Last updated: April 29, 2026

Privacy Policy

Your privacy matters to us. Learn how NFTech collects, uses, and protects your personal data.

1. Introduction

NFTech ("we," "our," or "us") operates nftech.ma and provides a restaurant management and food ordering platform accessible via our website and mobile applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you interact with our services.

By accessing or using NFTech services, you acknowledge that you have read and understood this Privacy Policy. If you disagree with any part of it, please discontinue use of our services.

This policy applies to all users including restaurant operators, end customers placing orders, and visitors browsing our website.

2. Information We Collect

We collect information in the following categories:

  • Account & Profile Data: Name, email address, phone number, password (hashed), profile photo, and business details provided during registration.
  • Order & Transaction Data: Order history, items purchased, delivery addresses, special instructions, and order status.
  • Payment Information: Payment method type (card, cash, etc.). We do not store full card numbers; payment processing is handled by certified third-party providers.
  • Location Data: Precise or approximate geolocation (with your explicit permission) for delivery coordination and restaurant discovery.
  • Device & Technical Data: Device model, operating system, unique device identifiers, IP address, browser type, and mobile network information.
  • Usage & Behavioral Data: Pages visited, features used, session duration, click patterns, search queries, and crash reports.
  • Communications: Messages sent to our support team, feedback submitted, and responses to surveys or promotions.
  • Camera & Media: Only when explicitly granted permission; used by restaurant owners to upload menu photos.

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service Delivery: Process orders, coordinate delivery, manage accounts, and provide core platform functionality.
  • Transactional Communications: Send order confirmations, delivery updates, payment receipts, and critical service alerts.
  • Customer Support: Respond to inquiries, resolve disputes, and troubleshoot technical issues.
  • Safety & Security: Detect and prevent fraud, abuse, unauthorized access, and other harmful activities.
  • Analytics & Improvement: Understand usage patterns, improve features, fix bugs, and optimize user experience.
  • Legal Compliance: Meet regulatory obligations, respond to lawful requests, and enforce our Terms of Service.
  • Marketing (with consent): Send promotional offers, product updates, and newsletters. You can opt out at any time via the unsubscribe link or account settings.

4. Data Sharing & Disclosure

We do not sell your personal data. We may share it in limited circumstances:

  • Service Providers: Trusted partners who help us operate the platform: cloud hosting (AWS, Google Cloud), payment processors, SMS/email delivery services, and analytics providers — all bound by strict data processing agreements.
  • Restaurant Partners: Order details are shared with the restaurant fulfilling your order. They are prohibited from using your data for any other purpose.
  • Legal Obligations: We may disclose data when required by law, court order, or governmental authority, or to protect the rights and safety of our users.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
  • With Your Consent: We will share your data with other third parties only when you have given explicit consent.

5. Data Retention

We retain personal data only for as long as necessary:

  • Account Data: Retained for the duration of your account. Deleted within 30 days of an account deletion request, except where legal retention is required.
  • Order History: Retained for up to 5 years for tax, legal, and financial compliance obligations.
  • Analytics Data: Aggregated and anonymized after 26 months; individual usage logs deleted sooner.
  • Payment Records: Transaction metadata retained for 5 years per financial regulations; full card data never stored.
  • Support Tickets: Retained for 2 years after resolution for quality assurance and dispute handling.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing for direct marketing or based on legitimate interests.
  • Right to Restrict Processing: Request that we limit how we use your data while a dispute is resolved.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@nftech.ma. We will respond within 30 days.

7. Security Measures

We implement industry-standard technical and organizational security measures to protect your data:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2+/HTTPS.
  • Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256.
  • Access Controls: Role-based access control (RBAC) ensures only authorized personnel can access personal data.
  • Regular Audits: Periodic security assessments, penetration testing, and vulnerability scans.
  • Incident Response: Documented procedures to detect, respond to, and notify users of data breaches within 72 hours.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@nftech.ma. Upon verification, we will promptly delete such information from our systems.

Restaurant owners using our platform must ensure their own services comply with applicable laws regarding minors in their jurisdiction.

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies on our platform:

  • Essential Cookies: Required for authentication, session management, and core platform functionality. Cannot be disabled.
  • Analytics Cookies: Used to understand how users interact with our platform (e.g., Google Analytics). You can opt out via browser settings or our cookie preferences.
  • Preference Cookies: Remember your settings such as language, theme, and display preferences.
  • Marketing Cookies: Used to deliver relevant advertisements and measure campaign effectiveness. Require your consent.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

10. Third-Party Services

Our platform integrates third-party services to deliver our features. Each has its own privacy practices:

  • Google Analytics & Firebase: Usage analytics and app performance monitoring. Subject to Google's Privacy Policy.
  • Google Maps: Location services, store mapping, and delivery routing. Subject to Google's Privacy Policy.
  • Payment Processors: CMI, Stripe, and other certified payment gateways handle transaction processing. We do not store payment credentials.
  • Cloud Infrastructure: Amazon Web Services and Google Cloud Platform for data hosting and processing.
  • Push Notification Services: Firebase Cloud Messaging for order status and delivery alerts.

Our platform may contain links to third-party websites. We are not responsible for their privacy practices and recommend reviewing their policies.

11. International Data Transfers

NFTech is based in Morocco. Your data may be processed in countries outside your own, including Morocco, the European Union, and the United States.

When transferring data internationally, we apply appropriate safeguards including Standard Contractual Clauses (SCCs) as approved by relevant authorities, and ensure recipients provide an adequate level of data protection.

Moroccan data processing complies with Law 09-08 on Protection of Personal Data and the CNDP framework.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will notify you via email or an in-app notification at least 7 days before the changes take effect. The updated "Last Updated" date at the top of this policy reflects the most recent revision.

Your continued use of our services after the effective date of the revised policy constitutes your acceptance of the changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

  • Company: NFTech SARL
  • Email: privacy@nftech.ma
  • Website: https://nftech.ma
  • Address: Casablanca, Morocco
  • Response Time: We aim to respond to all privacy-related inquiries within 30 calendar days.
GDPR Compliant
Apple App Store
Google Play
Loi 09-08 (Maroc)