Back to Home
Legal

Awide Privacy Notice

Last revised: April 24, 2026

INTRODUCTION AND SCOPE

This Privacy Notice explains how Awide Labs Ltd. ("Awide") collects, uses, discloses, stores, and otherwise processes personal data in connection with its public website, contact channels, marketing and sales communications, marketplace purchase journeys, EULA and licensing workflows, and related business operations.

This Privacy Notice is structured in a layered format so that key information is presented first and more detailed disclosures appear in later sections. It is intended to support transparency for individuals interacting with Awide in the Awide-controlled layer (defined below) in accordance with Articles 12–14 of Regulation (EU) 2016/679 ("GDPR"), EDPB Guidelines 03/2020 on transparency, and comparable transparency obligations under the UK GDPR, the Swiss FADP, the Israel PPL, and applicable US state privacy laws.

Three Processing Layers

Awide's relationships with personal data fall into three distinct layers, each governed by a different set of documents:

  • (a) Awide-controlled layer — processing by Awide for its own business purposes (website, negotiations, License Administration, billing, CRM, marketing). Awide is the controller / Business. This Privacy Notice applies.
  • (b) Processor layer — processing by Awide on Customer's behalf, narrowly limited to (i) product support and diagnostics requiring access to personal data inside the Customer's deployed environment, and (ii) License Enforcement Telemetry that contains personal data. Awide is the processor / Service Provider. Governed by the Common Data Protection Terms and the applicable Regional DPA (Master DPA for EEA/UK/CH/Israel; US DPA for US residents), not this Privacy Notice.
  • (c) Customer runtime layer — processing of personal data by the Software inside the customer's own cloud account or infrastructure. Customer is the sole controller / Business; Awide has no role. Governed by the EULA and the cloud Shared Responsibility Model.

DEFINED TERMS

For purposes of this Privacy Notice:

  • Awide-controlled layer — all processing activities performed by Awide for its own business purposes, including operation of the public website, pre-contract communications and negotiations, EULA and licensing administration, marketplace transactions, billing, CRM, business-record keeping, and compliance.
  • Customer environment — the customer's cloud account or on-premise infrastructure in which Awide software is deployed, configured, and operated by the customer.
  • License Administration — activities performed by Awide as controller in connection with sales, contracting, EULA acceptance, issuance of license keys, marketplace purchases, billing, and maintenance of licensing records.
  • License Enforcement Telemetry — technical signals generated inside the Customer environment by the Awide software for the purpose of verifying license validity and scope of use.

1. ROLES AND CONTROLLER ALLOCATION

1.1. Awide acts as controller for personal data processed for its own business purposes in the Awide-controlled layer, including: operation of the public website; handling enquiries; conducting pre-contract communications and negotiations, including exchange of draft agreements and collection of signatory and representative data; managing sales and procurement conversations; conducting marketing where permitted; administering marketplace transactions; License Administration (including EULA acceptance, issuance of license keys, billing, and maintenance of licensing records); maintaining business records; and complying with legal obligations.

1.2. Awide products are deployed by the customer inside the customer's own AWS or other marketplace-supported cloud account, with the customer retaining control over architecture, access policies, security settings, regional deployment, monitoring choices, and operational configuration. This model reflects the "AWS Shared Responsibility Model"; Awide's obligations as software provider are set out in the applicable EULA, Common Data Protection Terms, and Regional DPA.

1.3. Where customers deploy Awide DB, Awide PostgreSQL Operations Intelligence Suite, or related Awide products inside their own cloud environments, the customer acts as controller for personal data processed in those environments.

1.4. When Awide provides product support, diagnostics, or troubleshooting that requires access to personal data inside the Customer environment, Awide acts as processor on behalf of the customer under the applicable Regional DPA, in line with EDPB Guidelines 07/2020. License Enforcement Telemetry generated inside the Customer environment is also processed by Awide as processor to the extent it contains personal data. For the avoidance of doubt, License Administration activities listed in Section 1.1 are performed by Awide as controller and are not governed by the DPA. This Privacy Notice should be read together with the applicable EULA, Common Data Protection Terms, Master DPA or US DPA, Sectoral Riders, Support Terms, and product documentation.

