Last updated: 24 February 2026
Mosdos Technology Office ("MTO", "we", "us", "our") is committed to protecting the privacy of our users. This Privacy Policy explains what personal data we collect, how we use it, who can access it, how we protect it, and your rights regarding your data.
This policy applies to all users of the MTO platform, including Users/Clients, Kehilla Admins, Admins, and Master Admins. By using the Platform, you consent to the data practices described in this policy.
The data controller for the purposes of applicable data protection legislation is:
We collect the following categories of personal data:
| Data | Purpose | Storage |
|---|---|---|
| Primary email address | Account login, communication | Plain text (unique identifier) |
| Password | Account authentication | Argon2id hash (irreversible) |
| User role | Access control | Plain text |
| Email verification status | Account security | Boolean flag |
| Profile completion status | Feature gating | Boolean flag |
| Account creation date | Record keeping | Timestamp |
| Last login date | Security monitoring | Timestamp |
| Terms acceptance date & version | Legal compliance | Timestamp + version ID |
| Data | Purpose | Storage |
|---|---|---|
| Husband's first & last name (English & Hebrew) | Identification, certificate generation | Plain text |
| Wife's first & last name (English & Hebrew) | Identification, certificate generation | Plain text |
| Husband's email address | Communication, device rejection notifications | AES-256-GCM encrypted |
| Wife's email address | Communication, device rejection notifications | AES-256-GCM encrypted |
| Husband's mobile number | Contact, verification | AES-256-GCM encrypted |
| Wife's mobile number | Contact, verification | AES-256-GCM encrypted |
| Landline number | Alternative contact | AES-256-GCM encrypted |
| "Does not have" flags | Form logic (skip optional fields) | Boolean flags |
| Primary email owner designation | Determine primary contact | Enum (husband/wife) |
| Street address, house number, secondary address, post/zip code | Identification, community verification | Plain text |
| Data | Purpose | Storage |
|---|---|---|
| Kehilla selection | Community assignment, rule application | Foreign key reference |
| Synagogue & institution selections | Community identification | Foreign key references |
| Basic phone model, ownership, settings answers | Technology compliance | Structured database fields |
| Device type, ownership, subtype | Technology compliance | Structured database fields |
| Filter company, filter type, filter email | Filter verification | Structured database fields |
| Filter kehilla assignment | Filter accountability | Foreign key reference |
| Purpose of use (free text) | Kehilla compliance review | Text field |
| Office location (free text) | Kehilla compliance review | Text field |
| WhatsApp type | Technology compliance | Enum value |
| Past year device usage | Technology compliance | Boolean flags |
| IMEI numbers | Phone identity verification | AES-256-GCM encrypted |
| Form auto-save data | Preserving incomplete form progress | JSON (temporary) |
| Data | Purpose | Storage |
|---|---|---|
| Device external ID (from filter portal) | Cross-reference with filter company | Plain text |
| Filter portal link | Administrator reference | Plain text (URL) |
| IMEI (submitted & verified) | Phone verification | AES-256-GCM encrypted |
| Flagged websites, apps, categories | Content compliance | Plain text |
| User responses to flagged items | Compliance decision trail | Enum + text notes |
| Kehilla admin responses to escalated items | Final compliance decisions | Enum + text notes |
| Device update link tokens | Secure user updates to rejected devices | Hashed tokens |
| Data | Purpose | Storage |
|---|---|---|
| Payment amount & currency | Transaction record | Plain text |
| Stripe payment intent ID | Payment tracking & reconciliation | Plain text |
| Stripe checkout session ID | Session tracking | Plain text |
| Payment status | Compliance workflow | Enum value |
| Payment date | Record keeping | Timestamp |
We do not store credit card numbers, CVVs, or full payment card details. All payment processing is handled by Stripe. See Stripe's Privacy Policy for details on how Stripe handles your payment information.
