Privacy policy ⋆ Endurance

Last Modified: June 10, 2026

This Privacy Policy (“Privacy Policy”) governs the processing and transfer of personal data collected or processed by Endurance Capital Ltd., collectively with its subsidiaries and affiliated companies (“Company”, “we”, “us” or “our”) when we provide our services or when you access or use our website available here (“you” or “your” and “website”), collectively the “services”. This Privacy Policy is an integral part of any other agreement between us. Any capitalized terms not defined herein shall have the meanings ascribed to them in the Terms, or under the applicable privacy laws.

This Privacy Policy explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data (as defined below), as required under relevant privacy regulation, including without limitation and where applicable: the EU General Data Protection Regulation (“GDPR”), relevant US Privacy Laws, the California Consumer Privacy Act (“CCPA”), and the Israeli Privacy Protection Law, 1981. In addition, any reference to the GDPR (as defined below) shall also include the UK GDPR as incorporated into the Data Protection Act 2018.

This Privacy Policy does not pertain to Personal Data relating to our employees, contractors and other staff as part of their employment or engagement with us.

Additional Notice to California Residents: In the event you are a California resident – please review our CCPA Notice to learn more about our privacy practices with respect to the CCPA.

If you have any questions regarding this Privacy Policy or our data practices, you are welcome to contact us at: Privacy@endurance.co.

You are not required by law to provide us with any Personal Data. However, please note that some of our services require the processing of certain Personal Data and without such data we may not be able to provide you with all or part of such services (without completing the submission form, we will not be able to provide an initial assessment of your submission, whether as a company seeking capital or as a potential investor).

Further, note that if you provide us with information related to another individual in connection with an investment, such as directors or beneficial owners, you hereby warrant that you are authorized under applicable law to share such information.

For the avoidance of doubt, nothing in this Privacy Policy shall derogate from, limit or override the rights or obligations set out in any other agreement between you and the Company, which shall continue to govern in accordance with their terms.

POLICY AMENDMENTS

We reserve the right to amend this Policy from time to time. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. Subject to applicable law, any amendments to the Policy will become effective immediately, unless we notify you otherwise. If we materially change the way in which we process your previously collected Personal Data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to review this Policy periodically to ensure that you understand our most updated privacy practices.

CONTACT INFORMATION AND DATA CONTROLLER INFORMATION

Endurance Capital Ltd. is the Data Controller (as such term is defined under the GDPR or equivalent privacy legislation) of your Personal Data collected from you as a user of our services.

You may contact us as follows:

By email: Privacy@endurance.co
By Mail: 6 Hanechoshet, Tel Aviv, Israel.

DATA SETS WE COLLECT AND FOR WHAT PURPOSE

Below you can find information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data, and how it is technically processed.

1. Non-Personal Data

Non-Personal Data means data that does not identify an individual and cannot reasonably be used to identify an individual, including aggregated or irreversibly anonymized data. Non-Personal Data may include, for example:

Aggregated usage statistics (e.g., number of users accessing certain features, average session duration, feature adoption rates).
Technical and device-related information (e.g., device type, operating system, browser type, general system configurations).
De-identified or anonymized analytics data (e.g., traffic patterns, performance metrics, latency and system logs).
High-level geographic or demographic insights (e.g., country-level usage distribution).
Aggregated business or performance data derived from user activity (e.g., trends, benchmarks, or statistical models).

Where we process Personal Data to create anonymized or aggregated datasets, we will implement measures designed to prevent re-identification. To the extent such data does not constitute Personal Data under applicable law, we may use it for legitimate business purposes, subject to applicable law.

2. Personal Data

We may also collect from you, directly or indirectly, individually identifiable information (“Personal Data”). For the avoidance of doubt, certain categories of data may be subject to specific regulatory regimes and therefore fall outside the scope of certain privacy laws (such as HIPAA, FCRA, GLBA, COPPA, FERPA). Such information will be treated in accordance with applicable law.

DETAILED PROCESSING OF PERSONAL DATA

A. Contact US and Submission Form

Data Collected: Name, email address, company name and website, sector and stage of development, amount and type of capital being sought, and a brief description of the opportunity.
Purpose & Operations: To review and assess your submission, evaluate suitability, and respond to your inquiry. Correspondence may be stored to improve internal operations or for future assistance/disputes. We may manage this using external platforms like CRM systems.
Lawful Basis per GDPR: Processed subject to our legitimate interest. Where processed for record-keeping or as part of an actual financing arrangement, data may be retained for the fulfillment of a contract or per legal obligations (e.g., AML/KYC).

B. User Portal

Data Collected: Account and login details, relevant financial information, documents, communications, and records of actions taken within the portal.
Purpose & Operations: To verify your identity and grant access. This may include Multi-Factor Authentication (MFA) via email or phone. We also use this to manage the portal, ensure security, comply with legal obligations, and send promotional/marketing emails where allowed. Basic account info may be processed using cookies.
Lawful Basis per GDPR: Performance of a contract. Analyzing login data for security purposes is based on our legitimate interests. Promotional use may be subject to your consent, which can be withdrawn at any time.

C. KYC and AML Information

Data Collected: Identification and contact details, date of birth, governmental identification numbers, nationality, country of residence, tax residency, ownership information, source of funds, and bank account details. This may relate to you or shareholders, directors, and beneficial owners.
Purpose & Operations: To verify identity/ownership, conduct KYC, AML, and CFT assessments, and comply with regulatory obligations. Information may be shared with banks, professional advisers, and compliance service providers.
Lawful Basis per GDPR: Processed subject to your consent, performance of our contract, and legal obligations (AML/KYC).