1.5. Awide does not enter into joint-controller arrangements within the meaning of Article 26 GDPR with its customers.

2. PERSONAL DATA WE COLLECT

2.1. Awide may collect the following categories of personal data in the Awide-controlled layer:

  • Contact and identity data: name, business email, employer, job title, phone number, role in negotiations, signatory authority, and job-related correspondence exchanged during pre-contract, contracting, and contract-execution stages, and similar business contact details.
  • Transactional and account data: order details, subscription details, licensing records and license keys issued by Awide, marketplace purchase information, billing-support records, records of negotiated contract terms and EULA acceptance records. These records are processed by Awide as controller as part of License Administration.
  • Technical and usage data: IP address, requested URL, referrer, timestamps, user agent, HTTP status, infrastructure logs, device/browser metadata.
  • Communications data: contact-form submissions, support and sales correspondence, meeting notes, records of business interactions.
  • Marketing and preference data: subscription preferences, campaign interactions, suppression records, consent/opt-out choices.
  • Third-party destination interaction context (AWS Marketplace, Azure Marketplace, Google Cloud Marketplace and other external destinations).
  • Sources of personal data under Article 14 GDPR: in addition to data you provide directly, Awide may receive personal data from (a) cloud marketplaces (AWS, Azure, GCP) when you purchase or subscribe to Awide products; (b) business partners and resellers; (c) publicly available sources such as corporate websites and professional networks for B2B prospecting; and (d) payment processors and service providers assisting with sanctions screening and fraud prevention for direct sales outside cloud marketplaces.

2.2. Awide does not knowingly collect personal data from children under the age of 16 (or under 13 as defined by COPPA in the United States). The website and products are intended for business users only.

3. HOW WE USE PERSONAL DATA

3.1. Awide uses personal data in the Awide-controlled layer to operate and secure the website, answer enquiries, provide pre-contract information, conduct contract negotiations and execution, process purchases and subscriptions, perform License Administration (including EULA acceptance, issuance and lifecycle management of license keys, billing, and record-keeping), maintain customer and prospect relationships, improve business operations, comply with legal obligations, and protect against misuse or fraud. Product support, diagnostics, and troubleshooting requiring access to the Customer environment are performed by Awide as processor under the applicable Regional DPA and are not described as controller processing in this Section 3.

3.2. Product functions such as unified dashboards, monitoring, automation, query optimization, and predictive PostgreSQL operations run within the Customer environment and do not, by themselves, make Awide controller or processor for the customer's runtime data. Awide becomes processor only where License Enforcement Telemetry containing personal data is transmitted to Awide, or where the customer explicitly shares runtime data with Awide for support or diagnostic purposes.

4. LEGAL BASES FOR DATA PROCESSING

4.1 GDPR Legal Bases

4.1.1. Awide relies on one or more lawful bases under Article 6 GDPR depending on the processing activity:

  • Contract (Art. 6(1)(b)): pre-contract enquiries, contract negotiation and execution with the customer entity, purchases, subscriptions, License Administration and EULA flows. Requested support involving the Customer environment is performed under the applicable Regional DPA on the customer's legal basis.
  • Legal obligation (Art. 6(1)(c)): accounting, tax, record-keeping, sanctions/trade compliance, lawful requests.
  • Legitimate interests (Art. 6(1)(f)): website security, fraud prevention, defence of legal claims, ordinary B2B relationship management. A legitimate-interests' assessment is available on request.
  • Consent (Art. 6(1)(a)): marketing communications where required, and non-essential cookies or similar technologies.

4.1.2. For customer-deployed product environments, the customer determines the applicable legal bases for its own runtime processing.

