Privacy Policy

Last Updated: May 2022

Welcome to Mend! This privacy policy (“Privacy Policy”) provides information on how we – White Source Ltd., Ariel Sharon 4 Street, Givatayim, Israel, 532004, doing business as Mend (“Mend”, “we”, “our” or “us”) process your personal data as the responsible party (i.e. the “data controller”) if: 

  • you visit our website (see 1.1.) 
  • you contact us through our website or fill-in any form through our website (see 1.2.)
  • you subscribe to a newsletter (see 1.3.)
  • you are the person who subscribes to a contract on behalf of our Customer or who downloads and use the Services offered free of charge on our website (see 1.4.)
  • you are a Contributing Developer (see 1.5.)
  • you are a User of our Services (see 1.6.)
  • we use your data for marketing purposes (see 1.7.)

In addition, this Privacy Policy contains general information about your rights related to the processing of your data (see 7). 

Should you still have questions or concerns after you have read this Privacy Policy, please contact us at

Personal Data” means any information that can be used, alone or together with other data, to identify any living human being. 

Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, the legal basis in the table below is only relevant for individuals who are located in the EU or the EEA and therefore are protected by EU Regulation 2016/79 (General Data Protection Regulation – GDPR). This policy applies whenever you visit our website, use our services or otherwise interact with us and will not apply with respect to any data relating to a non-human entity, subject to applicable law.

This Privacy Policy may be updated from time to time and therefore we ask you to check back periodically for the latest version of the Privacy Policy, as indicated below. If there will be any significant changes made to the use of your Personal Data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our Website or by other means.


1.1. Personal Data of visitors of our website

When you visit our website, our servers will automatically store various data about your usage of our website, including in particular the type/version of your browser and operating system, the website from which you arrive at our website, the pages of our website you visit, date and time of your access, your IP address and similar data. The legal basis for processing personal user data is our legitimate interest. We use such data to be able to make the website accessible, to detect and resolve any technical problems, and to prevent and, if necessary, prosecute any misuse of the website. In addition, we use these data in an anonymous form, i.e. without the possibility of identifying the user, for statistical purposes and to improve the website. For our website’s use of cookies please see cf. section 8 below.

1.2. Data entered into a contact form on our website.

The website of Mend allows you to contact us by using a contact form. To do so, you may be required to provide your work email address, the country you are located in and the purpose of your request. Personal data transmitted to Mend in this connection will be used exclusively to process your request. The legal basis for processing this personal data is our legitimate interest to answer your request. 

1.3. Data processing in connection with your subscription to our newsletter.

On the website of Mend you may subscribe to our newsletter. To do so, you must provide your email address. Additional information may be provided on a voluntary basis. This information will be used exclusively to send out the newsletter and will not be transferred to any third parties. The legal basis for data processing is your consent. You have the right to revoke your consent at any time by clicking the unsubscribe button in the newsletter, without thereby affecting the lawfulness of data processing that has occurred up until consent is revoked. If consent is revoked, then you will no longer receive the newsletter. 

When you subscribe to our newsletter, your IP address and the date and time of subscription and email verification will be collected. These data will be processed exclusively for the purpose of allowing us to reconstruct any possible misuse of your email address. The legal basis for processing of the aforementioned data is a legitimate interest. 

Our newsletter contains a so-called “tracking pixel”. A tracking pixel is a miniature image file that is embedded in emails in HTML format. The embedded tracking pixel allows Mend to recognize whether and, if so, when you open the newsletter and on which of the links in the newsletter you click. Data collected via tracking pixels in our newsletters are stored and processed for statistical purposes to optimize the distribution of our newsletter and to tailor the content of future newsletters even more to the interests of the recipient.

  1. 4. Data processing in connection with subscriptions or registrations to our Service.

Mend offers Business-to-Business Services. Data relating to our business customers that we process for the conclusion, performance and termination of our contract with a Customer (e.g., business name and address, payment information), therefore, are not considered as Personal Data. However, we process certain Personal Data of those individuals who subscribe to a contract or register for our free Service on behalf of a Customer, in particular a work email address. 

  1. 5. Data of Contributing Developers.

Mend collects pseudonymized email addresses of a Customer’s Contributing Developers to verify compliance with the licence terms agreed with the Customers. The email addresses are processed solely to determine the number of Contributing Developers attributable to a Customer. The legal basis for processing of this personal data is our legitimate interest. 

