GDPR Compliance

The GDPR applies to all users located in the European Economic Area (EEA), including EU member states and EEA countries (Iceland, Liechtenstein, Norway). It establishes rights for individuals and obligations for organisations that process personal data. Even though Diouane Apps is based in Morocco, we are subject to GDPR when we process data of EEA residents.

For GDPR purposes, the data controller is:

Diouane Apps
Independent Android Developer
Morocco
Email: legal@diouane.com

We do not currently have a designated EU representative, but all GDPR-related requests sent to the above address will receive priority handling.

We process personal data in accordance with the following GDPR principles:

• Lawfulness, Fairness and Transparency — We process data on a valid legal basis and are transparent about our practices
• Purpose Limitation — Data is collected for specified, explicit, and legitimate purposes and not further processed incompatibly
• Data Minimisation — We collect only the data that is necessary for the purposes described
• Accuracy — We take reasonable steps to keep data accurate and up to date
• Storage Limitation — Data is held no longer than necessary for its purpose
• Integrity and Confidentiality — We implement appropriate security measures
• Accountability — We can demonstrate compliance with these principles

We rely on the following legal bases under GDPR Article 6:

• Art. 6(1)(a) — Consent: For personalised advertising, analytics, and non-essential cookies. You may withdraw consent at any time.
• Art. 6(1)(b) — Contract: Where processing is necessary to provide services you have requested (e.g., app functionality requiring server-side storage).
• Art. 6(1)(c) — Legal Obligation: Where we are required to process data to comply with applicable law (e.g., tax records).
• Art. 6(1)(f) — Legitimate Interests: For crash reporting, fraud prevention, security monitoring, and basic analytics, balanced against your rights and interests.

As a data subject under GDPR, you have the following rights:

5.1 Right of Access (Art. 15)

You have the right to obtain confirmation of whether we process your personal data, and to receive a copy of that data along with information about how it is processed.

5.2 Right to Rectification (Art. 16)

You have the right to request correction of inaccurate personal data we hold about you, and to have incomplete data completed.

5.3 Right to Erasure / Right to Be Forgotten (Art. 17)

You have the right to request deletion of your personal data where: the data is no longer necessary for the original purpose; you withdraw consent and there is no other legal basis; you object to processing and there are no overriding legitimate grounds; the data was unlawfully processed; or erasure is required by law. See our Account Deletion page for the request process.

5.4 Right to Restriction of Processing (Art. 18)

You may request that we restrict processing of your data in certain circumstances, such as while the accuracy of data is being verified or while your objection is being assessed.

5.5 Right to Data Portability (Art. 20)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV), and to transmit it to another controller.

5.6 Right to Object (Art. 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to legitimate-interest processing, we will cease unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

5.7 Rights in Relation to Automated Decision-Making (Art. 22)

We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects. Ad targeting by our partners may involve automated profiling; you may object to this as described in our Advertising Policy.

5.8 Right to Withdraw Consent (Art. 7(3))

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Withdrawal can be done via app settings, by resetting your Android Advertising ID, or by contacting us.

To exercise any of the rights above, submit a written request to legal@diouane.com with:

• Subject line: “GDPR Data Subject Request — [Right Type]”
• Your full name and email address
• The specific right you are exercising and a description of the request
• Proof of identity (copy of ID may be required to prevent unauthorised requests)

We will respond within 30 days. This may be extended to 90 days for complex or multiple requests; we will inform you of any extension.

We will not charge a fee for reasonable requests. We may decline manifestly unfounded, excessive, or repetitive requests.

Personal data may be transferred to and processed in countries outside the EEA, including the United States, by our third-party service providers (Google, Meta, AppLovin). These transfers are subject to appropriate safeguards, including Standard Contractual Clauses (SCCs) adopted by the European Commission under GDPR Article 46. You may request details of these safeguards by contacting legal@diouane.com.

Our apps use a Consent Management Platform (CMP) compliant with IAB Europe's Transparency and Consent Framework (TCF v2.2) to collect and manage your consent for personalised advertising in EEA jurisdictions. You may review and change your consent preferences at any time within the app's Settings menu.

If you believe we have not handled your personal data in compliance with GDPR, you have the right to lodge a complaint with a supervisory authority. You may contact:

• Your local data protection authority in the EEA member state where you reside or work
• The European Data Protection Board (EDPB): edpb.europa.eu

We encourage you to contact us first at legal@diouane.com so we can address your concerns directly.

For all GDPR-related enquiries:

• Legal / GDPR: legal@diouane.com
• Support: support@diouane.com