Privacy Policy
Version: 2.0
Published: January 7, 2026
Effective for new accounts: January 7, 2026
Effective for existing accounts: January 22, 2026
Previous version: 1.0, Dec 22, 2025
​
1. Scope
​
This Policy explains how Hebrewverse collects, uses, and protects personal information on its Site worldwide, including EU residents and students under 16 years old. By using the Site, you agree to Hebrewverse’s Terms of Use and Privacy Policy. Hebrewverse may operate through third-party services, including Wix and its AI Service Providers. We encourage you to review the terms and privacy policies of these third parties, which may apply to your use of their services: https://support.wix.com/en/article/wixs-ai-service-providers-and-their-policies
​
​​​
2. What We Collect
​​​​​​
​
​
​
​
​
​​​​​
​​
​
​
3. Legal Bases
​
​
​
​
​
​
​
​
​​​​​
4. Parental Rights (COPPA & GDPR)
​
Parents can:
​
-
Request account deletion
-
Withdraw parental consent, which leads to account deletion.
-
Requests honoured within 30 days via email to privacy@hebrewverse.online.
​​
​
5. Third‑Party Processors
​
​
​
​
​
​
​​
​
​​
​​​​​​
Full, current sub‑processor lists are linked Wix list.
​
​
6. International Data-Transfers
​
Data may be stored on servers outside Canada, including the US and EU. We rely on contractual safeguards (SCCs) and cloud‑provider certifications (ISO 27001, SOC 2).
​
​
7. Security
​
-
Encryption. Data in transit is protected by TLS 1.2 or higher. Wix reports that it encrypts stored personal information with industry‑standard algorithms (AES‑256 or equivalent).
-
Role‑based access; 2‑factor admin logins
​
​
8. Retention & Deletion
​
-
Active accounts: retained while the parent consents.
-
Inactive accounts: deleted after 6 months of inactivity. Back‑up snapshots held by our service providers are overwritten on rolling schedules. Wix reports a ≤ 30‑day snapshot window. We do not control the exact timing but deleted data should vanish from all back‑ups within roughly one month.
-
Consent logs: kept 5 years (FTC standard). Billing records: kept for 7 years to satisfy tax laws.
​​
​
9. Marketing E‑mails (CASL)
​
Parents may receive welcome e‑mails, certificate links, program progress reminders, and updates. Optional newsletter is an opt-in. All emails contain unsubscribe link.
​​
10. Cookies & Tracking
​
​
​
​​
​
​
​​​​​​​​​​​​
​
​
​
AI tutor logs may use transient session metadata hosted externally.
​
​
11. Access & Correction
​​
Parents and Students 16 years old and older may request access to, or correction of, their personal information by e‑mailing privacy@hebrewverse.online or by mail to Hebrewverse Ltd., P.O. Box  57094, RPO Jackson Square, Hamilton ON, L8P 4W9, Canada. We will respond within 30 days of receiving your written request. If more time is required, we may extend the deadline by up to an additional 30 days and will notify you of the reason for the extension within the original 30‑day window.
​​
If you are a parent requesting deletion of his account, we will honour the request and purge active records as soon as possible and back‑up copies within the standard retention window.
​​
​
12. Notification by Data-Breach
​
We notify the Office of the Privacy Commissioner of Canada and affected parents within 72 hours of discovering any breach posing a real risk of significant harm.
​​
​
13. Changes to This Policy
​
We e‑mail registered parents and students 16 years old and older 15 days before important changes to our privacy practices take effect. Continued use after that date constitutes acceptance.
​
​
2025-2026 Hebrewverse Ltd.
Category | Details | Purpose |
|---|---|---|
Volunteer Generated Content | Contributions to online programs and the Site | Service optimization |
AI tutor Interaction | Account e-mail associated with the AI interaction, usage logs, messages (user prompts and AI responses) | AI tutor training, misuse prevention, educational service optimization |
Account Data | Parent/student 16+ e‑mail; student names | Admin accounts, issue certificates, send newsletter |
Automatic Data | Anonymized IP address, device type, country, cookie ID | Site security, basic analytics, fraud prevention |
Course Interaction | Completion status, score, certificate | Generate certificate, allow progress tracking |
User Generated Content | Files/text the user uploads within a course | Review progress, provide feedback |
Region | Legal Basis |
|---|---|
EU/UK | GDPR Art. 6 (1)(a) consent; for under‑16 users parental consent via age gate |
U.S. | COPPA verifiable parental consent |
Canada | Express or parental consent (PIPEDA) |
Provider | Role | Jurisdiction |
|---|---|---|
Betheden Ministries | Wordboat embeds | US |
Create, Play & Learn, S.L. | Game embeds (Educaplay) | EU / Spain |
Amazon Web Services, Google Cloud, Cloudflare | Cloud infrastructure & CDN | Global |
Wix.com Ltd. | Hosting, CRM, transactional e‑mail, analytics, AI tutor | Israel / US / EU |
Name | Purpose | Duration | Type |
|---|---|---|---|
smSession | Site operation | 14 days | Essential |
consent-policy | Cookie for Consent Policy | 12 months | Essential |
hs | Security Cookie for Hive (legacy) | Session | Essential |
server-session-bind | Cookie for API protection | Session | Essential |
svSession | Session cookie for identification | 6 months | Essential |
XSRF-TOKEN | Cookie for fraud detection of calls | Session | Essential |
SSR-caching | Performance cookie for rendering | 24 hours | Essential |