Privacy Policy

Currently viewing: English (Original)

Last Updated: 08/12/2025

This Privacy Policy explains how MofidTech collects, uses, stores, and protects personal data in accordance with Moroccan Law 09-08 and the guidelines of the CNDP (Commission Nationale de Protection des Données Personnelles).

By using our Website, you agree to the collection and processing of your personal data as described below.

1. Legal Basis

Personal data processing on this Website is carried out in compliance with:

  • Law 09-08 on the protection of individuals with regard to personal data processing;
  • CNDP recommendations and authorizations;
  • Law 53-05 regarding electronic exchange of legal data.

If necessary, the Website may be declared or authorized by the CNDP as required by Moroccan law.

2. Personal Data We Collect

We may collect the following categories of personal data:

2.1. Data You Provide Directly

  • Name, username, or display name
  • Email address
  • Comments, messages, and content you submit
  • Contact form information
  • Account registration details

2.2. Data Collected Automatically

  • IP address
  • Browser and device information
  • Operating system
  • Referring URLs
  • Pages viewed and time spent
  • Cookies and tracking tools (analytics, preferences)

2.3. Optional Data

  • Newsletter subscriptions
  • Profile information
  • Uploaded images or files (e.g., for posts or comments)

We do not collect sensitive data unless strictly necessary and authorized under Law 09-08.

3. Purpose of Data Processing

Your personal data is processed for one or more of the following legitimate purposes:

  • To provide and improve Website functionality
  • To personalize user experience
  • To manage comments or user-generated content
  • To respond to user inquiries
  • To manage user accounts
  • To send newsletters or notifications (only with user consent)
  • To secure the platform and prevent fraud
  • To analyze Website traffic and performance

4. Data Retention

We retain personal data only for the duration necessary to fulfill its purposes, in accordance with art. 5 of Law 09-08, including:

  • Account data: retained until deletion
  • Analytics data: typically 12–26 months
  • Email and communication logs: up to 3 years

After this period, data is deleted or anonymized.

5. Data Sharing

We do not sell or rent your personal data.

Data may be shared only with:

  • technical service providers (hosting, email service, analytics)
  • security and anti-fraud services
  • legal authorities if required by Moroccan law

All partners handling personal data must comply with Law 09-08 and ensure adequate security.

6. Cookies & Tracking Technologies

We use cookies to:

  • keep user preferences
  • enable login sessions
  • analyze traffic (Google Analytics, etc.)
  • improve user experience

You can modify your browser settings to refuse cookies.
For more details, a separate Cookie Policy can be added upon request.

7. User Rights Under Moroccan Law 09-08

In accordance with Law 09-08, users have the following rights:

Right of Access

You may request a copy of your personal data.

Right of Rectification

You may correct inaccurate or incomplete data.

Right of Cancellation/Deletion

You may request the deletion of your data when legally permitted.

Right of Opposition

You may oppose the processing of your personal data for legitimate reasons.

Right to Withdraw Consent

For processing based on consent (e.g., newsletters), you may withdraw your consent at any time.

Requests may be addressed directly to us using the contact information below.
We commit to responding within the legal delay and in conformity with CNDP procedures.

8. International Data Transfers

If personal data is transferred outside Morocco (e.g., hosting or analytics providers), it will be done:

  • only to countries with adequate legal protection, or
  • under CNDP authorization as per Article 43 of Law 09-08.

9. Data Security

We implement technical and organizational measures to protect your data, including:

  • HTTPS encryption
  • Secure servers
  • Access control
  • Regular security updates
  • Monitoring against unauthorized access

However, no digital system is fully secure. Users are advised to take their own precautions (strong passwords, logout after use, etc.).

10. Third-Party Services

Some third-party tools may process limited user data:

  • Google Analytics / Matomo
  • Email delivery services (e.g., Brevo, SendGrid)
  • Payment gateways (PayPal, Stripe, etc.)
  • Social media integrations

Each third party has its own privacy policy, which we encourage you to review.

11. Minors

Our Website is intended for users over 18 years old.
If a minor accesses the Website, parental supervision is required.
We do not knowingly collect data from minors without parental consent.

12. Modification of the Privacy Policy

We may update this Privacy Policy to comply with Moroccan legal updates or operational needs.
A new “Last Updated” date will be displayed.
Continued use of the Website constitutes acceptance of the updated Policy.

13. Sale of Applications, Digital Products, and Deployment Services

MofidTech may offer paid digital products and services, including but not limited to ready-made applications, source code, scripts, templates, software modules, customization services, deployment assistance, technical support, and maintenance services.

When you purchase an application or digital product from MofidTech, we may collect and process additional personal data necessary to manage the order, deliver the product, provide support, and comply with legal, accounting, tax, and security obligations.

This may include:

  • full name or business name;
  • email address;
  • billing information;
  • country or region;
  • payment status and transaction reference;
  • purchased product details;
  • support messages and technical requests;
  • server, hosting, or deployment information voluntarily provided by the customer;
  • technical logs, error reports, screenshots, or diagnostic information shared for support purposes.

