Privacy Policy

Effective Date: 17 February 2026

This Privacy Policy describes how M.A APORIA LTD (“Company,” “we,” “us,” “our”) collects, uses, discloses, and protects Personal Data in connection with our websites and related online services that display informational content about financial topics and may link to third-party partner websites (collectively, the “Services”). This Privacy Policy is intended to be suitable for global operations, including compliance with applicable requirements under the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), PIPEDA (Canada), the Australian Privacy Act 1988 (Cth), and other applicable data protection frameworks.

1. Introduction and Scope

1.1 Scope. This Privacy Policy applies to Personal Data we process when you access or use the Services, including data collected through cookies, pixels, server-side tags, analytics, and similar technologies.
1.2 Third-Party Services. The Services may contain links to third-party websites and services (including partners, advertisers, and ad networks). We are not responsible for the privacy practices of those third parties. Your interactions with third parties are governed by their own policies.
1.3 No Accounts / No Direct Application Processing. Our Services provide informational content and may redirect you to third-party partners. We do not offer user accounts and we do not require you to submit loan applications through our Services.

2. Definitions

For purposes of this Privacy Policy:

  • “Personal Data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with an individual or household.

  • “Processing” means any operation performed on Personal Data, such as collection, use, storage, disclosure, or deletion.

  • “Controller” (GDPR/UK GDPR) means the entity determining the purposes and means of Processing.

  • “Processor” means an entity Processing Personal Data on behalf of a Controller.

  • “Advertising and Measurement Identifiers” means online identifiers such as cookie IDs, pixel IDs, mobile advertising identifiers (if applicable), click IDs, device identifiers, and similar tokens used for advertising delivery, attribution, and analytics.

  • “Partner” means a third party to whose website we may refer you via outbound links.

  • “Sell” / “Share” have the meanings set out under CCPA/CPRA, including disclosure of Personal Data for monetary or other valuable consideration (“sell”) and disclosure for cross-context behavioral advertising (“share”).

3. Categories of Personal Data Collected

Depending on how you interact with the Services, we may collect the following categories of Personal Data:

3.1 Identifiers and Online Identifiers

  • IP address (and general geolocation derived from IP)

  • Cookie IDs, pixel IDs, server-side tag identifiers

  • Click IDs and attribution parameters (e.g., gclid, fbclid, ttclid, and comparable identifiers)

  • User agent and device identifiers (browser type, operating system, device model)

3.2 Internet or Other Electronic Network Activity

  • Pages viewed, time spent, referring URLs, exit pages

  • Interactions with content and outbound link clicks

  • Approximate location (e.g., city/region inferred from IP)

3.3 Analytics and Performance Data

  • Events and performance metrics (e.g., session events, conversion and attribution signals, aggregated reporting)

3.4 Inferences

  • Inferences drawn from browsing behavior for content performance and advertising measurement (e.g., interest categories inferred by advertising platforms based on your browsing and identifiers)

3.5 Information We Do Not Intentionally Collect

  • We do not require you to submit account registration details.

  • We do not intentionally collect government identifiers, precise geolocation (GPS), or sensitive categories (such as health or biometric data) through the Services.

  • We do not request credit score data, loan application data, or bank account data through our Services.

4. Sources of Data

We collect Personal Data from:

  • You and your device/browser when you access the Services;

  • Cookies, pixels, SDKs, and server-side tags deployed on or in connection with the Services;

  • Advertising, analytics, and measurement providers (e.g., Google Analytics/Google Tag Manager; advertising pixels and conversion measurement tools);

  • Log files and security systems that record interactions with the Services.

5. Legal Bases for Processing (GDPR/UK GDPR)

Where GDPR/UK GDPR apply, we rely on the following legal bases as appropriate:

5.1 Consent
We rely on consent for the use of non-essential cookies and similar technologies in jurisdictions requiring opt-in consent (e.g., the EEA/UK under ePrivacy/PECR rules). You can withdraw consent at any time via our cookie controls.

5.2 Legitimate Interests
We process certain Personal Data based on our legitimate interests, such as:

  • operating, maintaining, and securing the Services;

  • measuring content performance and site effectiveness;

  • preventing fraud, abuse, and attacks;

  • understanding how users engage with content to improve the Services.
    Where we rely on legitimate interests, we consider and balance any potential impact on your rights.

5.3 Compliance with Legal Obligations
We process Personal Data as necessary to comply with applicable laws, regulations, lawful requests, and to establish, exercise, or defend legal claims.

6. How We Use Personal Data

We use Personal Data to:

  • Provide and operate the Services and content;

  • Measure performance (analytics, attribution, aggregate reporting);

  • Facilitate outbound referrals by recording clicks and attribution signals;

  • Maintain security and prevent fraud/abuse;

  • Improve the Services (debugging, QA, performance optimization);

  • Comply with legal obligations and enforce our Terms & Conditions.

7. Sharing and Disclosure of Information

We may disclose Personal Data to the following categories of recipients:

7.1 Service Providers (Processors)
We disclose Personal Data to vendors that provide services such as hosting, content delivery, analytics, tag management, and security. These providers are authorized to process Personal Data only as necessary to provide services to us and pursuant to contractual protections.

