JiMerhbaBack to Home

Privacy Policy

Last Updated: December 20, 2025

At JiMerhba, we recognize the importance of your privacy. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of your information when you use our platform. By accessing or using JiMerhba, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Personal Information

We collect information necessary to facilitate your wedding experiences, including:

  • Account & Identity: Name, email, phone number, nationality, and government-issued ID (passport/national ID) for verification.
  • Booking Details: Wedding selections, guest counts, and dietary preferences.
  • Financial Data: Payment processing is handled securely by Stripe; we do not store full credit card numbers.

1.2 Automatically Collected Information

We automatically collect technical data such as IP addresses, device types, and browsing behavior to improve platform security and performance.

2. How We Use Your Information

Your data is utilized to:

  • Facilitate bookings and process payments.
  • Verify user identity to ensure community safety.
  • Comply with legal obligations (including tax and regulatory requirements).
  • Detect and prevent fraud.

3. Legal Bases for Processing

Under the GDPR and applicable data protection laws, we process personal data based on:

  • Contractual necessity: To provide bookings and services.
  • Legal obligations: Tax, accounting, fraud prevention.
  • Legitimate interests: Platform improvement, security, communications.
  • Consent: Marketing communications and non-essential cookies.

⚖️ Moroccan Law No. 09-08: We process data with consent, notify the CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel) of processing activities, and appoint a data controller. Sensitive data (e.g., religious preferences) requires explicit opt-in.

4. Data Storage & Security

We employ enterprise-grade security measures, including:

  • Encryption: Data is encrypted in transit (HTTPS/TLS) and at rest where applicable.
  • Hosting: Infrastructure via Vercel; payments via Stripe.
  • Access Control: Strict internal access limitations to user data.
  • Breach Notification: We notify the CNDP and affected users within 72 hours of any data breach.

5. Third-Party Services

We may share necessary data with trusted third-party processors:

  • Stripe: For payment processing (Privacy Policy: stripe.com/privacy)
  • Resend: For transactional emails (Privacy Policy: resend.com/legal/privacy)
  • Vercel: For infrastructure hosting (Privacy Policy: vercel.com/legal/privacy-policy)

🔒 All third-party processors comply with GDPR and use Standard Contractual Clauses (SCCs) for international transfers.

6. Data Sharing & Disclosure

We do not sell your personal data. We share data only:

  • With Hosts (when a booking is confirmed).
  • With Service Providers under strict confidentiality agreements.
  • As required by law or valid legal process.

7. Your Rights

GDPR, UK GDPR, CCPA/CPRA, PIPEDA/Law 25, LGPD Compliance

Depending on your jurisdiction, you have the right to:

  • Access, rectify, or erase your personal data ("Right to be Forgotten").
  • Restrict or object to processing.
  • Receive a portable copy of your data.
  • Withdraw consent at any time.
  • California Residents (CCPA/CPRA): Rights to know, delete, correct inaccurate information, and opt-out of data sharing. You will not be discriminated against for exercising these rights.
  • Canadian Users (PIPEDA/Quebec Law 25): Rights of access, correction, and withdrawal of consent.
  • Moroccan Users (Law 09-08): Rights to rectification via CNDP.

To exercise these rights, please contact our Data Protection Officer at:

Data Protection Officer

Email: privacy@jimerhba.com

8. Cookies

We use essential and analytical cookies to:

  • Maintain session security.
  • Analyze platform performance.
  • Remember language preferences.

ℹ️ You may manage cookie preferences via your browser settings. For EU users, we provide a consent banner in compliance with the ePrivacy Directive.

9. Data Retention

We retain personal data only as long as necessary:

  • Booking and transaction records: up to 7 years (tax compliance).
  • Account information: for the duration of the account.
  • Marketing data: until consent is withdrawn.

📅 Upon account deletion, data is anonymized or deleted within 30 days, barring legal retention requirements.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. Where required, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, and other lawful transfer mechanisms to protect your data.

11. Children's Privacy

Our platform is intended for users 18 and older. We do not knowingly collect data from minors. If you believe we have collected data from a child, please contact us immediately, and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or via email.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

JiMerhba

Data Protection Officer

Email: privacy@jimerhba.com

Web: jimerhba.com