Maali4G

Privacy Policy

Last updated: 2026-05-09

Maali4G respects your privacy. This policy explains what we collect, why, how we protect it, and your rights.

1. What we collect

Account data: the email address you sign in with, your name if you provide one, and the authentication provider you use (magic link or Google).

Order data: the products you purchase, the email address you provide at checkout, the payment currency you use, the order timestamp, and the redemption codes we deliver to you (encrypted at rest).

Payment metadata: transaction IDs from our payment processor (NowPayments). We do not see or store your wallet's private keys or your underlying bank or card details.

Technical data: your IP address (in our hosting provider's request logs, retained for short windows), browser user-agent, and pages you visit on our site (via our privacy-friendly analytics tool, which does not use cookies or fingerprinting).

We do not use advertising trackers, third-party advertising cookies, or social-media pixels.

2. Why we collect it

  • To deliver the codes you purchased.
  • To send transactional emails (order confirmation, payment confirmation, delivery, refund).
  • To provide customer support when you contact us.
  • To detect and prevent fraud or abuse of the service.
  • To meet our legal and tax obligations.

3. Where it lives

  • Account and order data live in our PostgreSQL database (hosted by Neon, in AWS Frankfurt).
  • Sensitive fields like redemption codes are encrypted at rest using authenticated symmetric encryption.
  • Cart state lives in Redis (Upstash, EU-West-1) and expires after 7 days of inactivity.
  • Backups are retained for 7 days.

4. Who we share it with

We share data only with the service providers that help us run Maali4G:

  • Vercel — hosts the website
  • Neon — runs the database
  • Upstash — runs the cart cache
  • Resend — sends our transactional email
  • NowPayments — processes cryptocurrency payments
  • Google — authenticates you if you choose Google sign-in
  • Sentry — captures errors so we can fix them (no order or sensitive content)
  • Umami — anonymously counts page views (no cookies, no identification)
  • The supplier whose product you purchased — we share the minimum data needed to fulfill your order

We do not sell your data. We do not share it with advertisers.

5. How long we keep it

  • Order records: 6 years (tax compliance)
  • Account data: until you delete your account, plus 30 days for backup expiry
  • Email logs: 90 days at our email provider
  • Server access logs: 14 days

6. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and personal data (orders are retained for tax reasons, but stripped of identifying detail).
  • Export your data in a portable format.
  • Object to processing or restrict it.
  • Withdraw consent for any processing that relies on consent.

To exercise any of these rights, email contact@maali4g.com from the address on file. We respond within 30 days.

If you are in the European Union, you can lodge a complaint with your national data protection authority. If you are in Morocco, you can contact the CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel).

7. Children

Maali4G is not directed to children under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, email us and we will delete it.

8. Cookies

We do not use tracking cookies. We use:

  • A session cookie to keep you signed in (essential, set when you authenticate)
  • A cart cookie to remember your shopping cart between visits (essential, expires after 7 days)
  • A language preference to remember your selected locale

We use Umami Cloud for analytics, which is cookieless and GDPR-compliant — no consent banner is legally required for analytics under most interpretations, but we show one anyway because we believe in clear communication.

9. International transfers

Some of our service providers process data outside Morocco and outside the EU. Where transfers occur, we rely on the providers' Standard Contractual Clauses or equivalent legal mechanisms.

10. Changes to this policy

We may update this policy. Material changes are notified by email at least 14 days in advance. The "Last updated" date at the top reflects the current version.

11. Contact

contact@maali4g.com

This policy is written for clarity. It is informed by GDPR (EU), Morocco's Loi 09-08, and the UK Data Protection Act, but is not a substitute for legal advice. Where local law gives you stronger rights, those rights apply.