Privacy Policy

1. Introduction

This Privacy Policy (the “Policy”) explains how IVVER (“IVVER”, “we”, “us”) processes personal data when you use the IVVER mobile application and related services (the “Service”).

IVVER operates a marketplace connecting renters (“Renters”) and vehicle owners/providers (“Owners”). Depending on your role and the features you use, we may process different categories of data.

This Policy applies to processing carried out by IVVER as a data controller. Certain third-party service providers listed in Section 4 may process personal data on our behalf as processors.

By using the Service, you acknowledge this Policy. Where required by applicable law, we will request your consent (for example, before you upload identity documents).

2. Data Collected

2.1 Information You Provide

In the course of creating and using an account, you may provide us with identification and contact data (such as your full name and email address) and, where you elect to complete your profile, additional account data (such as a phone number and profile photo). Owners/Providers may also provide vehicle listing data, including the vehicle’s license plate, vehicle photos, and supporting legal documentation.

Where applicable, and subject to the consent mechanism presented in the application, we may collect identity verification documents (such as a national identity card or driver’s license). The purpose of such collection is to facilitate compliance, secure transactions, and establish the rental relationship. For professional Owners/Providers seeking “Pro Verification”, we may collect business information and supporting documents (including, where relevant, business address and corporate documentation) as well as identification of the legal representative/manager.

We may also collect optional bank details (IBAN) if you choose to provide them. These details are not required to use the Service and may be used for future features (for example, payout-related functionality).

2.2 Automatically Collected Information

When you use the Service, we may automatically collect certain technical and usage information, including your IP address, device type, operating system version, application diagnostics, and usage events. We also maintain a history of bookings and searches associated with your account.

Where you enable it, we may process precise location data (GPS) while the application is in use to facilitate location-based search and related functionality (including when an Owner adds a vehicle). You may disable location permissions at any time in your device settings; certain features may then be unavailable or limited.

2.3 Financial Data

We process payment information to secure transactions (deposits). Card payment processing is managed by a regulated third-party payment provider. We do not store full card details in clear text on our servers.

We may receive limited transaction metadata (e.g., amount, status, timestamps) for reconciliation, customer support, and compliance.

If you provide optional bank details (IBAN), they are stored separately and are not used for deposits (which are handled by the payment provider).

3. Data Usage

We process personal data for the following purposes:

• Service Provision: Account creation, booking management, connecting renter/owner.
• Security and Trust: Identity verification to prevent fraud and secure rentals.
• Payments: Managing security deposits and transactions via a third-party payment provider.
• Communication: Sending transactional notifications (confirmations, reminders) via OneSignal.
• Customer Support: Managing claims and assistance via support access (email/messaging).
• Improvement: Analyzing usage to improve our services.

Depending on the context and applicable law, the legal bases for processing may include: (i) performance of a contract (e.g., bookings), (ii) compliance with legal obligations, (iii) our legitimate interests (e.g., fraud prevention and service security), and (iv) your consent (e.g., document uploads) where required.

We do not sell personal data or use it for third-party advertising marketing purposes.

4. Data Sharing

We may disclose personal data to the extent necessary to operate the Service, comply with legal obligations, and protect the safety and integrity of the marketplace.

In particular, and as required for contract establishment and legal compliance, we may share limited identity information with the relevant Owner/Provider for a given booking and, where applicable, the renter’s identity documents strictly necessary for the rental relationship.

We also rely on third-party service providers acting on our behalf (as processors) to deliver core service functionalities, such as cloud hosting and authentication, payment processing, push notification delivery, and mapping services. The identity of these providers may evolve over time; we maintain appropriate contractual and technical safeguards and will provide additional information upon request.

We may further disclose data to competent authorities where required by law, or where necessary to protect our rights, users, and property (for example, in the context of theft, fraud, or disputes).

We limit sharing to what is necessary for the purposes described in this Policy and implement contractual and technical safeguards with our service providers.

5. Retention Period

• Account Data: Retained as long as your account is active. Upon account deletion, your personal data is immediately anonymized or deleted.
• Identity Documents: Retained for the duration of the rental and up to 30 days after the end of the rental to handle potential disputes (fines, damages).
• Professional Verification Documents (Owners/Providers): Retained while your Pro verification status is approved/active and as long as necessary for trust and fraud-prevention purposes. If your status is revoked or your account is deleted, we delete or anonymize this data unless a longer retention is required by law.
• Optional Bank Details (IBAN): If provided, retained only as long as necessary for the intended purpose or until you remove them, subject to legal obligations.
• Financial Data: Retained for 5 years in accordance with legal and tax obligations.

We may retain certain information for longer periods where necessary to comply with applicable law, resolve disputes, or enforce our agreements.

6. Data Security

We implement robust security measures to protect your data:

• Encryption: Sensitive data is encrypted at rest and in transit.
• Authentication: Use of secure authentication mechanisms and access controls to protect accounts and restrict access.
• Storage: Access tokens are stored securely on your device.

International data transfers (including to service providers located in the European Union) are covered by appropriate safeguards, including standard contractual clauses, where applicable.

7. Your Rights

In accordance with regulations (including Law 09-08 in Morocco and GDPR for European users), you have the following rights:

• Access and Rectification: You can view and modify your information directly in the application.
• Deletion: You can request the complete deletion of your account and data via the application settings, subject to legal and contractual obligations.
• Objection: You may contact support for any questions regarding the use of your data.

Where applicable, you may also have the right to restrict processing, request data portability, and withdraw consent without affecting the lawfulness of processing based on consent before withdrawal.

8. Contact

For any questions regarding this privacy policy or to exercise your rights, you can contact us:

• Email: support@ivver.ma
• Responsible: IVVER Team