Smilebox Logo Sign Up

Smilebox Privacy Policy

Last Modified: 30th November, 2022

This privacy policy (“Privacy Policy” or “Policy”) describes how Smilebox Inc., a wholly owned subsidiary of Perion Network Ltd., (collectively shall be referred to as “Smilebox”, “we”, “us”, or “our”) collect, use and disclose certain information, including your personal information and the choices you can make about that information.

Smilebox provides a SaaS platform available at (“Platform”) or a downloadable software(“Software”) that allows users to take their pictures and personalize them into a wide variety of animated videos and designs and then share them with slideshows, eCards, invitations, event RSVPs, and more, etc. (“Service”).

This Privacy Policy which is incorporated by reference in our Terms of Service (the “Terms”), governs the processing and transfer of data collected in connection with the Services, Software, technologies and when you visit our website, available at: (“website“).

This Policy applies to all information about you that we collect in connection with the Services throughout the world, and explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it, and how you may exercise your rights related to your Personal Data (as defined below) under the applicable privacy laws such as the EU General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

In the event you are a California resident, and the CCPA applies to you – please review our CCPA Notice.


We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.


Smilebox Inc., a subsidiary of Perion Network Ltd., is incorporated under the laws of Israel, and it is the processor of your Personal Data.

You may contact our privacy team and DPO as follows:

Smilebox, Inc. C/O Perion Network Ltd.

26 HaRokmim Street,

Azrieli Center 1


5885849 Israel

Representative for data subjects in the EU and UK:

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact.
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website. If you need you can also use the email “[email protected]“.


You can find here information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data, and how it is technically processed.

Non-Personal Data

During your interaction with our Services, we may collect aggregated, non-personal non-identifiable information, which may be made available or gathered via your access to and use of the Services (“Non-Personal Data “). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data being collected may include your aggregated usage information and technical information transmitted by your device, such as: the type of browser or device you use, language preference, time and date stamp, country location, etc.

Personal Data

We may also collect from you, during your access or interaction with the Services, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data” or “Personal Information”). The types of Personal Data that we collect as well as the purpose for processing such data are specified in the table below. For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person’s health or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data”).

The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations:




When you access our website, and Platform, we collect certain online identifiers through first party cookies, which are strictly necessary for the operation of the website and Platform, and through third party cookies for analytics and marketing. Such identifiers include, IP address, log files, device identifiers, and unique identifier. A device identifier may remain persistently on your device, to help you log in and navigate the Service better (“Online Identifiers”).

Through these cookies, we also collect information on how you use our website and Services, such as click stream data, bugs and error data, duration of use, time and date you enter or exist the website or Platform (“Usage Data”).

The purposes of using first party cookies are operational and technical purposes, such as to enable the website to be uploaded, as well as fraud prevention and data security, to remember you when you re-enter the Services, enable the cart to upload, etc.

We will third party cookies for marketing and analytics.

The Usage Data is used to improve the Service, correct errors, enhance the Services, to help us measure traffic and usage trends for the Service.

First party cookies which are strictly necessary for operating the website and Platform are based on our legitimate interest to enable the operation of the website and the Platform.

Third-party cookies will be able to process data solely if you provided consent through the cookie notice and a consent management tool which is used on the website. You may withdraw consent at any time by using the cookie preference settings.

To use the Services, you will need to create an account, during the registration your will fill in your full name, email address, profile picture (optional). You can also log in through Facebook or Instagram account in which case we will receive from Facebook your name, email address, and profile depending on your settings in your Facebook account or Instagram (“Registration Information”)

We use the Registration Information to create the account.

Processing is necessary for the performance of a contract to which the data subject is party.

You may use the Service for free of charge, however, the premium features require payment. We use BlueSnap as our payment processor pursuant to BlueSnap Privacy Policy or CCPA notice, or through PayPal account, in which you will be subject to the PayPal privacy policy or CCPA notice (“Payment Information”).

To process your payment and provide you with the premium service you purchased.

Processing is necessary for the performance of a contract with you.

We record your payments and purchase history (“Commercial Information”).

We process the information subject to our legal obligation.

Legal obligation.

If you voluntarily contact us for your interest in our products, support or other inquiries, you may be required to provide us with your contact information (“Contact Information”).

We will use this data to provide the support you requested or respond to your inquiry.

We will process your contact information subject to our legitimate interest in order to respond to your inquiry.

However, in the event you are our customer, contacting us for customer support, that will be processed to fulfill our contract obligations.

While using our Services, you create invites, cards, videos, etc. (“Creative Content”) typically such Creative Content includes Personal Data, such as names, birthday dates, photos, etc.

In addition, when you share the Creative Content with recipients or use the RSVP feature, you will share with us the recipients contact information such as name and email addresses (“Recipient Information”).

We use the Creative Content and the Recipient Information to provide our Service.

Both the Creative Content and the Recipient Information are Personal Data that are provided by you to us, these individuals are not our users, thus, please be aware and respectful with the Personal Data you share with us.

We process these data sets solely for fulfilling the contract obligations and these data sets are deleted one the user requests or deletes its account.

As a customer, we will send you invoices, materials and content through the email address you provided (“Direct Marketing”).

