Privacy Policy

Last updated: May 2026

Welcome to TAMIT — a SaaS platform for managing service businesses. This policy explains how we collect, use, and protect your information in accordance with the Privacy Protection Law 5741-1981 (Israel) and its regulations.

1. Who We Are

TAMIT is a business management system designed for small and mid-sized businesses in Israel. The service is operated by TAMIT and serves tenants (businesses) and their users.

2. Information We Collect

• Login details: name, email address, encrypted password
• Business data: employees, customers, orders, appointments, POS transactions
• Business emails (Super Mail module): subject to explicit consent only, we access the mailbox you connected to read business emails (scope: gmail.readonly)
• Facebook and Instagram data (Social Media module): subject to explicit consent via Facebook Login, we access a user ID, the list of Facebook pages the user manages, the Instagram Business account linked to the page, and engagement data for posts we published (scopes: pages_manage_posts, pages_read_engagement, pages_show_list, pages_manage_metadata, instagram_basic, instagram_content_publish, public_profile)
• Usage data: technical logs, access times, IP addresses

3. How We Use Information

Information is used solely to operate the service for you:

• Managing and operating your business account
• Analytics and business insights (shown to you only)
• Improving functionality and fixing issues
• We do not sell, share, or use your data for advertising

4. Gmail Access (Super Mail module)

When you connect a Gmail account, TAMIT receives read-only access (gmail.readonly) to the mailbox you connected. We:

• Read emails only to generate business analytics and insights for the business owner
• Do not send, delete, or modify any message
• Store summaries only — not the full email body for long-term retention
• Delete data after 30 days by default (configurable)
• Allow you to disconnect at any time from the Super Mail settings screen

This use complies with the Google API Services User Data Policy.

5. Facebook and Instagram Access (Social Media module)

When you connect a Facebook account to Tamit via Facebook Login, you grant access to your business's Facebook page and the linked Instagram Business account. This access is used solely to publish organic posts you create in Tamit, and to read the performance of those posts (engagement, reach, impressions). We:

• Store: the Facebook page ID, Instagram Business account ID, and an encrypted Page Access Token (AES-256). The token allows Tamit to act on behalf of your page only for actions you initiated.
• Actions we perform on the user's behalf:
  • Publishing posts, stories, reels and carousels to Facebook and Instagram — only when you click "Publish" or schedule a post in advance in the Tamit interface
  • Reading engagement data (likes, comments, shares, impressions) for posts Tamit published — to display in your analytics dashboard
  • Reading the list of pages you manage — only so you can choose which page to connect
• Actions we do not perform:
  • We do not read posts, comments, or messages that were not created by Tamit
  • We do not access private accounts of your employees or others
  • We do not use this data for any purpose other than displaying your dashboard and operating the features you requested
  • We do not share, sell, or transfer this data to third parties
• Data retention: the Page Access Token and related data are stored as long as the connection is active. When you disconnect (via the "Connections" screen in the Social Media module, or via Facebook settings → Apps and Websites → Tamit → Remove), the token is deleted from our servers within 24 hours, and any engagement data read until then is deleted within 30 days.
• Advertising data we do not need: we do not access the Ads Account, paid campaign data, or custom audience lists. If we add support for paid campaigns in the future, we will request your explicit consent separately via a renewed OAuth flow.

This use complies with Meta Platform Terms, Developer Policies, and Data Processing Terms.

6. Information Security

• All data is encrypted at rest and in transit (TLS/HTTPS)
• Gmail and Facebook/Instagram tokens are encrypted with AES-256
• Every tenant is isolated in a separate database schema
• Daily automatic backups

7. Data Retention

Email data is retained for up to 30 days. Facebook/Instagram post engagement data is retained for up to 90 days. Business data is retained as long as the account is active. Upon account closure, all data is deleted within 30 days.

8. Your Rights

• Right of access: receive a copy of the data we hold about you
• Right to rectification: correct inaccurate information
• Right to erasure: request deletion of all your data — see data deletion page
• Disconnect access: disconnect Gmail/Facebook/Instagram connections at any time

9. Contact Us

For privacy questions: [email protected]

TAMIT · Israel