  1. 6. Data of Users of the Services. 

The website of Mend allows individuals who have been designated by our Customers as users of our Services (“Users”) to create an account and to use our Services, e.g. work on our platforms. If you are a User, to do so, you must provide your first name and last name, your user name, password and work email address to create an account. When you log into your account on our Platform, our systems collect certain information about your activities, such as the time you log in and out, the Services you use and the actions you take on the Services. In the event of a support issue, such as a planned or emergency outage, we may send a notification to your work email address. Some of the actions may be visible in the Mend Dashboard to other users from your organization. The sole purpose of the processing of this Personal Data is to provide our Customers with the Services of Mend. The legal basis for processing this personal data is our legitimate interest to be able to provide our Customers with our Services.      

Please be aware that if you access our Services through connected third party applications (such as Google, GitHub, GitLab, AWS or Microsoft), we will receive certain information (including personal data, as described above) about you from the provider of such third party applications. The scope of information we receive depends on your third party application privacy settings and the information you shared with such third party. Such third parties are beyond our control and are not covered by our privacy policy. Please review the privacy policies of the third parties before providing your personal data.

  1. 7. Data processing for marketing purposes.

If you subscribe to our Services on behalf of a Customer or if you are a User of our Services, we will also use your email address to inform you periodically about other interesting offers from Mend. If you do not wish to receive such information, you can easily opt-out free of charge by clicking on the unsubscribe link here or at the bottom of any message containing product information from Mend. The legal basis for processing this personal data is our legitimate interest.     


2. 1. Your Personal Data (as described above) will be retained until: (i) it is no longer reasonably necessary for the purposes described in this Privacy Policy, unless a longer storage period is required by applicable law or by our Customer; or (ii) you send a valid deletion request.  

2.2. Data collected when visiting our website is regularly stored for a period of 365 days. Cookies (see section 11) are stored for 365 days. You can also delete cookies earlier on your own. You can read more in our cookie policy (available here:                

If you have any questions about our Data Retention Policy, please contact us by email at Additional information about our Data Retention Policy (including non-Personal Data retention) can be found at:


3.1. Your Personal Data may be maintained, processed and stored by us and by our authorized affiliates and service providers (defined below) in the U.S., the State of Israel, the UK and other jurisdictions, including the European Union, as necessary for the proper delivery of our Services, or as may be required by applicable law.

3.2. Customers’ data may be stored either in our third-party data hosting facilities located in the U.S. or in the EU based on Customer’s location and preference.

3.3. We have operations in Israel, which offers an adequate level of protection for the Personal Data of EU Member State residents.

3.4. We may transfer Personal Data to countries other than the country where the data originated. Any such transfers shall be done in compliance with all applicable laws. While privacy laws may vary between jurisdictions, we, our affiliates and Service Providers are each committed to protect Personal Data in accordance with this Privacy Policy and customary industry standards, regardless of any lesser legal requirements that may apply in the applicable jurisdiction.


We have implemented appropriate technical, organizational security measures. However, please note that regardless of the measures implemented, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with or accessed by us or any third party with whom we share your Personal Data as described under Section 1 below. Nevertheless, we make commercially reasonable efforts to make the collection and security of such information consistent with this Privacy Policy and all applicable laws and regulations. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security measures you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.


If, in the future, we sell or transfer some or all of our business or assets to a third party, we will (to the minimum extent required) disclose information to a potential or actual third-party purchaser of our business or assets, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Data in connection with the foregoing events. If such an event occurs, the legal basis for processing your Personal Data in this context is either your consent, contract performance or legitimate interests.     


6.1. For certain technical data processing tasks, Mend is assisted by third-party service providers who will receive access to your personal data to provide such services. Those service providers have been carefully selected and meet high data privacy and data security standards. They are subject to strict duties of confidentiality and process data only on behalf and in accordance with the instructions of Mend. 

6.2. Except as stated in this Privacy Policy, we will not transfer your data to any third parties without your express consent, unless Mend is required to do so by law, regulatory directive, or court order. PLEASE NOTE THAT IN SUCH CASE WE WILL TAKE ADEQUATE MEASURES TO PREVENT INSPECTION BY NON-EU AUTHORITIES OF YOUR PERSONAL DATA AND PROVIDE NOTICE TO THE EXTENT NOT PROHIBITED.