We will use your email address to send you invoices, updates, surveys, etc.

We process such information subject to our legitimate interest. You can opt-out at any time.

When you sign up to our newsletter, you will be requested to provide your email address.

We will use your email in order to send you our newsletter and other marketing materials.

We process your email address subject to the consent you have provided. You may withdraw consent at any time through the “unsubscribe” link within the email or by contacting us directly.

In the event you leave a comment on the blog, we will collect your full name, email address, IP address, message content, and any other information you choose to provide.

We will use this information to display your comment on our blog.

We process such information subject to our legitimate interest.

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of personal data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful basis as stipulated in the table above.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.

We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Platform, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.


Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:

  • Automatically, when you visit our website or interact with our Platform, including through the use of Cookies (as detailed below) and similar tracking technologies.
  • When you voluntarily choose to provide us with information, such as when you contact us, all as detailed in this Policy.
  • By third parties.


We use “cookies” (or similar tracking technologies) when you access our website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and marketing.

We or our third party affiliates may use “Cookies” and similar tracking technologies for various purposes. A cookie is a small piece of text that is sent to your browser and stored on your computer or mobile device. All cookies used by Smilebox are persistent cookies, meaning, they will be stored on your device after the browser session has expired.

Cookies may be used for different purposes such as: (i) allowing you to navigate between pages efficiently, (ii) enabling automatic activation of certain features, (iii) remembering your preferences, and (iv) making the interaction between you and our Services quicker and easier. Cookies are also used to help customize your experience and for advertising purposes (including personalized advertising).

You can find more information about cookies at



Privacy Policy


Google Analytic

Facebook Analytic

Facebook Oath

Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our website, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings


We share your Personal Data with third parties, including our Partners or service providers that help us provide our Services. You can find here, and in our CCPA Notice, information about the categories of such third-party recipients.




Service Providers

All data disclosed in the table above.

We may disclose Personal Data to our service providers, contractors and third parties, including, but not limited to, our cloud and hosting provider, analytics and marketing providers, payment processors, CRM systems, Salesforce, etc., the service providers are limited by contracts which limit their use of the data, and requires implementing security measures. The service providers process the data solely to provide the needed services. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services.

Any acquirer of our business

All data disclosed in the table above.

We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.

Affiliated Companies

All data disclosed in the table above.

We may share aggregate or Non-Personal Data with our affiliated companies and additional third parties in accordance with the terms of this Policy. We may store any type of information on our servers or cloud servers, use or share Non-Personal Data in any of the above circumstances, as well as for the purpose of providing and improving our Services, aggregate statistics, marketing and conduct business and marketing analysis, and to enhance your experience.

Legal and law enforcement

Subject to law enforcement authority request.

We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

We reserve the right to use, disclose or transfer (for business purposes or otherwise) aggregated and processed Non-Personal Data to third parties, including, inter alia, affiliates, for various purposes including commercial use. This information may be collected, processed and analyzed by us and transferred in a combined, collectively and aggregated manner (i.e., your information is immediately aggregated with other users) to third parties.


We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

For California residents, please see our CCPA Notice.

For detailed information on your rights and how to exercise your rights, please see the Data Subject Request Form (“DSR”) available here. Certain rights can be easily executed independently by you without the need to fill out the DSR Form, such as: you may correct the Contact Information, payment information, and Registration Information, through the account settings, you may delete the Creative Content, the account and the Recipient Information from the account settings, you may opt-out from receiving emails from us by using the “unsubscribe” link, etc.


In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable.

The retention periods are determined according to the following criteria:

  1. For as long as it remains necessary in order to achieve the purpose for which the Personal Data was initially processed. For example: if you contacted us, we will retain your contact information at least until we will address your inquiry.
  2. To comply with our regulatory obligations. For example: transactional data will be retained for up to seven years (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
  3. To resolve a claim we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.

Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.


We work hard to protect the Personal Data we process from unauthorized access, alteration, disclosure, or destruction. We have implemented physical, technical, and administrative security measures for the Services that comply with applicable laws and industry, such as encryption using SSL, we minimize the amount of data that we store on our servers, restricting access to Personal Data to Smilebox employees, contractors, and agents, etc. Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.

Please contact us at: [email protected] if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) in the event that we discover a security incident related to your Personal Data.


Our data servers in which we host and store the information are located in the US and EU. The Company’s HQ are based in Israel in which we may access the information stored on such servers or other systems such as the Company’s ERP, CRM, and other systems. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Furthermore, when Personal Data that is collected within the European Economic Area (“EEA“) is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we will take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the standard contractual clauses approved by the European Union. Thus, we will obtain contractual commitments or assurances from the data importer to protect your Personal Information, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses), or rely on adequacy decisions issued by the European Commission. Some of these assurances are well-recognized certification schemes.


The Services are not intended for use by children (the phrase “child” shall mean an individual that is under the age defined by applicable law, which concerning the EEA is under the age of 16, and with respect to the US, under the age of 13), and we do not knowingly process children’s information. We will discard any information we receive from a user that is considered a “child” immediately upon discovering that such a user shared information with us. Please contact us at: [email protected] if you have reason to believe that a child has shared any information with us.