Legal

Privacy Policy

Effective date: 1 January 2026

BuzzCard SARL ("BuzzCard", "we", "us", or "our") operates the BuzzCard platform accessible at buzzcard.ma and its subdomains. This Privacy Policy explains how we collect, use, store, and protect your personal data. It applies to all users of our website and services.

This policy is compliant with Moroccan Law No. 09-08 on the Protection of Personal Data and, where applicable, the European General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:
BuzzCard SARL
Twin Center, Boulevard Zerktouni, Casablanca 20100, Morocco
Email: privacy@buzzcard.ma

2. Data We Collect

2.1 Account data

When you register, we collect:

  • Full name and email address
  • Password (stored as a bcrypt hash — never in plain text)
  • Subscription plan (Free or Pro)

2.2 Card data

Data you voluntarily add to your digital business cards, which may include:

  • Name, job title, company, bio
  • Phone number, email address, website, postal address
  • Profile photo, banner image, logo
  • Social media profile links
  • Services, products, business hours, testimonials

This data is publicly visible when your card is active and shared via its unique link or QR code.

2.3 Usage and analytics data

When someone views your card we record:

  • Event type (view, contact save, link click, etc.)
  • Referrer URL
  • Country (derived from IP address — IP is not stored)
  • Timestamp

2.4 Technical data

  • Browser type and version
  • Device type
  • Pages visited and time spent
  • Error logs

3. Legal Basis for Processing

  • Contract performance — to provide and maintain your account and cards.
  • Legitimate interest — to improve the platform, prevent fraud, and ensure security.
  • Consent — for optional marketing communications; you may withdraw at any time.
  • Legal obligation — to comply with applicable Moroccan law.

4. How We Use Your Data

  • Create and manage your account
  • Display your digital business card to people you share it with
  • Generate card analytics for your dashboard
  • Process subscription payments (via Stripe — see Section 7)
  • Send transactional emails (account confirmation, password reset)
  • Detect and prevent fraud or abuse
  • Improve our product through aggregated, anonymised usage analysis

5. Data Sharing

We do not sell your personal data. We share it only with:

  • Cloudflare — infrastructure provider (Workers, D1 database, R2 storage, Pages). Data is processed within Cloudflare's global network.
  • Stripe — payment processor. BuzzCard never stores card numbers. Stripe's privacy policy governs payment data.
  • Public visitors — when you share your card link, the card's content is publicly accessible. You control what you put on it.
  • Law enforcement — if required by a valid court order or applicable law.

6. Data Retention

  • Account and card data: retained for as long as your account is active, then deleted within 30 days of account closure.
  • Analytics events: retained for 24 months, then permanently deleted.
  • Billing records: retained for 10 years as required by Moroccan commercial law.

7. Third-Party Services

Our platform is hosted on Cloudflare's infrastructure. Payments are processed by Stripe, Inc. Both are subject to their own privacy policies which we encourage you to review.

8. Cookies

We use only essential cookies required to operate the service:

  • auth_token — keeps you logged in (HTTP-only, secure, 7-day expiry).
  • vcards_lang — stores your preferred display language (localStorage).

We do not use third-party advertising or tracking cookies.

9. Data Security

We implement the following measures to protect your data:

  • All traffic encrypted via TLS 1.3
  • Passwords hashed with bcrypt (cost factor 12)
  • JWT tokens signed with a secret key, HTTP-only cookies
  • Access to production systems limited to authorised staff
  • Regular security reviews

10. Your Rights

Under Law 09-08 and GDPR, you have the right to:

  • Access — obtain a copy of all personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your account and all associated data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Restriction — request that we limit how we use your data.

To exercise any of these rights, email privacy@buzzcard.ma. We will respond within 30 days. You may also lodge a complaint with the Commission Nationale de contrôle de la Protection des Données à caractère personnel (CNDP) at cndp.ma.

11. International Transfers

Your data may be processed on Cloudflare infrastructure located outside Morocco. In such cases, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure an adequate level of protection.

12. Children

BuzzCard is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided us data, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the effective date at the top of this page and notify registered users by email at least 7 days before any material change takes effect.

14. Contact

Questions about this policy? Reach our Privacy team at privacy@buzzcard.ma or by post at Twin Center, Boulevard Zerktouni, Casablanca 20100, Morocco.