01Who We Are
This Service is operated by Viralize SARLAU (Casablanca, Morocco), the data controller for personal data processed through Kickoffapi. Registered office: Angle Avenue Lalla Yacout et Rue El Aaraar, Résidence Galis, Imm 9, Etg 4, Apt 17, Casablanca, Morocco. Contact: [email protected].
02Information We Collect
Account data you provide: your email address and a hashed (never plaintext) password. Usage data: the volume and endpoints of your API requests, used to enforce limits and bill accurately. Payment data: handled directly by Stripe — we do not store full card numbers. Cookies: as described below.
03How We Use Your Information
To provide and secure the Service, authenticate you, enforce rate limits and billing, send essential account and service communications, improve performance and reliability, and comply with legal obligations.
04Legal Bases
We process personal data under Morocco's Law No. 09-08 on the protection of individuals with regard to the processing of personal data, and, for users in the EEA/UK, the GDPR. Our legal bases are: performance of our contract with you (providing the Service), our legitimate interests (security, fraud prevention, service improvement), consent (optional analytics cookies), and compliance with legal obligations.
05Cookies & Consent
We use strictly necessary cookies for authentication and security, and, only with your consent via our cookie banner, analytics cookies (Google Analytics). You can withdraw consent at any time by clearing cookies or via the banner; declining optional cookies does not affect core functionality.
06Service Providers (Subprocessors)
We share data only with trusted providers essential to running the Service, each under appropriate data protection terms:
- OVH — cloud hosting and infrastructure.
- Stripe — payment processing and billing.
- Resend — transactional email delivery.
- Cloudflare — CDN, DNS and security/DDoS protection.
- Google Analytics — usage analytics (only with consent).
- Sentry — error and performance monitoring.
We do not sell your personal data.
07International Transfers
Some providers may process data outside your country. Where required, such transfers are covered by appropriate safeguards (for example, the EU Standard Contractual Clauses).
08Data Retention
We retain personal data for as long as your account is active or as needed to provide the Service and meet legal, accounting or reporting obligations. You may request deletion at any time (see below).
09Your Rights
Under Law 09-08, the GDPR and (for California residents) the CCPA, you may have the right to access, correct, delete, port, restrict or object to the processing of your personal data, and to withdraw consent. To exercise these rights, email [email protected]; we will respond within 30 days. You may also lodge a complaint with the Moroccan CNDP or your local supervisory authority.
10Data Processing Agreement
Business customers who require a Data Processing Agreement (DPA) may request one at [email protected].
11Security
We use appropriate technical and organisational measures, including encryption in transit, hashed passwords, and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12Children
The Service is not directed to individuals under 18, and we do not knowingly collect their personal data.
13Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated by email or site notice.
14Contact
Privacy questions or requests: [email protected].