If you sign in with Google, we receive and store:
We do not access your Google contacts, calendar, files, or any other Google services data.
| Data | Purpose | Storage |
|---|---|---|
| IP address | Security, rate limiting, audit trail | Logged per action |
| User agent (browser info) | Security, session management | Logged per session |
| Session tokens | Authentication | Server-side, auto-expire |
| CSRF tokens | Form security | Session-bound, temporary |
| Rate limit records | Abuse prevention | Auto-deleted after 24 hours |
| Email verification tokens | Account verification | Hashed, expire after 24 hours |
| Password reset tokens | Password recovery | Hashed, expire after 1 hour |
| Data | Purpose | Retention |
|---|---|---|
| Audit log (action, entity, old/new values, IP, user agent) | Accountability, compliance | Indefinite |
| Email log (recipient, subject, template, status, errors) | Delivery tracking, troubleshooting | Indefinite |
| User change history (field, old value, new value, changed by) | Profile change accountability | Indefinite |
| Task history (action, performed by, notes) | Task management audit trail | Indefinite |
We use your personal data for the following purposes:
Access to your data is strictly controlled by role-based permissions:
You cannot see any other user's data, forms, or devices.
Kehilla admins can see data only from users in their assigned kehilla(s):
Kehilla admins cannot see users from other kehillas, verify devices, create rules, or access system configuration.
Admins can see:
Master admins have full system access including:
We share your data with the following third parties only as necessary:
When you make a payment, you are redirected to Stripe's secure checkout. Stripe receives your email address and payment details directly. We receive only transaction confirmations and IDs from Stripe via webhook. Stripe is PCI-DSS Level 1 certified. See Stripe's Privacy Policy.
If you choose to sign in with Google, Google processes your authentication. We receive only your email and user ID. See Google's Privacy Policy.
Emails are sent via SMTP through a configured mail server. Email content, recipient addresses, and delivery status are logged in our email log for troubleshooting and delivery verification.
We do not sell, rent, or trade your personal data to any third party for marketing or commercial purposes.
All responses include security headers: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy.
| Data Type | Retention Period |
|---|---|
| Account & profile data | Until account deletion or deactivation |
| Forms & device data | Until account deletion (kept for compliance history) |
| Certificates | Indefinite (legal compliance records) |
| Payment records | 7 years (legal/accounting requirement) |
| Audit logs | Indefinite (accountability) |
| Email logs | Indefinite (delivery verification) |
| User change history | Indefinite (profile audit trail) |
| Rate limit records | Automatically deleted after 24 hours |
| Email verification tokens | Expire after 24 hours; marked as used |
| Password reset tokens | Expire after 1 hour; marked as used |
| Session data | Until logout or session expiry |
| Auto-save form data | Until form submission or deletion |
Under applicable data protection laws (including the UK GDPR), you have the following rights:
You can request a copy of all personal data we hold about you. Your dashboard provides access to your profile, forms, devices, tasks, and certificates.
You can update your profile information at any time through the Platform. Changes to profile fields are logged in the change history for audit purposes.
You may request deletion of your account and associated personal data. We will comply unless we are legally required to retain certain records (e.g., payment records for tax purposes, audit logs for compliance). To request deletion, contact us at privacy@mosdos.tech.
You may request that we restrict processing of your data while a dispute or request is being resolved.
You may request your data in a structured, machine-readable format. Contact us to make this request.
You may object to processing based on legitimate interests. Note that objecting may affect your ability to use the Platform.
Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.
The Platform uses the following cookies:
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| kehilla_session | Session authentication | Essential | Session (until browser closes or logout) |
We use only essential cookies required for the Platform to function. We do not use analytics cookies, tracking cookies, or advertising cookies. No cookie consent banner is required as all cookies are strictly necessary.
The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
Your data is stored and processed in the United Kingdom. If any data is transferred outside the UK (e.g., through third-party service providers like Stripe or Google), appropriate safeguards will be in place as required by UK GDPR.
We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date. For significant changes affecting how we process your data, we will notify you by email. Continued use of the Platform after changes constitutes acceptance.
For privacy-related questions, data requests, or complaints:
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.