Privacy Policy

This policy explains what personal data Dyafna (“Dyafna”, “we”, “us”) collects when you use our website, guest storefronts and apps (the “Platform”), how we use and protect it, and the rights you have. Dyafna is the controller of the data processed to run the Platform. The establishment you book with (your “Host”) is a separate, independent controller for its own relationship with you — including the guest registration the law requires it to keep.

1. The data we collect

Information you give us:

• Account & profile — your name, email, phone number, country or nationality, and preferred language.
• Bookings & orders — the items you book, dates, guest counts, and any notes or requests you add.
• Check-in — the guest details required for registration and, where local law requires it, a photo of an identity document and your signature.
• Messages & reviews — what you send to Hosts through the Dyafna inbox and any reviews you leave.

Information created when you use Dyafna: order and payment records (status, amount and a payment reference — not your card number), your sign-in activity, and technical data such as your IP address, device and the pages you view, collected through essential cookies.

Information from others: your Host (for bookings made with them), our payment provider (confirmation that a payment succeeded), and, if you arrived through a referral or affiliate link, that referral source.

2. How we use your data

• to provide the Platform and process your bookings and payments;
• to support the guest registration and tourist-tax steps the law requires for your stay;
• to send you the messages you need — sign-in codes, booking confirmations, receipts and service updates — and, only if you opt in, other updates;
• to keep accounts secure and to prevent fraud and abuse;
• to support you, improve the Platform, and meet our legal, tax and accounting obligations.

3. Legal bases (guests in the EU/EEA and UK)

If data-protection law applies to you, we rely on:

• Performance of a contract — to take and fulfil your bookings and run your account;
• Legal obligation — for guest registration, tax and accounting records;
• Legitimate interests — to keep the Platform secure, prevent fraud and improve our service, balanced against your rights;
• Consent — for optional marketing and any non-essential cookies, which you can withdraw at any time.

4. Payments

We do not collect or store your full card details. Payments are processed by PayPal, which acts as an independent controller of the information you provide to it; its handling of that data is governed by PayPal’s privacy statement. We keep only what we need to manage your order and any refund — a payment reference, the amount and the status.

5. Identity documents and check-in data

Where a photo of an identity document is collected, it is only because local law requires your Host to register the guests who stay with them. We treat these documents with particular care: access is restricted, they are never included in any PDF or confirmation, they are not shared beyond what the law requires, and they are automatically deleted after 30 days. You can ask us to delete a document sooner.

6. Who we share data with

• Your Host — the establishment you book with, so it can prepare for and register your stay;
• Service providers acting on our instructions under contract — for example hosting, email delivery and fraud prevention;
• Our payment provider (PayPal) to take payment and process refunds;
• Authorities where the law requires it, or to protect the rights and safety of guests, Hosts or the public.

We do not sell your personal data, and we do not use third-party advertising trackers.

7. International transfers

Dyafna operates from Morocco. If you are in the EU/EEA or the UK, your data is transferred to and processed in Morocco. We rely on appropriate safeguards for these transfers — such as standard contractual clauses and the fact that processing is necessary to perform the booking you asked for.

8. How long we keep it

• Account data — while your account is active;
• Booking, payment and tax records — for as long as the law requires us to keep them (typically several years);
• Identity documents — 30 days, then automatic deletion;
• Messages — for the life of the conversation plus a reasonable period.

When we no longer need data, we delete it or anonymise it so it can no longer identify you.

9. Your rights

Subject to the law that applies to you, you can ask us to: access a copy of your data; correct it; delete it; restrict or object to how we use it; receive it in a portable format; and withdraw any consent you gave. To exercise any of these, email privacy@dyafna.ma. You also have the right to complain to a data-protection authority — in Morocco the CNDP, or, in the EU/EEA or UK, your local supervisory authority.

10. Cookies

We use cookies that are essential to make Dyafna work: keeping you signed in, protecting against fraud, and remembering your language, theme and any referral that brought you here. We don’t use advertising cookies. You can clear or block cookies in your browser, but essential cookies are needed to sign in and check out.

11. Security

We protect your data with measures including encryption in transit, restricted access, short-lived sign-in codes, and email sending locked to known servers. No system is ever perfectly secure, but we work to keep your data safe and to respond quickly if something goes wrong.

12. Children

Dyafna is not intended for people under 18. A parent or guardian should make any booking that includes a minor.

13. Changes to this policy

We may update this policy as Dyafna grows or the law changes. We’ll post the new version here with an updated date, and give reasonable notice of significant changes.

14. Contact us

Privacy questions and requests: privacy@dyafna.ma
General contact: salaam@dyafna.ma
Dyafna — Marrakech, Morocco.