Terms of Service

Guiding Principle

NoData provides privacy insurance — not just security. We never access, store, or process customer data. All diagnosis, fixes, and proofs are performed in the customer's environment only.

NoData provides a data exposure reduction system including: system diagnosis, automatic exposure elimination, cryptographic verification certificates, encrypted communication tools, and supporting security tools. All diagnosis runs in the customer's environment only (browser or local machine). NoData does not access, store, or process customer source code, business data, or personal information (PII).

The customer is responsible for: - Running all fixes (migration scripts, SDK integration) in their own environment - Backing up data before applying fixes - Verifying fixes were applied successfully - Storing reports, verification certificates, and evidence NoData provides tools and scripts — it does not make direct changes to customer systems.

NoData stores a minimal audit log for legal proof purposes: - User ID (if registered), session ID - Action timestamps - Action types (scan, fix, certificate, export) - Proof hashes (SHA-256) — cannot be reversed to data - Payment records (via Sumit + UPay) - Terms of service consents Retention period: 7 years (Israeli Income Tax Ordinance + SOC 2 CC7.4 requirement).

NoData does NOT store under any circumstances: - Customer source code - Table names, field names, or schemas - Scanned PII values or business data - Scan report contents (stored in customer's browser only) - Credentials, encryption keys, or passwords - Content of messages, files, or media sent through communication tools

Communication tools (chat, secure channel, rooms, report box) operate with end-to-end encryption (E2E). NoData cannot read, decrypt, or access sent content. Content is encrypted in the sender's browser and decrypted only in the receiver's browser. Messages are auto-deleted per TTL settings. Only delivery proof (HMAC) remains — not the content.

Verification certificates contain proof hashes only — not customer data. Certificates are issued based on SHA-256 proofs generated in the customer's environment. NoData does not verify certificates against actual data — only against the hash chain. Certificates do not constitute SOC 2 certification. SOC 2 Type II compliance requires external audit by a qualified auditor.

Payments are processed via Sumit and UPay credit card terminal. NoData does not store credit card details — processing is handled by Sumit servers at PCI DSS Level 1 compliance. A tax invoice / receipt is automatically generated after each payment and sent to the customer's email. Subscription cancellation: at any time, via account settings. Cancellation takes effect at the end of the current billing period. Refunds: up to 30 days from first charge. Contact us directly.

NoData provides the service "AS IS". NoData is not liable for: - Damage caused by running migration scripts in the customer's environment - Data loss due to improper use of tools - Failure to meet SOC or other regulatory requirements - Temporary or permanent service interruption NoData's total liability is limited to the amount paid in the last 12 months.

These terms are governed by the laws of the State of Israel. Exclusive jurisdiction is granted to the courts of Tel Aviv-Jaffa.