Privacy Policy
Effective Date: August 3, 2025
Note for registration: Form F-211/F-214 submitted to CNDP. We’ll publish the receipt
number here within 7 days of issuance.
Legal Duty of Data Quality: Under Law 09-08 Art 3, we collect only what’s necessary,
verify accuracy on update, and delete or anonymize when no longer needed.
Processor Contracts
- Act only on our instructions and maintain confidentiality (Law 09-08 Art 20).
- Implement security measures (encryption, access controls) per Art 23.
- Subcontracting requires CNDP notification.
Data Breach Handling
- Record all security incidents in our internal breach register.
- Notify CNDP within 72 hours of discovery (if non-minimal risk).
Cookies & Tracking
No cookies, pixels, or behavioral tags on App or Site. Future tracking will require user consent banner.
Your Right to Escalate
Lodge complaints with CNDP: www.cndp.ma.
This policy covers the Brickol App and website (brickol.com), operated by InnoCraft SARL
(Casablanca Registry No. 12345). Complies with Law 09-08 and supports our CNDP registration.
1. Information We Collect
1.1 Required User-Provided Information
- First name, last name
- Email address
- Phone number
- Date of birth (≥ 18 years old)
- Profile picture
- City / location
1.2 Automatically Collected Information
- IP address & device identifiers (e.g. Advertising ID)
- OS & browser type
- Usage logs (screens, session durations)
- Crash reports (anonymized)
- Transaction metadata (amounts, dates, status, commissions)
1.3 Payment Data
We do not collect raw payment credentials. PCI-DSS processors (e.g. CMI, PayZone) supply
tokenized IDs, masked card refs, and timestamps only.
1.4 Location Tracking
Our App may collect your location information to enable core services such as
matching workers with nearby tasks, route optimization, and providing live estimated times of arrival (ETAs).
- Foreground Location: Collected only while you actively use the App, after granting
permission.
- Background Location (if enabled): Used to update your availability or job status even when
the App is minimized or the screen is off.
- Accuracy: GPS, Wi-Fi, and cell network data may be used to estimate your position.
- When location is shared:
- We share a worker’s current location coordinates with the client only after the worker has
explicitly accepted and been assigned the task.
- We share the task’s exact location with the worker only after the task has been assigned to them
(i.e., after they accept the task, and the client selects them as the worker for the task).
- We may compute and share an estimated travel time (ETA) of the worker to the task with the client
who owns the task; ETA is approximate and based on available routing and location data.
You can control or withdraw permission at any time in your device’s settings:
Settings → Privacy → Location Services → Brickol.
Legal Basis: Location data is processed only with your explicit consent (Law 09-08 Art 4 & 5).
You may disable location tracking without affecting basic app functionality, except for features requiring it
(e.g. nearby search, display tasks for workers).
2. Legal Bases for Processing
- Contract Necessity — account operation, payments
- Legal Obligation — financial record-keeping
- Legitimate Interests — fraud prevention, security
- Explicit Consent — optional features (marketing)
Withdrawal: You may withdraw consent or manage account deletion directly from the App (see
section 10) or contact support@brickol.com for assistance.
3. How We Use Information
- Provide & manage services
- Process payments & commissions
- Prevent fraud & abuse
- Aggregate analytics for improvement
- Comply with legal & regulatory requests
- Enable location-based matching and logistics: share worker coordinates and ETAs with clients after task
assignment, and provide exact task location to the assigned worker to enable task fulfilment.
4. Data Sharing
4.1 Recipients
- Payment processors (token data only)
- Cloud providers (Morocco)
- Legal authorities per Art 108
- Auditors for compliance
- Clients: when a worker explicitly accepts and is assigned a task, we share the worker’s current location
coordinates and an estimated travel time (ETA) to the task with the client who owns the task.
- Workers: the exact task location is shared with the worker only after they have been assigned the task
(after accepting it).
4.2 Processor Compliance
- Confidentiality obligations (Art 20)
- Data minimization & purpose limitation
- Technical security (Art 23)
- CNDP notice for subcontracting
5. Data Retention
- Active accounts: until deletion request
- Inactive accounts: 5 years post-last activity
- Transaction records: 10 years (tax)
- Technical logs: 24 months max
6. Your Rights
- Access & portable copies
- Rectify inaccuracies
- Request erasure (where allowable)
- Object to legitimate-interest processing
- Restrict processing during disputes
Requests handled within 30 days. Email support@brickol.com
or DPO. Complaints to CNDP at www.cndp.ma.
7. Security Measures
- TLS encryption in transit
- Encryption at rest
- Access controls & audit logging
- Staff bound by confidentiality
8. Children’s Privacy
- Age verification at signup
- Reject birthdates under 18
9. Policy Updates
- 30-day notice for material changes
- Clear summary of modifications
- Re-consent for significant processing changes
10. Delete Your Account & Personal Data
You can delete your account and personal data directly from the Brickol App without contacting support.
-
In-app deletion: Go to Account → Delete Account and follow the
on-screen steps to confirm deletion. We may ask you to verify your identity in-app (for example, by
confirming your registered phone number or by entering a verification code).
-
Immediate effects:
- Your personal information (such as name, email, phone number, and payment details) will be
scheduled for permanent removal in accordance with our retention policy and applicable law.
- Any tasks you have created will remain in the system to ensure service continuity for other
users, but these tasks will no longer be linked to your personal identity.
- If you used social sign-in providers, revocation of provider tokens may be performed as part of
deletion when feasible.
If you prefer, you may still contact support@brickol.com for
assistance with deletion or to request additional information about the process.
11. Contact Information
Data Controller:
InnoCraft SARL
2 RUE ESSANAOUBAR ETG 4 BUREAU 12 – CASABLANCA – MOROCCO
support@brickol.com