D. Online Identifiers and Advertising/Targeting Data

Data Collected: IP address, Cookie-ID, pages viewed, clickstream data, login time/date stamp, and Ad calls (zip code, advertiser ID, referring webpage, and approximate location).
Purpose & Operations:
(i) Internal statistics and analysis to enhance our website.
(ii) Marketing and advertising purposes to deliver personalized, behavioral, and interest-based ads (including re-targeting).
Lawful Basis per GDPR: Technical and security processing is based on our legitimate interest. Analytics and advertising purposes are subject to your consent (e.g., via third-party cookies), which can be managed via our cookie settings tool.

E. Direct Marketing

Data Collected: Email information provided during registration.
Purpose & Operations: To keep you updated with offers, events invitations, updates, new capabilities, and features.
Lawful Basis per GDPR: Processed subject to our legitimate interest. You can opt-out at any time via the “unsubscribe” link, though operational content will still be sent.

F. Recruitment Data

Data Collected: CV and voluntary information provided through communications.
Purpose & Operations: To process job applications and check suitability for recruitment purposes.
Lawful Basis per GDPR: Legitimate interests to consider your application. At advanced stages, data is processed as part of our contractual relationship. Retaining data for future positions requires explicit consent.

Note: We may also use Personal Data to prevent illegal activities, fraud, identity theft, or misuse of services, and to enforce our Terms based on our legitimate interests.

HOW WE COLLECT YOUR INFORMATION

Automatically: Via cookies or similar tracking technologies (pixels, tags, agents) during your use of our services.
Voluntarily Provided: When you choose to provide information through our submission forms or communications.
Third Parties: From third parties where permitted by law (with cookie consent) or via verification agencies (such as KYC/AML agencies) during evaluation.

COOKIES

We use cookies to allow efficient navigation, gather statistics, and conduct analytics and advertising. You can find more details at www.allaboutcookies.org.

Types of Cookies We Use:

Essential, Functionality, Operation & Security Cookies: Necessary for core website functions and security. These cannot be disabled.
Analytic, Measurement & Performance Cookies: Help us understand how visitors use the site, remember preferences (like language), and assess marketing performance.
Preference, Targeting & Advertising Cookies: Used to deliver tailored advertisements across the internet based on pages you visited.

You can opt-out or change cookie preferences using the settings tool in our website footer. Third-party advertising cookies collect data independently under their own privacy policies.

While we do not sell data for profit, targeted advertising may be considered a “sale” or “sharing” under certain US Privacy Laws. You can opt-out of Interest-Based Advertising (IBA) via these platforms:

We honor browser-based opt-out signals, such as Global Privacy Control (GPC) and Universal Opt-Out Mechanisms (UOOM).

DATA SHARING

We share data with trusted categories of recipients to operate our website and services:

Affiliated Companies: For joint services, marketing, and legal/KYC obligations.
Service Providers (Processors): Including AML/KYC advisors, banks, advertising partners, data storage providers, Consent Managers (CMP), IT/SaaS providers, data analytics teams, and security partners.
Legal and Law Enforcement: Disclosed in response to verified requests relating to criminal investigations or legal liability.
Corporate Transactions: In the event of a merger, sale, or asset transfer, data will be shared with the acquiring company under the same privacy obligations.

DATA RETENTION

We retain Personal Data for as long as necessary to fulfill the purposes outlined above, comply with legal requirements, maintain records for potential inquiries, or in prospect of litigation. Except as required by law, we reserve the right to delete data at any time without prior notice.

SECURITY MEASURES

We implement physical, technical, and administrative security measures conforming to industry standards to prevent unauthorized access, misuse, loss, or disclosure. If you suspect a breach, please contact us immediately.

INTERNATIONAL DATA TRANSFER

We operate globally, meaning your data may be transferred and processed outside your jurisdiction (including in Israel, the UK, EU, and US). For EU data transferred to countries without an adequacy decision, we utilize standard contractual clauses (SCCs) approved by the European Union. By consenting to cookies, you acknowledge cross-border transfers (e.g., Google Analytics servers in the US).

YOUR RIGHTS

Depending on your jurisdiction, you may have the right to: (i) amend, (ii) access, or (iii) delete your Personal Data; (iv) restrict or object to processing; (v) exercise data portability; (vi) file a complaint with a supervisory authority; and (vii) withdraw consent. We do not discriminate against users exercising their rights.

To exercise these rights, please fill out our Data Subject Request Form (“DSR”) and submit it to Privacy@endurance.co.

Specific U.S. Jurisdictional Privacy Rights

Residents of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia enjoy state-specific privacy rights. California residents should refer to our CCPA Notice. Nevada residents have a limited right to opt-out of data sales.

Responding to US Data Rights Requests

We endeavor to confirm receipt within 10 business days and provide a substantive response within 45 days (extendable by an additional 45 days if needed).
Responses will cover the preceding 12-month period.
We do not charge a fee unless the request is excessive, repetitive, or manifestly unfounded.
Identity verification is required before providing or deleting personal information.
Appeals: If we decline action, you can appeal within 45 days (Colorado) or 60 days (other US states) via Privacy@endurance.co. You may also contact your State’s Attorney General.

THIRD PARTY WEBSITES

This Privacy Policy applies solely to data collected by our website. Clicking links to external sites exposes you to third-party privacy terms. We hold no liability for your usage of third-party websites.

ELIGIBILITY AND CHILDREN PRIVACY

Our services are not intended for children. We do not knowingly process or share data from children. If we discover a child has shared information, it will be discarded immediately. Please contact Privacy@endurance.co if you suspect data from a minor has been collected.