may complain to the data protection authority of their habitual residence, place of work or place of the alleged infringement. We would appreciate the opportunity to address your concerns first, so please contact us at privacy@wedpo.com.

15. Cookies

We use cookies and similar technologies on the Site. By default, only strictly necessary cookies are active. Analytics and functional cookies are set only where you have given consent through our cookie banner, and that consent can be withdrawn at any time. Our forms are protected by Google reCAPTCHA, whose use is subject to Google's privacy policy and terms of service.

16. Changes to this Policy

We may update this Privacy Policy from time to time. Where changes are material, we will provide reasonable prior notice through the Site or by email. The "Effective date" at the top of this Policy indicates when it was most recently updated.

17. Contact us

For any question about this Privacy Policy, your rights, or our processing of personal data, please contact privacy@wedpo.com. Website: scanner.wedpo.com.