4.2 ePrivacy and Cookies or Similar Technologies

4.2.1. EU ePrivacy rules (as interpreted by EDPB Guidelines 2/2023 on the technical scope of Article 5(3) of the ePrivacy Directive) are assessed separately from the GDPR lawful-basis analysis. Article 5(3) covers not only cookies but also pixels, local storage, scripts, server-side identifiers, URL-based tracking, and similar technologies. Strictly necessary technologies used to deliver the site, ensure security, route traffic, or process a communication expressly requested by the user are used without consent.

4.2.2. Analytics, advertising, and similar non-essential technologies are activated only after valid opt-in consent where required. See the Cookie Policy for details.

4.3 US Privacy-Law Framing

4.3.1. For purposes of applicable US state privacy laws, Awide's processing in the Awide-controlled layer is primarily framed as business-purpose processing connected with website operation, security, communications, product sales, licensing, procurement, and related business administration.

4.3.2. Additional obligations may arise under state privacy laws where personal information is used for cross-context behavioral advertising, targeted advertising, profiling, or certain forms of disclosure that may be characterized as sale or sharing. Awide does not sell or share personal information as those terms are defined under the California Consumer Privacy Act (as amended by the CPRA) or equivalent state statutes. Awide does not engage in cross-context behavioral advertising or targeted advertising directed at consumers using personal information collected in the Awide-controlled layer. Awide honours recognized opt-out preference signals where applicable. If this position changes, Awide will update this Privacy Notice, provide a "Do Not Sell or Share My Personal Information" mechanism, and honour opt-out requests within the statutory timeframes.

4.3.3. Where Awide processes Personal Information on behalf of a customer in the processor layer, Awide acts as a Service Provider under the CCPA and as a Processor under the VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA, MCDPA, TIPA, FDBR, and comparable state laws. Those obligations are governed by the US DPA.

4.4 Israel PPL Framing

Where Awide processes personal data of Israel residents in the Awide-controlled layer, Awide complies with the Israel Privacy Protection Law, 5741-1981 and the Privacy Protection (Data Security) Regulations, 5777-2017, at the security level corresponding to the database classification applicable.

5. COOKIES AND SIMILAR TECHNOLOGIES

5.1. Awide uses the term "cookies" broadly to include cookies, pixels, beacons, local storage, scripts, server-side identifiers, log-based measurement tools, and comparable technologies covered by Article 5(3) ePrivacy Directive.

5.2. According to the Cookie Policy, awide.io's technologies may include AWS infrastructure components, contact-form workflows, Google Fonts, and links to external destinations such as AWS Marketplace or documentation portals.

5.3. Where consent is legally required for non-essential technologies, Awide requests it before activating those technologies and allows users to refuse or later withdraw consent as easily as it is given. Continued browsing, silence, inactivity, or pre-ticked options are not treated as valid consent where GDPR and ePrivacy Directive standards apply.

5.4. Under US law, data collected through awide.io's technologies is processed to fulfill user requests including services (e.g., contact responses, support enquiries) as a legitimate business purpose under FTC Section 5 (15 U.S.C. §45), CalOPPA notice requirements, and applicable state privacy laws such as CPRA §1798.140(e) (business-purpose processing, not "sale" or "sharing").

6. HOW WE SHARE PERSONAL DATA

6.1. Awide shares personal data in the Awide-controlled layer with the following categories of recipients:

  • Hosting and infrastructure providers (Amazon Web Services, Inc.).
  • Email, communications, and CRM providers (details available on request).
  • Marketplace operators (AWS Marketplace, Azure Marketplace, Google Cloud Marketplace).
  • Payment and billing processors.
  • Professional advisers, auditors, insurers, legal advisers.
  • Competent authorities where required by law.

6.2. All service providers acting as processors for Awide in the Awide-controlled layer are bound by Article 28 GDPR-compliant data processing agreements that restrict their use of personal data to the purposes described in this notice and require compliance with applicable data protection law. The recipients listed in Section 6.1 are engaged by Awide for processing in the Awide-controlled layer and are not Sub-Processors under the DPA. Sub-Processors engaged by Awide in the context of support, diagnostics, or License Enforcement Telemetry are listed in Exhibit 2 of the Common Data Protection Terms.

