Privacy Policy

This Privacy Policy describes how Coastart SARL ("we", "us", "our"), the operator of Mosafir (mosafir.ma), collects, uses, stores, and shares your personal data when you use our website or mobile applications. We are committed to protecting your privacy in compliance with applicable data protection laws, including Morocco's Law No. 09-08 on personal data protection and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Data Controller

Coastart SARL
AV IBN ROCHD N 3 1ER ETAGE, TETOUAN, MOROCCO
Email:
legal@mosafir.ma

2. Information We Collect

We may collect the following categories of personal data:

• Account Data: Name, email address, and password when you register for an account.
• Usage Data: Pages visited, search queries, features used, session duration, IP address, browser type, operating system, and device identifiers.
• Location Data: Approximate location if you grant permission, used to suggest nearby cities, stations, and attractions.
• Communications: Messages you send us via email or contact forms.
• Analytics Data: Behavioral data collected via Google Analytics and Microsoft Clarity.
• Cookie Data: Data stored via cookies and similar tracking technologies (see our Cookie Policy).

3. How We Use Your Data

We use your personal data to:

• Provide and maintain the Service, including account management and personalized features.
• Improve and optimize the Service through analytics and user feedback.
• Respond to your inquiries and provide customer support.
• Send transactional communications (e.g., password reset emails).
• Ensure the security and integrity of the Service.
• Comply with legal obligations.

Our legal bases for processing include: contract performance (account services), legitimate interests (analytics and security), consent (marketing cookies, analytics), and legal obligation (compliance).

4. Data Sharing

We do not sell your personal data. We may share data with:

• Google LLC — for analytics purposes via Google Analytics. Data may be transferred to the United States under Google's standard contractual clauses.
• Microsoft Corporation — for session recording and analytics via Microsoft Clarity. Data may be transferred to the United States under Microsoft's data processing terms.
• Infrastructure providers — hosting and cloud services necessary to operate the platform, under data processing agreements.
• Legal authorities — when required by law, court order, or to protect our rights or the safety of users.

5. Google Analytics & Microsoft Clarity

We use the following third-party analytics services to understand how users interact with our platform:

Google Analytics (Google LLC)
We use Google Analytics to collect aggregated statistics about website and app traffic, including page views, session duration, device types, and geographic location. You can opt out by installing the Google Analytics Opt-out Browser Add-on or by adjusting your cookie preferences.
Google Privacy Policy  ·  Opt-out Add-on

Microsoft Clarity (Microsoft Corporation)
We use Microsoft Clarity to record anonymized user sessions (mouse movements, clicks, and scrolling behavior) and generate heatmaps. No session recordings contain passwords or payment information. You can opt out via your cookie preferences or by using Do Not Track signals.
Microsoft Privacy Statement

We have enabled IP anonymization on Google Analytics and configured Clarity to mask sensitive input fields. Both services are used solely for improving our Service and not for advertising profiling.

6. Data Retention

We retain your personal data for as long as necessary to provide the Service:

• Account data: Retained for the duration of your account, plus 12 months after deletion request.
• Analytics data: Google Analytics data is retained for 14 months. Clarity session data is retained for 13 months.
• Communications: Retained for 3 years for legal and compliance purposes.

7. Children's Privacy

The Service is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us and we will promptly delete such data.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw any consent you have given at any time without affecting prior processing.

To exercise any of these rights, contact us at legal@mosafir.ma. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These include encrypted HTTPS connections, hashed passwords, and access controls. However, no transmission over the internet is completely secure, and we cannot guarantee absolute security.

10. International Data Transfers

Your data may be transferred to and processed in countries outside Morocco, including the United States (by Google and Microsoft). We ensure such transfers occur under appropriate safeguards, such as the EU Standard Contractual Clauses or equivalent data transfer mechanisms.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after such changes constitutes acceptance.