We do not intentionally collect sensitive personal data through the sale of applications unless it is strictly necessary, legally permitted, and provided with appropriate authorization or consent.

14. Payment Processing

Payments may be processed through third-party payment providers such as PayPal, Stripe, bank transfer providers, or other secure payment gateways.

MofidTech does not store full credit card numbers or complete payment credentials on its own servers. Payment data is processed directly by the relevant payment provider according to its own privacy policy, security standards, and terms of service.

We may receive limited payment-related information, such as transaction ID, payment status, payer email address, amount paid, currency, date of payment, and invoice information, only for order management, accounting, fraud prevention, and customer support.

15. Customer Data Inside Purchased or Deployed Applications

When an application is purchased, downloaded, installed, deployed, hosted, or operated by the customer on the customer’s own server, hosting provider, cloud account, computer, or infrastructure, the customer becomes responsible for the personal data processed inside that deployed application.

Unless MofidTech separately provides hosting, maintenance, administration, or support services involving access to the customer’s application or database, MofidTech does not control the data entered, stored, uploaded, deleted, modified, or processed by end users inside the customer’s deployed application.

The customer is responsible for:

  • configuring the application securely;
  • choosing a reliable hosting provider;
  • managing user accounts and permissions;
  • protecting passwords, API keys, and access credentials;
  • maintaining backups;
  • applying updates and security patches;
  • complying with applicable data protection laws;
  • publishing its own Privacy Policy, Terms of Use, Cookie Policy, and legal notices where required;
  • obtaining any required authorizations, declarations, or consents from users or authorities.

If the customer uses the application to collect personal data from third parties, employees, patients, clients, students, buyers, or other users, the customer is responsible for ensuring that such processing complies with applicable law.

16. Support, Maintenance, and Temporary Access

If you request technical support, bug fixing, installation, deployment, migration, maintenance, or customization, you may voluntarily provide MofidTech with access to hosting accounts, server credentials, databases, logs, admin panels, screenshots, or sample data.

You should avoid sharing unnecessary personal data, sensitive data, confidential business data, passwords, production databases, or private keys unless strictly necessary for the requested service.

Where temporary access is required, we recommend that you create limited-access credentials and revoke them after the support service is completed.

MofidTech will use any access or data provided for support only for the purpose of diagnosing, correcting, installing, configuring, or improving the requested service.

17. Security Responsibilities After Delivery or Deployment

MofidTech implements reasonable technical and organizational measures when developing, delivering, or supporting applications. However, once an application is installed, deployed, modified, hosted, or operated outside infrastructure controlled by MofidTech, the security of that environment depends on the customer’s configuration, hosting provider, administrator actions, third-party services, passwords, server updates, firewall rules, database settings, backups, and operational practices.

MofidTech cannot guarantee that any application, server, database, hosting environment, third-party integration, or internet-connected system will be completely secure, uninterrupted, error-free, or immune from unauthorized access, cyberattacks, malware, data corruption, accidental deletion, hosting failure, or third-party service interruption.

Customers are strongly encouraged to maintain regular backups, apply updates, use strong passwords, enable two-factor authentication where available, restrict admin access, protect API keys, monitor logs, and follow security best practices.

18. Data Loss and Customer Backups

Unless otherwise agreed in a separate written support, hosting, or maintenance contract, MofidTech is not responsible for loss, corruption, accidental deletion, unauthorized modification, or unavailability of data stored inside an application after it has been delivered, downloaded, installed, deployed, modified, hosted, or operated by the customer or a third party.

The customer is solely responsible for creating, testing, and maintaining backups of the application, database, media files, configuration files, environment variables, credentials, and any other operational data.

This limitation does not exclude any responsibility that cannot legally be excluded under applicable law.

19. Third-Party Hosting, Libraries, APIs, and Integrations

Applications sold or delivered by MofidTech may use or integrate with third-party services, libraries, APIs, hosting providers, email providers, analytics tools, payment gateways, maps, authentication providers, or other external systems.

These third parties may process data according to their own privacy policies and terms. MofidTech is not responsible for the privacy, security, availability, pricing, configuration changes, failures, or legal compliance of third-party services not controlled by MofidTech.

Customers should review the terms and privacy policies of any third-party service they choose to activate, configure, or connect to their application.

20. Custom Development and Legal Compliance

If MofidTech develops, customizes, or delivers an application according to customer instructions, the customer remains responsible for verifying that the requested features, data fields, workflows, content, legal notices, consent forms, and user-facing policies comply with the laws applicable to the customer’s activity, country, industry, and users.

MofidTech may provide technical recommendations, but such recommendations do not constitute legal, financial, medical, accounting, cybersecurity, or regulatory advice.

Customers should consult qualified professionals where legal or regulatory compliance is required.

21. Contact Information (Law 09-08 Requests)

To exercise your rights under Law 09-08 or request clarification, you may contact us.