Privacy Policy

1. Introduction

Welcome to MoroccoNaut!

This Privacy Policy explains how MoroccoNaut ("we", "us", or "our") collects, uses, shares, and protects your personal information when you use our mobile application (the "APP").

We are committed to protecting your privacy and complying with:

• Moroccan Law No. 09-08 on the Protection of Personal Data (2009)
• Law No. 31-08 on Consumer Protection (2011, amended 2024)
• Law No. 05-20 on Cybersecurity (2020)
• CNDP Regulations (Commission Nationale de contrôle de la protection des Données à caractère Personnel)

2. Data Controller & Legal Basis

2.1 Data Controller Information

Information	Details
Company Name	United Behavioral and Cognitive Group SARL
Business Address	RES JAWHARA, RUE IMAM CHAFII, Quartier Hivernage, Marrakech 40020, Morocco
Email	privacy@ubcg.net
Phone	+212524401007
CNDP Registration	Registration in progress
Data Protection Officer (DPO)	dpo@ubcg.net

2.2 Legal Basis for Processing

We process your personal data based on:

• Consent: You explicitly agree to data processing for specific purposes
• Contract Performance: Processing necessary to provide APP services
• Legal Obligations: Compliance with Moroccan law
• Legitimate Interest: Fraud prevention, security, and service improvement

2.3 Applicable Laws

Our data processing complies with:

• Moroccan Law No. 09-08 on the Protection of Personal Data (2009)
• Law No. 31-08 on Consumer Protection (2011, amended 2024)
• Law No. 05-20 on Cybersecurity (2020)
• Telecommunications Law under ANRT supervision
• CNDP Regulations

3. Scope and Purpose

This Privacy Policy applies to the MoroccoNaut Mobile Application (the "APP"), available on:

• iOS devices (Apple App Store)
• Android devices (Google Play Store)

The APP serves as a digital travel companion for Morocco, providing tourism information, service provider directories, safety features, and community functions.

4. Data Collection

4.1 Information You Provide Directly

4.1.1 Account Information

When you create an account:

• Full name
• Email address
• Password (encrypted)
• Phone number (optional)
• Profile picture (optional)
• Preferred language (English, French, German, Spanish, Arabic)

4.1.2 Profile Information

• Travel preferences (accommodation type, budget range, interests)
• Emergency contact information (optional but recommended)
• Dietary restrictions (for restaurant recommendations)

4.1.3 User-Generated Content

• Reviews and ratings of services
• Photos and videos you upload
• Comments and forum posts
• Questions and answers in the community section
• Saved itineraries and favorite locations

4.1.4 Payment Information

PAYMENT PROCESSORS USED:

1. APPLE IN-APP PURCHASE (iOS):

• Processor: Apple Inc.
• Data handled: Apple manages all transaction data
• Security: PCI-DSS Level 1 compliant
• We receive: Transaction ID, purchase status, receipt (no card details)

2. GOOGLE PLAY BILLING (Android):

• Processor: Google LLC
• Data handled: Google manages all transaction data
• Security: PCI-DSS Level 1 compliant
• We receive: Order ID, purchase token, receipt (no card details)

3. STRIPE:

• Processor: Stripe, Inc.
• Data handled: Card details processed directly by Stripe
• Security: PCI-DSS Level 1 compliant
• We receive: Payment intent ID, transaction status (no card details)

4. PAYPAL:

• Processor: PayPal Holdings, Inc.
• Data handled: PayPal manages all payment data
• We receive: Transaction ID, payer email (if consented), status

WHAT WE STORE:

• Transaction ID / Order number
• Purchase date & time
• Product/service purchased
• Transaction amount & currency
• Transaction status (pending/completed/refunded)

WHAT WE NEVER STORE:

• Credit/debit card numbers
• CVV/CVC security codes
• Card expiration dates
• Full card details of any kind
• Bank account information

