Privacy Policy

1. Introduction

Welcome to Cedar, a digital wallet pass platform operated by NeiroTechs ("Company," "we," "us," or "our"). NeiroTechs is a company registered in Morocco.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Cedar platform and services. We are committed to protecting your privacy in accordance with the European General Data Protection Regulation (GDPR) and Morocco's Law 09-08 on the Protection of Individuals with Regard to Personal Data Processing.

By using Cedar, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, and organization name when you register.
• Pass Data: Customer names, email addresses, and other data you input when creating digital passes.
• Payment Information: Billing details processed through secure payment providers.
• Communications: Messages sent through our support channels.

2.2 Information Collected Automatically

• Usage Data: Pass installations, scans, redemptions, and analytics events.
• Device Information: Browser type, operating system, and device identifiers.
• Location Data: Approximate location when passes trigger geofence notifications (with user consent).
• Log Data: IP addresses, access times, and pages viewed.

3. How We Use Your Information

We use the collected information for:

• Providing and maintaining the Cedar platform
• Creating and distributing digital wallet passes
• Processing transactions and sending related information
• Sending push notifications and pass updates
• Providing customer support
• Analyzing usage patterns to improve our services
• Detecting, preventing, and addressing technical issues and fraud
• Complying with legal obligations

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contract Performance: Processing necessary to provide our services.
• Legitimate Interests: Analytics, security, and service improvements.
• Consent: Marketing communications and optional features.
• Legal Obligation: Compliance with applicable laws.

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third-party companies that help us operate our platform (hosting, email, analytics).
• Apple and Google: Pass data shared with wallet platforms for pass distribution.
• Business Transfers: In connection with mergers, acquisitions, or asset sales.
• Legal Requirements: When required by law or to protect our rights.

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Account data is retained while your account is active. Pass data is retained according to your subscription terms. You may request deletion of your data at any time.

7. Your Rights

Under GDPR and Morocco Law 09-08, you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Request limited processing of your data.
• Portability: Receive your data in a structured, machine-readable format.
• Object: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at contact@neirotechs.com.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Digital signatures on all wallet passes to prevent tampering
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure data centers with physical security measures

9. International Data Transfers

Your data may be transferred to and processed in countries outside Morocco and the European Economic Area. When we transfer data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, to protect your data in accordance with GDPR requirements.

10. Cookies and Tracking

We use essential cookies to operate the platform and optional analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings.

11. Children's Privacy

Cedar is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: