Privacy Policy

Last updated: June 2026

ScanUpGo (Zakaria Zaouat, SIREN 888 077 427) is committed to protecting your personal data in compliance with GDPR (EU 2016/679) and Moroccan Law No. 09-08.

Article 1 — Data Controller

Zakaria Zaouat — ScanUpGo, sole trader, SIREN 888 077 427, Saint-Herblain (44800), France. DPO contact: contact@scanupgo.com. As a micro-enterprise not carrying out large-scale processing of sensitive data, ScanUpGo is not required to designate a DPO under Article 37 of the GDPR.

Article 2 — Data Collected, Purposes and Legal Bases

Merchants (B2B): name, email, phone, establishment, address, logo — for service provision and billing (legal basis: contract performance, Art. 6.1.b GDPR). Players (end customers): first name, email — for game execution and email campaigns (legal basis: consent, Art. 6.1.a GDPR). Technical data: IP address, device, browser, timestamp — for security (legal basis: legitimate interest, Art. 6.1.f GDPR). The game is not intended for persons under 16 years of age.

Article 3 — Processing of Moroccan Players' Data

ScanUpGo acts as a data processor on behalf of the Moroccan merchant (data controller). The merchant is responsible for compliance with Law No. 09-08 and CNDP decisions (www.cndp.ma). Moroccan Players' data is stored on Vercel infrastructure (EU region) and is not transferred to Moroccan entities.

Article 4 — Retention Periods

Merchant data (active account): duration of commercial relationship. After termination: 3 years (civil statute of limitations, Art. 2224 C.civ.). Billing data: 10 years (Art. L123-22 C.com.). Players' data: 1 year after last participation. Vercel logs: 30 days then 12 months (ScanUpGo). Prospecting data: 3 years after last contact. After account deletion: immediate anonymization of personal data.

Article 5 — Sub-processors and Transfers Outside the EEA

Vercel Inc. (hosting, USA, data stored in EU): SCC, SOC 2 Type II, ISO 27001. Stripe Inc. (payments, USA, data in EU): SCC, PCI-DSS Level 1, ISO 27001. GitHub Inc. (source code, USA): SCC, ISO 27001. All transfers to the United States are governed by Standard Contractual Clauses (SCC) adopted by the European Commission (Decision 2021/914/EU).

Article 6 — Rights of Data Subjects

Pursuant to Articles 15 to 22 of the GDPR and Articles 7 and 8 of Moroccan Law No. 09-08, you have the rights of access, rectification, erasure, portability, objection and restriction. Response guaranteed within 30 days. Contact: contact@scanupgo.com. CNIL (France): www.cnil.fr. CNDP (Morocco): www.cndp.ma.