6.3. If a user clicks through to AWS Marketplace, Azure Marketplace, Google Cloud Marketplace, or another third-party destination, that destination may process personal data as a separate controller under its own notice.

6.4. Awide does not disclose personal data for cross-context behavioral advertising, targeted advertising, or sale/sharing as defined under US state privacy laws.

7. INTERNATIONAL TRANSFERS

7.1. Personal data processed in the Awide-controlled layer may be transferred to, stored in, or accessed from countries outside the EEA including Israel, Ireland, and the United States, depending on provider configuration, traffic routing, support structure, and the relevant business process.

7.2. Where international transfers are subject to GDPR, UK GDPR, or Swiss FADP transfer rules, Awide relies on one or more of the following transfer mechanisms:

  • (a) adequacy decisions adopted by the European Commission (in particular, Israel, under Decision 2011/61/EU as maintained);
  • (b) the EU–US Data Privacy Framework where the recipient is certified under the DPF (such as Amazon Web Services, Inc. and Google LLC). Awide Labs Ltd., as an Israeli entity, does not itself participate in the DPF and relies on the Israel adequacy decision for transfers to Awide;
  • (c) Standard Contractual Clauses adopted under Commission Implementing Decision (EU) 2021/914 for EU transfers, or the International Data Transfer Addendum (IDTA) approved by the UK ICO for UK transfers, or the Swiss Addendum for Swiss transfers.

7.3. In customer-deployed product environments, the customer ordinarily chooses the cloud region and data-location design for runtime operations in its own account. The customer-selected hosting region and customer-controlled deployment are Customer runtime layer.

8. HOW WE SECURE INFORMATION

8.1. Awide implements technical and organisational measures appropriate to the risk under Article 32 GDPR, including encryption in transit and at rest, AWS-based hosted infrastructure with CIS-aligned hardening, role-based access controls, MFA, operational logging, vulnerability management, and incident response procedures. Detailed measures applicable to processor-layer processing are set out in Exhibit 1 of the Common Data Protection Terms.

8.2. In customer-deployed environments the customer is responsible for configuring security within its own AWS architecture, including access controls, encryption key management, regional choices, retention, and operational monitoring, consistent with the AWS Shared Responsibility Model.

9. RETENTION OF PERSONAL DATA

9.1. Awide keeps personal data in the Awide-controlled layer for as long as necessary to fulfill the purposes described in this Privacy Notice, to maintain ongoing business relationships, to comply with legal or accounting obligations, or to protect legal rights and interests.

9.2. Indicative retention periods:

  • Website security and operational logs: up to 12 months unless needed longer for security investigations.
  • Contact and sales enquiries: duration of the conversation plus up to 24 months, unless a customer relationship forms.
  • Marketing suppression data: retained for as long as necessary to honor opt-out choices.
  • Contract, billing, licensing, and compliance records: duration of the relationship plus applicable statutory limitation or record-keeping period.
  • Negotiation records where no contract was signed: up to 24 months for defense of legal claims.

9.3. Retention for customer-deployed product data is determined by the customer in its own environment. Retention of Support and Diagnostics Data shared with Awide is governed by the Common Data Protection Terms.

10. WHEN YOU MUST PROVIDE PERSONAL DATA

10.1. Providing personal data may be necessary for Awide to respond to a request, enter into a contract, process an order, manage licensing or EULA acceptance, provide requested support, or comply with legal obligations. Failure to provide such data may prevent us from delivering the relevant service.

11. AUTOMATED DECISION-MAKING

11.1. Awide does not carry out decisions based solely on automated processing, including profiling, in the Awide-controlled layer that produce legal or similarly significant effects on individuals within the meaning of Article 22 GDPR. This position will be updated if it changes.

11.2. Where customers deploy Awide software to support automated decision-making in their own environments (ADMT under CPPA, High-Risk AI Systems under the Colorado AI Act or EU AI Act, or profiling under state privacy laws), the allocation of developer/deployer obligations is set out in the ADMT/AI Rider, not in this Privacy Notice.

