These Terms of Service govern your use of danielmashkov.com and any service or offer presented on it. By using this site you confirm your agreement to these terms. Enforcement at a glance — PPL Am. 13 penalty: ₪3.2M per business entity for severe breaches. Breach notification: 72h to PPA from moment of discovery. Lead data retention: 24 months, then automatic purge. CPRA executive liability: ₪27,500 per intentional violation.
1. Definitions
- "Site": danielmashkov.com and its subdomains.
- "Service": Web development, e-commerce, and automation services presented and delivered by Daniel Mashkov.
- "User": Any individual or entity browsing the site, submitting a contact form, or engaging a service.
- "Sub-processor": A third-party vendor that processes data on the site operator's behalf (Vercel, Supabase, Airtable CRM, Resend, Upstash, Google/GA4, Sentry, Vercel Speed Insights, Calendly).
2. Services and Engagement Scope
The site provides information about web development services. Any specific project engagement is governed by a separate, signed work agreement defining scope, timelines, pricing, and delivery terms.
Responses to contact form submissions and quote requests do not constitute a binding agreement — they are the opening of a conversation only.
3. Intellectual Property
All site content — including code, design, text, graphics, and logos — is owned by Daniel Mashkov and protected under Israeli and international copyright law. Reproduction, distribution, transmission, or derivative works are prohibited without explicit written consent.
Source code delivered to clients as part of a project is transferred under the terms specified in that project's individual agreement.
4. Data Residency and Cross-Border Processing — 2026 Update
As of March 2026, user data is processed and stored by the following sub-processors, subject to applicable data residency requirements:
- Vercel (hosting): US / EU-West-1 — DPA + SCC (EU).
- Supabase (database): US / EU-West-1 — DPA + SCC; RLS enforced.
- Airtable (CRM lead sync): US (US-East) — Documented under vendor terms; free tier has no DPA.
- Resend (email): United States — Documented under vendor terms; free tier has no DPA.
- Upstash (Redis): EU-West-1 — GDPR-compliant region.
- Google Analytics 4: US + EU — DPA + SCC; IP anonymised.
- Sentry (monitoring): US / EU — DPA + SCC.
- Vercel Speed Insights: USA (Vercel Edge) — No personal data — aggregate metrics only.
- Calendly Inc.: USA — External service — user-initiated only.
Cross-border transfers are documented vendor by vendor. Where a processor offers a DPA and SCCs, those safeguards are used; where they are unavailable on a free tier, that limitation is disclosed explicitly in the Privacy Policy and compliance documentation. Israel holds an EU adequacy decision (Commission Decision 2011) recognised as providing adequate data protection.
5. Israel PPL Amendment 13 — Expanded Enforcement Powers (2026)
Israel's Privacy Protection Law Amendment 13 (PPL Am. 13), which entered into force in stages from 2023 with enforcement expansions in 2025–2026, grants the Privacy Protection Authority (PPA) the following expanded powers:
- ILS 3.2M — Civil monetary penalties: Per business entity for severe security breaches.
- 72 hours — Mandatory breach notification: To PPA from discovery of incident affecting personal data (amended §17c).
- 30 days — Data subject rights: Right of access, rectification, erasure, portability, and objection.
- 24 months — Retention schedule: Contact and lead submissions — automatically purged after this period.
Submit DSR requests via the DSR Request Form — see the button below.
6. California Executive Risk Liability — CPRA / CCPA 2026
- No sale of personal data: This site does not sell or share personal information with third parties for advertising or commercial purposes. See Privacy Policy § 8 — Do Not Sell or Share.
- Executive risk liability (CPRA § 1798.199.90): The site operator (Daniel Mashkov) bears personal accountability for maintaining compliant data practices. Wilful or knowing violations carry statutory penalties of up to ₪27,500 per intentional violation — creating direct, personal risk exposure for officers and operators who control data decisions. This provision drives a posture of conservative, privacy-first data handling.
- Right to access, delete, and correct: Submit a Data Subject Request (DSR) — I will respond within 30 days for standard rights requests and within 45 days for CCPA opt-out requests.
- Non-discrimination: Exercising CCPA/CPRA rights will not result in denial of service, price changes, or reduced service quality.
7. Executive Attestation — Privacy Risk Assessment (CCPA 2026)
Under CPRA § 1798.185(a)(15) (2026 enforcement cycle), covered businesses must conduct and certify annual privacy risk assessments. The following constitutes the formal attestation for danielmashkov.com:
1. Responsible party identification
Daniel Mashkov, Licensed Business (Israel) — determines processing purposes, decides processing means, and bears personal accountability for privacy compliance under CPRA § 1798.199.90 and PPL Amendment 13.
2. Risk assessment schedule
A Data Protection Impact Assessment (DPIA) is conducted annually (Q1) and upon any material change to processing operations. Most recent assessment: Q1 2026. Records of Processing Activities (ROPA) are maintained under PPL Am. 13 §17b and updated continuously.
3. Compliance attestation
I attest that this site's privacy practices — including data minimisation, IP-address TTL policy, sub-processor DPAs (including Supabase as the active lead database), and incident response procedures — comply with CCPA/CPRA 2026 and PPL Amendment 13, as detailed in the Privacy Policy. This attestation is renewed each January.
Signed: Daniel Mashkov, Owner & Operator, danielmashkov.com — March 2026
4. AI vendor and automated processing governance
Automated tools used to enhance user experience (such as the Project Scope Estimator) operate on deterministic rule-based logic only — no machine learning, no profiling, and no output data shared with external AI vendors. Results are non-binding recommendations only.
8. Limitation of Liability, External Links & Changes
Limitation of Liability
Information on this site is provided "as is." Daniel Mashkov is not liable for indirect, consequential, strategic, or punitive damages arising from reliance on site content. Direct liability is limited to the amount actually paid for a specific service engagement, if any.
External Links
The site may contain links to external services (e.g. Calendly, GitHub, LinkedIn, WhatsApp). These links do not constitute endorsement of external content, and I am not responsible for their privacy practices or terms.
Changes to These Terms
These terms may be updated periodically. Material changes will be marked with an updated date at the top of this page. Continued use of the site after changes are published constitutes acceptance of the revised terms.
9. Contact
For legal enquiries, DSR requests, or questions about these terms, use the Submit a DSR Request button below, or email privacy@danielmashkov.com.
General enquiries: info@danielmashkov.com.