Safimeal Privacy Policy (Closed Beta)

Hello and welcome to the Safimeal Beta!
Transparency is at the heart of our mission. Whether it concerns the composition of your food or your personal data, we want everything to be perfectly clear for you.

This Privacy Policy describes how Safimeal Solutions S.A.R.L A.U (“we”, “our”) collects, uses and protects your data when you use our website (https://safimeal.com) and our application during this closed beta phase.

---

1. Data controller

• Company name: SAFIMEAL SOLUTIONS S.A.R.L A.U
• Registered office: Boulevard Abdelmoumen, N°236, Rue Pasquier, Immeuble F8, 2nd floor, Office No. 6, 20100 Casablanca, Morocco
• Contact: contact@safimeal.com
• Legal compliance: Our data-processing activities have been notified to the CNDP (the National Commission for the Protection of Personal Data).

2. Data collected

To deliver and ensure the smooth operation of our services, we are required to collect and process the following categories of data.

• Account information: e-mail address, phone number and name (optional).
• Application usage data: the products you scan, the items you add to your digital inventory and your shopping lists.
• Sensitive health data: your allergies or intolerances. Because this data is highly personal, we only collect it if you tick the explicit opt-in consent checkbox during registration.
• Technical data: device identifier and error reports to help us fix bugs during this beta phase.

3. Purposes of processing

We process your data for the following specific purposes:

• Account management: for the creation, administration, authentication and security of your user profile.
• Decision support and prevention (Scan and Profile): to analyse the products you scan or submit and alert you if an allergen previously entered in your food profile is detected.
• Inventory management: to track the expiry dates of your products and send reminder notifications.
• Shopping management: to enable the creation, editing and synchronisation of your shopping lists (including real-time sharing with other users if you choose to enable this feature).

4. Sharing and transfer of data

Safimeal formally undertakes not to sell, rent or otherwise commercialise your personal data to third parties. To ensure the operation, availability and security of the service, your data may be shared with our technical sub-processors:

• Hosting and cloud infrastructure: the data is hosted and processed on secure servers managed by leading international professional cloud service providers (in particular located within the European Union).
• International transfers: transfers of data outside Moroccan territory are strictly framed by confidentiality and security agreements with our sub-processors, and are subject to the necessary legal authorisation requests filed with the CNDP, in accordance with applicable legislation.

To ensure the secure operation of the application, your data is hosted on European servers by sub-processors subject to strict data-protection regulations (GDPR).

5. Retention period

Your data is kept for the duration strictly necessary to fulfil the purposes mentioned above:

• Account and usage data: kept for the entire period your account remains active. If you request deletion or if extended inactivity is observed, it is erased or anonymised within the applicable legal timeframes.
• Sensitive health data (allergies): permanently deleted from our production databases immediately, or within a maximum of 30 days after your account is closed or your consent is withdrawn.

6. Data security

Safimeal implements appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, loss or destruction:

• Encryption: data is systematically encrypted during transmission (in transit) and at rest, in line with recognised industry standards.
• Access control: access to our servers and data infrastructure is strictly limited to authorised technical staff, bound by confidentiality obligations and using strong authentication methods.

7. Exercising your rights

In accordance with Moroccan Law No. 09-08, you have fundamental rights regarding your personal data:

• Right of access and portability: obtain confirmation that your data is being processed and a readable copy of it.
• Right of rectification: request the update or correction of inaccurate or incomplete data.
• Right of erasure: request the complete deletion of your personal information.
• Right to object and to withdraw consent: object to a specific processing operation or withdraw at any time your consent regarding the processing of your sensitive data.

To exercise these rights, you may submit your request through one of the following channels:

• Directly in the application: via the menu Settings > Account / Privacy.

• By e-mail: at contact@safimeal.com.

Sign-in via Google, Apple and Facebook

When you choose to sign in to Safimeal through Google, Apple, or Facebook, we receive from each provider only the information strictly required to create and secure your account:

• Google: your email address, full name, and public profile picture. Used to create your Safimeal account and pre-fill your profile.
• Sign in with Apple: your Apple ID, your email address (real or via Apple’s "Hide My Email" relay service), and your name — the latter being shared with us only on your first sign-in, per Apple’s rules. We store this information to personalize your experience.
• Facebook Login: your Facebook ID, your verified email address, and your public profile fields (name, picture). We will never post to your Facebook account; Safimeal does not access your friends, posts, or timeline.

You can revoke these permissions at any time from your Google, Apple ID, or Facebook account settings. Deleting your Safimeal account (see Account deletion below) does not affect your accounts with these third-party providers.

Account and data deletion

You can delete your Safimeal account and all your personal data at any time. Three options are available:

• From within the app — Go to Settings → Privacy & Data → Delete my account. The action is immediate; your profile, scan history, shopping lists, dietary preferences, and settings are erased.
• By uninstalling the app — Removing Safimeal from your device stops all future data collection but does not delete information already stored on our servers. To erase that data, use one of the other two methods.
• By email — Send your request to contact@safimeal.com from the address associated with your account. We process manual requests within 30 days at most.

Some data may be retained beyond account deletion when required by law (transaction logs, accounting records, etc.) for the applicable legal retention period.