12. YOUR RIGHTS

12.1 GDPR / UK GDPR / FADP Rights

Where GDPR, UK GDPR, or Swiss FADP applies, you have the rights of access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and the right to lodge a complaint with a supervisory authority. Awide responds to verified requests within one month, extendable by a further two months for complex requests (Article 12(3) GDPR).

12.2 US State Privacy Rights

Where applicable US state privacy laws apply, individuals may have rights to:

  • know / access personal information;
  • delete personal information;
  • correct inaccurate personal information;
  • data portability;
  • opt out of sale, sharing, or targeted advertising;
  • limit use and disclosure of sensitive personal information (California);
  • opt out of profiling producing legal or similarly significant effects (Colorado, Connecticut, Virginia, and others);
  • appeal a denied request (Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and others).

Response timelines generally are 45 days, extendable by 45 days under the CCPA and VCDPA, with internal appeal windows of up to 60 days. Awide does not discriminate against consumers for exercising these rights.

12.3 Israel PPL Rights

Individuals whose personal data is held in databases owned by Awide have rights of access under §13 and correction under §14 of the Israel Privacy Protection Law.

12.4 Submitting Requests

All rights requests may be submitted by email to info@awide.io. Awide may need to verify your identity before responding. For California residents, an authorized agent may submit a request on your behalf with written authorization.

12.5 Supervisory Authorities

  • EU: the supervisory authority of your habitual residence, place of work, or place of the alleged infringement.
  • UK: the Information Commissioner's Office (ICO).
  • Switzerland: the Federal Data Protection and Information Commissioner (FDPIC).
  • Israel: the Privacy Protection Authority.
  • US California: the California Privacy Protection Agency; the California Attorney General.

13. THIRD-PARTY SITES AND SERVICES

13.1. The Awide website contains links to third-party sites including cloud marketplaces and documentation portals. Once a user leaves the Awide-controlled website, the third party processes personal data under its own privacy notice.

14. RELATIONSHIP WITH OTHER AWIDE LEGAL DOCUMENTS

This Privacy Notice is complemented by the following documents, each governing a specific aspect of Awide's data practices:

  • End User License Agreement (EULA) — terms of use of the Software, including allocation of personal data-process roles.
  • Common Data Protection Terms — shared core for processor-layer processing (scope, security, Sub-Processors, audit, liability).
  • Master Data Processing Addendum (EEA / UK / Switzerland / Israel) — Regional DPA for GDPR/UK GDPR/FADP/Israel PPL processor-layer processing, with SCCs, UK IDTA, and Swiss Addendum.
  • US Data Processing Addendum — Regional DPA for US State Privacy Laws processor-layer processing, with CCPA Service Provider clauses and multi-state processor obligations.
  • Cookie Policy — technologies covered by Article 5(3) ePrivacy Directive and equivalent rules.

15. CHANGES TO THIS NOTICE

15.1. Awide may update this Privacy Notice from time to time to reflect legal, operational, or product changes. Material changes adversely affecting your rights will be notified at least thirty (30) days before they take effect via a prominent notice on awide.io and, where we hold your contact details for such purposes, by email.

15.2. Where the role allocation, License Administration or License Enforcement Telemetry model, support flows, or marketplace arrangements change materially, this notice will be revised together with the EULA, Common Data Protection Terms, applicable Regional DPA, cookie materials, and other customer-facing legal documents.

16. CONTROLLER DETAILS AND CONTACT

16.1 Controller

Unless otherwise stated in a product-specific notice or contract, the controller for the Awide-controlled layer described in this Privacy Notice is:

Awide Labs Ltd.
Tel Aviv, Israel
General contact: info@awide.io
Privacy matters and data subject rights: info@awide.io.

16.2 Data Protection Officer / Privacy Contact

Awide has not designated a Data Protection Officer under Article 37 GDPR, as the statutory triggers do not currently apply. A dedicated Privacy Contact is available at info@awide.io. If a DPO is designated in the future, this Privacy Notice will be updated.