Privacy Policy

Version 3.1 · Effective: April 5, 2026

S2 Tikshuv Ltd ("Company", "we", "us"), a company registered in Israel, is the data controller responsible for your personal data when you use E2LLM products and services.

This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use the E2LLM Extension, E2LLM MCP Server, and our website (together, "Services"). It also describes your privacy rights and how to exercise them.

E2LLM consists of two products with different data models. We describe each separately so you know exactly what applies to you.

1. Collection of Personal Data

E2LLM Extension

Extension

The E2LLM Extension processes all data locally in your browser. DOM capture and SiFR generation happen entirely on your device. We do not receive, transmit, or store any page content, URLs, or captured snapshots.

We collect anonymous, aggregated usage data only:

We do NOT collect: URLs you visit, page content or DOM data, SiFR snapshot content, personal identifiers, cookies, or browsing history. The extension works fully offline and does not require an account.

E2LLM MCP Server

MCP Server

The MCP Server is an authenticated service. We collect two categories of data:

Interaction metadata: who performed what action, when, and how. This includes:

Session data: the full content of MCP interactions, including:

Both metadata and session data are retained for 30 days, encrypted at rest with client-side encryption, and purged after the retention period. Access to session data is strictly controlled — it requires a lawful request, explicit user consent (e.g., a support ticket), or a triggered safety review. We do not access session data for product development, analytics, or any purpose other than safety, compliance, and dispute resolution.

A 30-day retention window is standard practice for AI platforms. This retention is required for compliance obligations, safety monitoring, and dispute resolution ("I did not authorize that action").

Special Category Data

Session data captured through the MCP Server may incidentally contain special category data as defined by GDPR Article 9 — for example, content from health portals, political forums, or religious websites visited during a session. We do not intentionally collect or process special category data. Where such data is incidentally captured as part of session recordings, it is processed under Article 9(2)(f) (establishment, exercise, or defence of legal claims) and Article 9(2)(g) (substantial public interest — safety monitoring obligations). The same encryption, access controls, and retention limits that apply to all session data apply to any incidental special category data.

Payment Data

Both Products

All paid transactions are processed by Paddle.com Market Ltd ("Paddle"), which acts as the Merchant of Record. We do not have any direct financial relationship with our customers. Paddle is the seller for all paid transactions and handles all billing, invoicing, sales tax, and payment processing. We do not collect, process, or store any payment information (credit card numbers, billing addresses, bank details). Paddle handles all payment data in accordance with their Privacy Policy.

We receive from Paddle: your email address, subscription status, and transaction identifiers. We use this solely to manage your subscription tier and provide the corresponding service level.

Data we receive automatically

Website & Services

When you visit e2llm.com or use our Services, we may automatically receive:

2. How We Use Personal Data

We use your personal data for the following purposes:

We do not use your data to train AI models. We do not sell, rent, or share your personal data with third parties for marketing purposes.

Our automated safety monitoring may result in restrictions on your account (such as rate limiting or feature restrictions). These decisions are based on interaction patterns, not content inspection. If you believe your access was restricted in error, contact info@e2llm.com — we will review your case with human oversight and typically respond within 5 business days.

3. How We Disclose Personal Data

We disclose personal data only in the following circumstances:

We do not disclose personal data for advertising or marketing purposes.

4. Your Rights and Choices

Depending on where you live and applicable laws, you may have the following rights regarding your personal data:

To exercise these rights, contact us at info@e2llm.com. We will respond within 30 days, extendable by 60 days for complex requests. We will not discriminate against you for exercising your privacy rights.

You also have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.

5. Data Transfers

S2 Tikshuv Ltd is based in Israel. Israel has been recognized by the European Commission as providing an adequate level of data protection under Article 45 GDPR. If you are located outside Israel, your data may be transferred to and processed in Israel in connection with providing the Services.

Where data is transferred to countries without an adequacy decision (for example, to infrastructure providers in the United States), we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

6. Data Retention and Security

Retention

Aggregated and De-Identified Data

We may process personal data in an aggregated or de-identified form to analyze usage patterns and improve our Services. For example, we analyze capture frequency and operation types across all users to inform product development. This information does not identify individual users.

Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

However, no method of transmission over the internet is 100% secure.

Extended Retention

We may extend the 30-day retention period for specific accounts in the following circumstances: legal hold or court order (as specified by the order), active investigation of a Terms of Service violation (up to 90 days), or reasonable suspicion of illegal activity (up to 180 days). Extensions beyond 180 days require documented legal justification. Extended retention is subject to the same access controls and encryption as standard retention. Users are notified of extended retention unless notification is prohibited by law.

7. Cookies and Similar Technologies

Our website (e2llm.com) uses minimal, functional cookies only:

We use first-party performance monitoring (Elastic APM) as a functional component of our service — it detects errors, monitors service health, and supports our compliance and operational obligations. This data is processed entirely on our own infrastructure and is not shared with third parties. No personal identifiers are collected through performance monitoring.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in ad networks or retargeting programs.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of authenticated features.

8. Children

Our Services are not directed towards, and we do not knowingly collect personal data from, children under the age of 18. If you become aware that a child under 18 has provided personal data to us, please contact us at info@e2llm.com and we will investigate and, if appropriate, delete the data.

9. Legal Bases for Processing

Where applicable (for example, under GDPR), we rely on the following legal bases:

PurposeDataLegal Basis
Provide and maintain Services Identity, Contact, Usage, Technical Contract performance
Create and manage accounts Identity, Contact Contract performance
Process payments Identity, Contact (via Paddle) Contract performance
Communicate service updates Identity, Contact Contract; Legitimate interest
Prevent fraud and abuse Identity, Usage, Technical, Session data Legitimate interest; Legal obligation
Safety monitoring and compliance Session data (SiFR captures, actions) Legitimate interest; Legal obligation
Dispute resolution Session data, Metadata Legitimate interest; Contract performance
Improve Services (aggregated analytics) Usage, Technical (de-identified) Legitimate interest
Enforce Terms of Service Identity, Usage, Technical Contract; Legitimate interest

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify account holders by email and post a notice on our website at least 14 days before changes take effect. The effective date at the top of this page indicates the latest revision.

11. Contact

If you have questions about this Privacy Policy, or wish to exercise your privacy rights, contact us at:

S2 Tikshuv Ltd
Email: info@e2llm.com
Website: e2llm.com

Data Protection Officer: Alexey Sokolov
DPO contact: info@e2llm.com