4.1.5 Communication Data

• Messages sent through in-app chat with service providers
• Customer support inquiries
• Feedback and survey responses

4.2 Information Collected Automatically

4.2.1 Location Data (WITH YOUR PERMISSION)

• Precise GPS coordinates (when location services are enabled)
• City and region information
• Distance to points of interest
• Travel routes and patterns within Morocco

4.2.2 Device Information

• Device type and model (e.g., iPhone 14, Samsung Galaxy S23)
• Operating system version (iOS 17, Android 14)
• Unique device identifiers (for security and fraud prevention)
• Screen resolution and display settings
• Language and region settings
• Mobile network information (carrier name, network type)

4.2.3 App Usage Data

• Features you use most frequently
• Time spent in the APP
• Actions taken (searches, bookings, reviews)
• Pages/screens viewed
• Buttons clicked and interactions
• Session duration and frequency

4.2.4 Technical Data

• IP address (anonymized for analytics)
• Browser type (for web version)
• Time zone and local time
• Crash reports and error logs
• Performance metrics (loading times, response rates)

4.3 Information from Third Parties

4.3.1 Social Media Login (Optional)

If you choose to sign up using:

• Google Account: Name, email, profile picture
• Apple ID: Name, email (or private relay email)
• Facebook: Name, email, profile picture (if you grant permission)

4.3.2 Service Providers

We receive confirmation data from:

• Hotels and accommodations (booking confirmations)
• Tour operators (reservation details)
• Restaurant partners (table reservations)

4.3.3 Push Notification Services

We use platform-specific push notification services:

iOS DEVICES:

• Service: Apple Push Notification Service (APNS)
• Data shared: Device token (anonymous identifier)
• Privacy: Apple does not store message content

ANDROID DEVICES:

• Service: Firebase Cloud Messaging (FCM)
• Data shared: Device token, notification content
• Purpose: Deliver notifications to your device
• Privacy: Tokens are anonymized and cannot identify you personally

What We Send in Notifications:

• Safety alerts (weather warnings, travel advisories)
• Booking confirmations
• Community messages (if enabled)
• App updates & announcements

What We NEVER Send:

• Marketing or promotional messages (without consent)
• Third-party advertisements
• Spam or unsolicited content

4.6 App Permissions & Device Access

Our APP requests the following device permissions:

4.6.1 LOCATION PERMISSIONS (REQUIRED)

Why We Need It:

• Display your current position on the map
• Provide nearby recommendations (hotels, restaurants, attractions)
• Calculate distances & travel times
• Enable safety features (emergency services, consulate locations)
• Show weather for your current location

How to Manage:

• iOS: Settings > Privacy & Security > Location Services > MoroccoNaut
• Android: Settings > Apps > MoroccoNaut > Permissions > Location

4.6.2 CAMERA PERMISSION (OPTIONAL)

Why We Need It:

• Upload photos for reviews & community posts
• Share travel experiences
• Document your journey

4.6.4 NOTIFICATION PERMISSION (OPTIONAL)

Why We Need It:

• Safety alerts (weather, travel advisories)
• Booking confirmations
• Community interactions
• APP updates

You can disable notifications entirely without affecting core APP functionality.

5. How We Use Your Data

We use your personal data for the following purposes:

5.1 Provide & Improve APP Services

• Display personalized content and recommendations
• Enable booking and reservation features
• Process payments and transactions
• Provide customer support
• Develop and improve APP functionality
• Conduct research and analytics

5.2 Safety & Security

• Verify your identity and prevent fraud
• Protect against security threats
• Send safety alerts and travel advisories
• Monitor APP performance and stability
• Detect and prevent abuse or violations

5.3 Communication

• Send booking confirmations and updates
• Respond to your inquiries and support requests
• Notify you about APP updates and new features
• Share important announcements
• Send marketing communications (with your consent)