We may receive your contact and professional details (e.g. business address and position, work email address) from our business partners and third party services provides and tools commonly used to connect individuals and entities to explore potential business and employment opportunities (e.g., LinkedIn). The purpose as well as the legal basis for the processing of this personal data results in principle from the respective context of the communication or cooperation. Such contexts and the corresponding legal bases are described in this Privacy Policy in sections 1.1. to 1.7.      


The Website may enable you to interact with or contain links to your third party account and other third party websites (each, a “Third Party Service”). Such third parties are beyond our control and are not covered by our privacy policy. We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third Party Service that you choose to use or interact with.


9.1. Internal transfers: We ensure transfers with our approved affiliates are covered by a data protection agreement, which contractually obliges each approved affiliate to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred to. Please find information about the group companies that we share your personal data with here

9.2. External transfers: (for data subjects protected under the GDPR or the UK GDPR) Where we transfer your Personal Data outside of the EU/EEA or the UK respectively to countries for which no adequacy decision of the EU Commission exists, for example to approved affiliates or third parties who help provide our products and services, we will obtain contractual commitments and or assurances from them on the basis of the EU Standard Contractual Clauses Link and or the UK Standard Contractual Clauses to protect your Personal Data. 

Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal data is disclosed (see additional information under Section 1 above). 


10.1. Rights. The following rights shall apply to individuals who are protected by the GDPR or the UK GDPR. Some of these rights may also apply under your applicable law.

10.2. You have a right to access personal data held about you. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;

10.3. You have the right to request that we rectify any personal data we hold that is inaccurate or misleading;

10.4. You have the right to request the erasure/deletion of your personal data (e.g., from our records). Please note that there may be circumstances in which we are required to retain your personal data, for example for the establishment, exercise or defense of legal claims or for the provision of Services to our Customers;

10.5. You have the right to object, to or to request restriction, of the processing;

10.6. You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;

10.7. You have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your Personal Data, in particular if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

10.8. You have a right to lodge a complaint with your local data protection supervisory authority  We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.

10.9. You can exercise your rights by contacting us at Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request. When processing your request, we may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent commercially reasonably possible, all in accordance with applicable law.

10.10. Deleting your account. If you ever decide to delete your Account, you may do so by emailing If you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account. However, in certain portions of the Services, any public activity on your Account relating to such Services will remain stored on our servers (or on third party servers) prior to deletion and will remain accessible to the public.


Mend’s website uses cookies. Cookies are small text files that are stored on the hard drive of the user to exchange certain settings and data with the systems of Mend via the browser. A cookie generally contains the name of the domain from which the cookie data were sent, as well as information on the age of the cookie and an alphanumeric identifier. Information stored in cookies are not used to identify users and are not merged with any other stored personal data about users. 

Cookies can be blocked or restricted by changing the settings of your browser. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies for the Mend’s website are blocked, then you may no longer be able to fully use all functions of the website.

Cookies are only stored and used to process personal data with your consent and for the purpose of gathering information on how you use our website in order to measure the reach and effectiveness of our services.

Mend also uses a web analytics service (“Analytics Tools”). The Analytics Tools collect information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this Website. We use the information we get from the Analytics Tools to maintain and improve the Website and our products and to improve our Customers’ and Visitors’ experience. 

Additional information may be found under our Cookie Management on our website.


12.1. No sale of personal information. We do not sell your personal information for the intents and purposes of the California Consumer Privacy Act (CCPA).

12.2. Access Requests. California Civil Code Section 1798.83 (and other, similar state statutes) permits our customers who are California residents (or residents of states with similar statutes) to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to Please note that we are only required to respond to one request per customer each year.

12.3. Deletion Of Content From California Residents. If you are a California resident under the age of 18 and a registered user, California Business and Professions Code Section 22581 permits you to remove content or Personal Data you have publicly posted. If you wish to remove such content or Personal Data and you specify which content or Personal Data you wish to be removed, we will do so in accordance with applicable law.  Please be aware that after removal you will not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or Personal Data you have posted and that there may be circumstances in which the law does not require us to enable removal of content.

12.4. Our California Do Not Track Notice. We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual consumer’s online activities over time and across third-party web sites or online services. We may allow third parties, such as companies that provide us with analytics tools, to collect personal information, subject to applicable law, about an individual consumer’s online activities over time and across different web sites when a consumer uses the Services.


We do not offer our products or services for use by children. If you are under 18, you may not use the Website, or provide any information to the Website without the involvement of a parent or a guardian. We do not knowingly collect information from, and/or about children.