Legal Document

Terms of Service

Updated March 2026 — includes 2026 data residency requirements and PPL Amendment 13

Enforcement At a Glance

₪3.2M

PPL Am. 13 penalty

Per business entity, severe breaches

72h

Breach notification

To PPA from moment of discovery

24mo

Lead data retention

Then automatic purge

$7,500

CPRA executive liability

Per intentional violation

PPL Amendment 13CPRA / CCPA 2026Updated March 2026

These Terms of Service govern your use of danielmashkov.com and any service or offer presented on it. By using this site you confirm your agreement to these terms.

1Definitions

"Site" — danielmashkov.com and its subdomains.
"Service" — Web development, e-commerce, and automation services presented and delivered by Daniel Mashkov.
"User" — Any individual or entity browsing the site, submitting a contact form, or engaging a service.
"Sub-processor" — A third-party vendor that processes data on the site operator's behalf (Vercel, Supabase, Resend, Upstash, GA4/Google, Sentry).

2Services and Engagement Scope

The site provides information about web development services. Any specific project engagement is governed by a separate, signed work agreement defining scope, timelines, pricing, and delivery terms.

Responses to contact form submissions and quote requests do not constitute a binding agreement — they are the opening of a conversation only.

3Intellectual Property

All site content — including code, design, text, graphics, and logos — is owned by Daniel Mashkov and protected under Israeli and international copyright law. Reproduction, distribution, transmission, or derivative works are prohibited without explicit written consent.

Source code delivered to clients as part of a project is transferred under the terms specified in that project's individual agreement.

4Data Residency and Cross-Border Processing — 2026 Update

As of March 2026, user data is processed and stored by the following sub-processors, subject to applicable data residency requirements:

Vendor	Processing Location	Transfer Mechanism
Vercel (hosting)	US / EU-West-1	DPA + SCC (EU)
Supabase (database)	US / EU-West-1	DPA + SCC; RLS enforced
Airtable (CRM reference)	US (US-East)	DPA + SCC (EU)
Resend (email)	United States	DPA
Upstash (Redis)	EU-West-1	GDPR-compliant region
Google Analytics 4	US + EU	DPA + SCC; IP anonymised
Sentry (monitoring)	US / EU	DPA + SCC
Vercel Speed Insights	USA (Vercel Edge)	No personal data — aggregate metrics only
Calendly Inc.	USA	External service — user-initiated only

Per the Israel Privacy Protection Authority (PPA) guidance (Q4 2025), transfers to the United States are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission. Israel holds an EU adequacy decision (Commission Decision 2011) recognised as providing adequate data protection.

5Israel PPL Amendment 13 — Expanded Enforcement Powers (2026)

Israel's Privacy Protection Law Amendment 13 (PPL Am. 13), which entered into force in stages from 2023 with enforcement expansions in 2025–2026, grants the Privacy Protection Authority (PPA) the following expanded powers:

ILS 3.2M

Civil monetary penalties

Per business entity for severe security breaches

72 hours

Mandatory breach notification

To PPA from discovery of incident affecting personal data (amended §17c)

30 days

Data subject rights

Right of access, rectification, erasure, portability, and objection

24 months

Retention schedule

Contact and lead submissions — automatically purged after this period

Submit DSR requests via: DSR Request Form

6California Executive Risk Liability — CPRA / CCPA 2026

No sale of personal data: This site does not sell or share personal information with third parties for advertising or commercial purposes. Privacy Policy § 8 — Do Not Sell or Share.
Executive risk liability (CPRA § 1798.199.90): The site operator (Daniel Mashkov) bears personal accountability for maintaining compliant data practices. Wilful or knowing violations carry statutory penalties of up to $7,500 per intentional violation — creating direct, personal risk exposure for officers and operators who control data decisions. This provision drives a posture of conservative, privacy-first data handling.
Right to access, delete, and correct: Submit a Data Subject Request (DSR) — I will respond within 45 business days. DSR Request Form.
Non-discrimination: Exercising CCPA/CPRA rights will not result in denial of service, price changes, or reduced service quality.

7Executive Attestation — Privacy Risk Assessment (CCPA 2026)

Under CPRA § 1798.185(a)(15) (2026 enforcement cycle), covered businesses must conduct and certify annual privacy risk assessments. The following constitutes the formal attestation for danielmashkov.com:

Responsible party identification

Daniel Mashkov, Licensed Business (Israel) — determines processing purposes, decides processing means, and bears personal accountability for privacy compliance under CPRA § 1798.199.90 and PPL Amendment 13.

Risk assessment schedule

A Data Protection Impact Assessment (DPIA) is conducted annually (Q1) and upon any material change to processing operations. Most recent assessment: Q1 2026. Records of Processing Activities (ROPA) are maintained under PPL Am. 13 §17b and updated continuously.

Compliance attestation

I attest that this site's privacy practices — including data minimisation, IP-address TTL policy, sub-processor DPAs (including Supabase as the active lead database), and incident response procedures — comply with CCPA/CPRA 2026 and PPL Amendment 13, as detailed in the Privacy Policy. This attestation is renewed each January.

Signed: Daniel Mashkov, Owner & Operator, danielmashkov.com — March 2026

AI vendor and automated processing governance

Automated tools used to enhance user experience (such as the Project Scope Estimator) operate on deterministic rule-based logic only — no machine learning, no profiling, and no output data shared with external AI vendors. Results are non-binding recommendations only.

8.Limitation of Liability

Information on this site is provided "as is." Daniel Mashkov is not liable for indirect, consequential, strategic, or punitive damages arising from reliance on site content. Direct liability is limited to the amount actually paid for a specific service engagement, if any.

9.External Links

The site may contain links to external services (e.g. Calendly, GitHub, LinkedIn, WhatsApp). These links do not constitute endorsement of external content, and I am not responsible for their privacy practices or terms.

10.Changes to These Terms

These terms may be updated periodically. Material changes will be marked with an updated date at the top of this page. Continued use of the site after changes are published constitutes acceptance of the revised terms.

9. Contact

For legal enquiries, DSR requests, or questions about these terms:

Submit a DSR Request

Or email: privacy@danielmashkov.com

General enquiries:

info@danielmashkov.com