5.4 Legal Compliance

• Comply with Moroccan laws and regulations
• Respond to legal requests from authorities
• Enforce our Terms of Service
• Protect our rights and property

6. Data Sharing & Third Parties

We share your data ONLY in the following circumstances:

6.1 Service Providers

We work with trusted third-party companies to operate the APP:

Service	Purpose	Data Shared
Google Maps Platform	Display maps, provide directions, show points of interest	Location data, search queries
Firebase (Google)	Authentication, analytics, crash reporting, push notifications	User ID, device info, app usage data
Cloudflare	Content delivery, security, DDoS protection	IP address (anonymized), device type
Amazon Web Services (AWS)	Cloud hosting, data storage, backup	All data stored on our servers (EU data centers)

6.6 What We NEVER Do

7. Data Retention

We retain your data for as long as necessary to provide services and comply with legal obligations:

7.1 Retention Periods

Data Type	Duration	Notes
Account Data	Until you delete your account	30-day grace period (recoverable), then permanently deleted
Transaction Records	10 years	Moroccan tax law requirement
Location History	12 months (rolling)	Automatic deletion of data older than 12 months
Analytics Data	26 months (Firebase standard)	All personal identifiers removed after 90 days

7.2 Your Data Deletion Options

You can delete:

• Individual reviews, photos, or posts (anytime)
• Location history (Settings > Privacy > Location History > Clear)
• Search history (Settings > Privacy > Search History > Clear)
• Entire account (Settings > Account > Delete Account)

8. Your Rights Under Moroccan Law

Under Moroccan Law No. 09-08, you have the following rights:

8.1 Right to Access (Art. 8)

Request a copy of all personal data we hold about you.

How: Settings > Privacy > Download My Data OR Email: privacy@ubcg.net

Response time: Within 30 days

8.2 Right to Rectification (Art. 9)

Correct inaccurate or incomplete personal data.

How: Settings > Profile > Edit Information OR Email: privacy@ubcg.net

8.3 Right to Deletion (Art. 10)

Request deletion of your personal data ("Right to be Forgotten").

How: Settings > Account > Delete Account OR Email: privacy@ubcg.net

Note: We may retain data if legally required (e.g., tax records)

8.7 How to Exercise Your Rights

To exercise your rights, contact us at:

We will respond within 30 days (extendable to 60 days for complex requests).

8.8 Right to Lodge a Complaint

If you believe we violated your privacy rights, you can file a complaint with:

9. Children's Privacy

9.1 Age Requirements

The APP is intended for users aged 13 years or older, in compliance with:

• Children's Online Privacy Protection Act (COPPA) - USA
• Apple App Store Guidelines (13+)
• Google Play Store Requirements (13+)

Users between 13-18 years must obtain parental or legal guardian consent before registration.

9.4 What to Do if You're a Parent

10. Security Measures

We implement industry-standard security measures to protect your data:

10.1 Technical Security

Encryption:

• TLS 1.3 for data in transit (all communications)
• AES-256 for data at rest (stored data)
• End-to-end encryption for payment data

Access Controls:

• Multi-factor authentication (MFA) for staff access
• Role-based access control (RBAC)
• Regular access audits and reviews
• Principle of least privilege

10.5 Security Limitations

10.6 Reporting Security Issues

14. Changes to This Privacy Policy

14.1 Notification of Changes

We may update this Privacy Policy to:

• Comply with new regulations
• Reflect new APP features
• Improve clarity and transparency

When we make changes:

• We will notify you via in-app notification
• We will send an email to your registered address
• We will update the "Last Updated" date
• Material changes require your acceptance

14.3 Version History

Version	Date	Changes
1.0	November 21, 2025	Launch Version

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

16. Regulatory Authority

This Privacy Policy is compliant with and supervised by:

End of Privacy Policy

Thank you for trusting MoroccoNaut with your personal information.

We are committed to protecting your privacy and providing you with a safe, transparent, and enjoyable travel experience in Morocco.