Privacy Policy
Last updated: June 2026
ScanUpGo (Zakaria Zaouat, SIREN 888 077 427) is committed to protecting your personal data in compliance with GDPR (EU 2016/679) and Moroccan Law No. 09-08.
Article 1 — Data Controller
Zakaria Zaouat — ScanUpGo, sole trader, SIREN 888 077 427, Saint-Herblain (44800), France. DPO contact: contact@scanupgo.com. As a micro-enterprise not carrying out large-scale processing of sensitive data, ScanUpGo is not required to designate a DPO under Article 37 of the GDPR.
Article 2 — Data Collected, Purposes and Legal Bases
Merchants (B2B): name, email, phone, establishment, address, logo — for service provision and billing (legal basis: contract performance, Art. 6.1.b GDPR). Players (end customers): first name, email — for game execution and email campaigns (legal basis: consent, Art. 6.1.a GDPR). Technical data: IP address, device, browser, timestamp — for security (legal basis: legitimate interest, Art. 6.1.f GDPR). The game is not intended for persons under 16 years of age.
Article 3 — Processing of Moroccan Players' Data
ScanUpGo acts as a data processor on behalf of the Moroccan merchant (data controller). The merchant is responsible for compliance with Law No. 09-08 and CNDP decisions (www.cndp.ma). Moroccan Players' data is stored on Vercel infrastructure (EU region) and is not transferred to Moroccan entities.
Article 4 — Retention Periods
Merchant data (active account): duration of commercial relationship. After termination: 3 years (civil statute of limitations, Art. 2224 C.civ.). Billing data: 10 years (Art. L123-22 C.com.). Players' data: 1 year after last participation. Vercel logs: 30 days then 12 months (ScanUpGo). Prospecting data: 3 years after last contact. After account deletion: immediate anonymization of personal data.
Article 5 — Sub-processors and Transfers Outside the EEA
Vercel Inc. (hosting, USA, data stored in EU): SCC, SOC 2 Type II, ISO 27001. Stripe Inc. (payments, USA, data in EU): SCC, PCI-DSS Level 1, ISO 27001. GitHub Inc. (source code, USA): SCC, ISO 27001. All transfers to the United States are governed by Standard Contractual Clauses (SCC) adopted by the European Commission (Decision 2021/914/EU).
Article 6 — Rights of Data Subjects
Pursuant to Articles 15 to 22 of the GDPR and Articles 7 and 8 of Moroccan Law No. 09-08, you have the rights of access, rectification, erasure, portability, objection and restriction. Response guaranteed within 30 days. Contact: contact@scanupgo.com. CNIL (France): www.cnil.fr. CNDP (Morocco): www.cndp.ma.