Privacy Policy

Effective Date: August 3, 2025

Note for registration: Form F-211/F-214 submitted to CNDP. We’ll publish the receipt number here within 7 days of issuance.

Legal Duty of Data Quality: Under Law 09-08 Art 3, we collect only what’s necessary, verify accuracy on update, and delete or anonymize when no longer needed.

Processor Contracts

• Act only on our instructions and maintain confidentiality (Law 09-08 Art 20).
• Implement security measures (encryption, access controls) per Art 23.
• Subcontracting requires CNDP notification.

Data Breach Handling

• Record all security incidents in our internal breach register.
• Notify CNDP within 72 hours of discovery (if non-minimal risk).

Cookies & Tracking

No cookies, pixels, or behavioral tags on App or Site. Future tracking will require user consent banner.

Your Right to Escalate

Lodge complaints with CNDP: www.cndp.ma.

This policy covers the Brickol App and website (brickol.com), operated by InnoCraft SARL (Casablanca Registry No. 12345). Complies with Law 09-08 and supports our CNDP registration.

1. Information We Collect

1.1 Required User-Provided Information

• First name, last name
• Email address
• Phone number
• Date of birth (≥ 18 years old)
• Profile picture
• City / location

1.2 Automatically Collected Information

• IP address & device identifiers (e.g. Advertising ID)
• OS & browser type
• Usage logs (screens, session durations)
• Crash reports (anonymized)
• Transaction metadata (amounts, dates, status, commissions)

1.3 Payment Data

We do not collect raw payment credentials. PCI-DSS processors (e.g. CMI, PayZone) supply tokenized IDs, masked card refs, and timestamps only.

2. Legal Bases for Processing

• Contract Necessity — account operation, payments
• Legal Obligation — financial record-keeping
• Legitimate Interests — fraud prevention, security
• Explicit Consent — optional features (marketing)

Withdrawal: Email support@brickol.com or use account settings.

3. How We Use Information

• Provide & manage services
• Process payments & commissions
• Prevent fraud & abuse
• Aggregate analytics for improvement
• Comply with legal & regulatory requests

4. Data Sharing

4.1 Recipients

• Payment processors (token data only)
• Cloud providers (Morocco)
• Legal authorities per Art 108
• Auditors for compliance

4.2 Processor Compliance

• Confidentiality obligations (Art 20)
• Data minimization & purpose limitation
• Technical security (Art 23)
• CNDP notice for subcontracting

5. Data Retention

• Active accounts: until deletion request
• Inactive accounts: 5 years post-last activity
• Transaction records: 10 years (tax)
• Technical logs: 24 months max

6. Your Rights

• Access & portable copies
• Rectify inaccuracies
• Request erasure (where allowable)
• Object to legitimate-interest processing
• Restrict processing during disputes

Requests handled within 30 days. Email support@brickol.com or DPO. Complaints to CNDP at www.cndp.ma.

7. Security Measures

• TLS encryption in transit
• Encryption at rest
• Access controls & audit logging
• Staff bound by confidentiality

8. Children’s Privacy

• Age verification at signup
• Reject birthdates under 18

9. Policy Updates

• 30-day notice for material changes
• Clear summary of modifications
• Re-consent for significant processing changes

10. Contact Information

Data Controller:
InnoCraft SARL
2 RUE ESSANAOUBAR ETG 4 BUREAU 12 – CASABLANCA – MOROCCO
support@brickol.com