1. Introduction

klikcard ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use klikcard ("the Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

This Privacy Policy applies to:

• All users of klikcard, including registered account holders and visitors to public profiles.
• All services provided by klikcard, including the website, mobile applications, and NFC/QR products.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using the Service:

Account Information

• Name and username
• Email address
• Password (encrypted)
• Phone number (optional)

Profile Content

• Title/name, subtitle, and description
• Contact information (phone, email, website, WhatsApp, address)
• Social media links (Facebook, Instagram, LinkedIn, etc.)
• Business hours
• Products and services information
• Testimonials
• Media files (images, videos)
• Logo and banner images
• Google Place ID for reviews
• Custom domain information

Order Information

• Full name
• Phone number
• Shipping address (city, address)
• Order history and preferences
• Payment information (for cash on delivery: payment is collected upon delivery)

Communication Data

• Support requests and correspondence
• Feedback and survey responses

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect:

Device Information

• Device type and model
• Operating system and version
• Browser type and version
• Screen resolution

Usage Information

• Pages visited and features used
• Time spent on the Service
• Click-throughs and interactions
• Error logs and crash reports

Location Information

• General geographic location based on IP address
• Language preferences

2.3 Analytics Data

For profile analytics (available on Pro and Ultimate plans), we collect:

• Profile visit counts
• QR code scan events
• Visitor sources and referrers
• Interaction data (button clicks, contact saves)
• Visitor hashes (anonymized identifiers, not personal data)

Note: We do not collect personally identifiable information from visitors to public profiles. Analytics use anonymized visitor hashes for tracking purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Create and manage your account
• Display your profiles and content
• Generate and serve QR codes
• Process orders and manage deliveries
• Activate NFC products
• Configure custom domains

3.2 Communication

• Send service-related notifications
• Respond to support requests
• Send promotional communications (with your consent)
• Notify you of policy changes

3.3 Analytics & Improvement

• Provide analytics to profile owners
• Monitor Service performance
• Identify and fix technical issues
• Improve features and user experience

3.4 Security & Legal

• Detect and prevent fraud
• Protect against spam and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Respond to lawful requests from authorities

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

4.1 Contract Performance

We process your data to provide the Service you have requested, including:

• Account creation and management
• Profile hosting and display
• Order processing and delivery
• Subscription management

4.2 Legitimate Interests

We process data for our legitimate business interests, including:

• Analytics and service improvement
• Fraud prevention and security
• Direct marketing (with opt-out option)

4.3 Consent

We rely on consent for:

• Marketing communications
• Certain cookies and tracking technologies
• Optional features requiring explicit agreement

4.4 Legal Obligation

We process data to comply with legal requirements, including:

• Tax and accounting obligations
• Response to lawful government requests
• Protection of legal rights

5. Data Sharing & Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

5.1 Public Profiles

Information you add to your public profiles is visible to anyone who accesses your profile link or scans your QR code. You control what information to include in your public profiles.

5.2 Service Providers

We share data with third-party service providers who perform services on our behalf:

• Hosting Providers: Server infrastructure and data storage
• Email Services: Transactional and marketing emails
• Analytics Services: Usage tracking and reporting
• Payment Processors: For non-COD payment methods
• Shipping Partners: For product delivery (name, phone, address)
• Maps Services: OpenStreetMap for location geocoding

All service providers are bound by confidentiality obligations and data protection agreements.

5.3 Legal Requirements

We may disclose your data if required by law, court order, or government request, or when we believe disclosure is necessary to:

• Comply with legal process
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service
• Respond to emergencies

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change.

5.5 Aggregated Data

We may share aggregated, anonymized data that does not identify you for various purposes, including research and marketing.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your preferences and activity.

6.1 Types of Cookies We Use

6.2 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

6.3 Third-Party Tracking

Some third-party services we use may set their own cookies. These are governed by the respective third parties' privacy policies.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected:

7.1 Account Data

Retained while your account is active and for a reasonable period thereafter to:

• Allow account recovery
• Comply with legal obligations
• Resolve disputes

7.2 Profile Content

Retained while your account is active. Upon account deletion, profile content is typically deleted within 30 days, except:

• Backups may retain data for up to 90 days
• Anonymized analytics data may be retained indefinitely

7.3 Order Data

Retained for 7 years to comply with tax and accounting requirements.

7.4 Analytics Data

Anonymized visitor analytics are retained for 2 years. Aggregated statistics may be retained indefinitely.

7.5 Legal Holds

Data subject to legal holds or disputes will be retained until the matter is resolved.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 Access

You have the right to request a copy of the personal data we hold about you. To request your data, contact us at contact@klikcard.com.

8.2 Rectification

You can update most of your personal information directly through your account settings. For other corrections, contact us at contact@klikcard.com.

8.3 Erasure (Right to be Forgotten)

You can request deletion of your personal data. We will delete your data unless:

• We are required to retain it by law
• It is necessary for legal claims
• It has been anonymized

8.4 Data Portability

You can request an export of your data in a machine-readable format (JSON or CSV). This includes:

• Profile information
• Contacts and social links
• Products and services
• Media files

8.5 Restriction of Processing

You can request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of your data.

8.6 Objection

You can object to:

• Processing based on legitimate interests
• Direct marketing communications

8.7 Withdraw Consent

Where we rely on consent, you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

8.8 Lodge a Complaint

If you believe we have violated your data protection rights, you can lodge a complaint with your local data protection authority. In Morocco, this is the Commission Nationale de contrôle de la Protection des Données à Caractère Personnel (CNDP).

8.9 How to Exercise Your Rights

To exercise any of these rights, contact us at contact@klikcard.com with:

• Your name and account email
• The specific right you wish to exercise
• Any relevant details

We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

9.1 Technical Measures

• Encryption: SSL/TLS encryption for data in transit
• Access Controls: Role-based access to personal data
• Authentication: Secure password hashing and session management
• Monitoring: Security event logging and monitoring
• Backups: Regular encrypted backups

9.2 Organizational Measures

• Staff training on data protection
• Confidentiality agreements with employees and contractors
• Regular security assessments
• Incident response procedures

9.3 No Guarantee

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9.4 Data Breach Notification

In the event of a data breach that poses a risk to your rights, we will notify you within 72 hours and inform the relevant supervisory authority as required by law.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence.

10.1 Data Location

We primarily store and process data within Morocco. Some service providers may be located in other countries.

10.2 Safeguards

When transferring data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by relevant authorities
• Data processing agreements with all service providers
• Compliance with applicable data protection laws

10.3 Your Consent

By using the Service, you acknowledge and consent to the transfer of your data as described in this policy.

11. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Data Protection Inquiries: contact@klikcard.com
• General Support: contact@klikcard.com
• Website: www.klikcard.com / www.klikcard.ma

We will respond to your inquiry within 30 days.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

12.1 Notification of Changes

We will notify you of material changes by:

• Email to your registered email address
• Notice displayed within the Service
• Updating the "Last updated" date at the top of this page

12.2 Your Continued Use

Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised Privacy Policy. If you do not agree to the changes, you should stop using the Service and request deletion of your data.

12.3 Review Date

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.