7.2 Advertising, Measurement, and Attribution Partners
We use tracking technologies and server-side tags that may disclose Advertising and Measurement Identifiers and event data to advertising and measurement providers to measure performance and attribute outbound referrals. These disclosures may be considered “sharing” under certain privacy laws (including CCPA/CPRA) when used for cross-context behavioral advertising.

7.3 Corporate Transactions
We may disclose Personal Data in connection with a merger, acquisition, reorganization, financing, or sale of assets, subject to confidentiality and applicable law.

7.4 Legal and Safety
We may disclose Personal Data to comply with law, respond to lawful requests, protect our rights and property, and protect the safety of users or others.

8. International Data Transfers

We are based in Israel and may process and store Personal Data in Israel and other jurisdictions where our vendors operate (which may include the United States and other countries).
Where GDPR/UK GDPR apply and Personal Data is transferred internationally, we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) and/or the UK’s international data transfer mechanisms; and

  • additional measures as appropriate to protect Personal Data in transit and at rest.

9. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

  • maintaining accurate analytics and attribution records;

  • ensuring security and preventing abuse;

  • complying with legal obligations and resolving disputes.

Retention periods vary based on the nature of the data and processing purpose. We generally apply the following retention logic:

  • Log and security data is retained for a limited period necessary for security monitoring and incident investigation;

  • Analytics and attribution data is retained in accordance with platform settings and business needs, then deleted or anonymized where feasible;

  • We may retain aggregated or de-identified data longer where it cannot reasonably be used to identify you.

10. Data Security Measures

We implement administrative, technical, and organizational measures designed to protect Personal Data, which may include:

  • encryption in transit (TLS) where supported;

  • access controls and least-privilege permissions;

  • monitoring for suspicious activity;

  • vendor due diligence and contractual protections where appropriate.

No security measures are perfect; we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

We use cookies, pixels, SDKs, and server-side tags to operate the Services, analyze usage, and measure advertising performance.

11.1 Types of Technologies

  • Cookies (first-party and third-party)

  • Pixels/Web beacons (e.g., conversion pixels)

  • Server-side tagging (events sent from our server environment to measurement partners)

  • Local storage or similar browser technologies (where applicable)

11.2 Categories of Cookies

  • Strictly Necessary Cookies: required for basic site functionality and security.

  • Performance/Analytics Cookies: help us understand site usage (e.g., GA4).

  • Advertising/Targeting Cookies: used for conversion measurement and, depending on configuration, interest-based advertising and retargeting.

  • Functionality Cookies: remember preferences (where implemented).

11.3 Controls and Consent
You can manage preferences through our cookie banner/controls and browser settings. In jurisdictions requiring opt-in consent for non-essential cookies (e.g., EEA/UK), we use consent mechanisms intended to obtain and record consent before activating such technologies.

11.4 Do Not Track / Global Privacy Control
Some browsers offer “Do Not Track” signals. Because there is no consistent industry standard for DNT, we do not respond to DNT signals in a uniform way. Where required by applicable law, we honor Global Privacy Control (GPC) signals as an opt-out of “sale” or “sharing” as defined by CCPA/CPRA.

(For a detailed breakdown, see our Cookie Policy.)

12. Automated Decision-Making and Profiling

We do not use automated decision-making that produces legal or similarly significant effects on you within the meaning of GDPR/UK GDPR. Advertising partners may use profiling for interest-based advertising subject to their own practices and your choices/consents.

13. User Rights

Your rights depend on where you live.

13.1 California Privacy Rights (CCPA/CPRA)

California residents may have the right to:

  • know the categories and specific pieces of Personal Data collected;

  • request deletion of Personal Data (subject to exceptions);

  • correct inaccurate Personal Data (where applicable);

  • opt out of “sale” or “sharing” of Personal Data (as defined by CPRA);

  • limit use and disclosure of sensitive personal information (we do not intentionally collect sensitive personal information for these purposes);

  • not be discriminated against for exercising privacy rights.

Opt-Out of Sale/Sharing: If our advertising and measurement disclosures are considered “sharing” under CPRA, you may opt out via (i) cookie controls, (ii) enabling GPC, and/or (iii) contacting us as described below.

13.2 EU/UK Data Subject Rights (GDPR/UK GDPR)

If GDPR/UK GDPR applies, you may have the right to:

  • access, rectify, or erase Personal Data;

  • restrict or object to processing (including objection to processing based on legitimate interests);

  • data portability;

  • withdraw consent at any time (for processing based on consent);

  • lodge a complaint with a supervisory authority.

13.3 Canada (PIPEDA) and Australia

You may have rights to access and correct Personal Data and to complain to relevant regulators. We will respond to rights requests in accordance with applicable law.

14. Children’s Privacy

The Services are intended for individuals 18 years of age or older and are not directed to children. We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data through the Services, contact us and we will take appropriate steps consistent with applicable law.

15. Third-Party Links

The Services contain links to third-party websites (including partner websites). We are not responsible for third parties’ content, security, or privacy practices. Please review their policies before providing any information.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective Date” indicates when it was last revised. Material changes will be posted on the Services.

17. Contact Information

If you have questions or requests regarding this Privacy Policy or our data practices, contact:

M.A APORIA LTD
6492102 Menachem Begin Road 144, Tel Aviv, Israel
Email: contact@aporianetworks.com

Data Protection Officer: We have not appointed a Data Protection Officer. If GDPR/UK GDPR applies to our processing, you may still contact us at the email above for privacy inquiries and rights requests.