Privacy and Data Processing Agreement

1. Our Commitment to Your Privacy and Data Confidentiality

Ryad Fresh provides a sophisticated logistics and production monitoring platform (the “Service”). We understand that the data our clients enter into our platform—including farm operations, production figures, supply chain logistics, and customer information—is proprietary, sensitive, and mission-critical.

This document outlines our unwavering commitment to protecting the confidentiality, integrity, and security of your data. We function as a Data Processor on your behalf. You, our client, remain the Data Controller and sole owner of your data at all times.

2. Scope and Definitions

  • Service: Refers to the entire Ryad Fresh ecosystem, including the Ryad Fresh Web Dashboard (“Dashboard”) and the Ryad Track Mobile Application (“Driver App”).

  • Client Data: Refers to all electronic data or information submitted by you, the Client, to the Dashboard. This includes, but is not limited to, account information and all proprietary Business Operational Data.

  • Driver Data: Refers to the temporary location and shipment data processed by the Driver App during an active delivery.

3. Data We Process on Your Behalf

Our processing of data is limited strictly to what is necessary to provide and maintain the Service for you.

  • Client Data (Processed via the Dashboard):

    • Account Credentials: Information required for user authentication and account management, such as names, business email addresses, and securely hashed passwords.

    • Business Operational Data: Any data you create, upload, and manage within the platform. You are the sole controller of this data. Our platform is designed as a secure environment for you to manage your own information.

  • Driver Data (Processed via the Driver App):

    • Ephemeral Location Data: We process the real-time geographic location (GPS) of a driver’s device. This processing is temporary and consent-based, initiated only upon the driver scanning a shipment-specific QR code and lasting only for the duration of the active transit.

    • Anonymized Shipment Identifiers: We process non-personal Track IDs and Company Codes to associate the location data with the correct shipment on your Dashboard.

4. Data Security and Confidentiality: Our Core Pillars

We have implemented robust technical and organizational measures to safeguard your Client Data from unauthorized access, use, disclosure, or loss.

  • Strict Confidentiality: All Client Data is treated as strictly confidential information. Our internal policies prohibit our employees from accessing or viewing your Client Data, except where strictly necessary to provide technical support at your request or to perform essential system maintenance. All such access is logged and governed by stringent internal confidentiality agreements.

  • Logical Data Segregation: Our system architecture enforces strict logical data segregation (multi-tenancy). Your data is maintained in a dedicated, isolated environment and is never accessible by any other client.

  • Encryption:

    • Encryption in Transit: All data transmitted between your browser and our platform is encrypted using industry-standard Transport Layer Security (TLS 1.2 or higher).

    • Encryption at Rest: All of your Client Data is encrypted at rest on the server infrastructure using the AES-256 encryption standard, one of the strongest block ciphers available.

  • Infrastructure Security: Our Service is hosted on the Google Firebase platform, which provides a secure, reliable, and compliant infrastructure that is subject to regular third-party audits (e.g., SOC 2, ISO 27001).

5. Purpose of Data Processing

We process your Client Data for the sole purpose of providing the Ryad Fresh Service to you. We will never use, sell, rent, share, or analyze your proprietary Business Operational Data for advertising, marketing, or any other commercial purpose.

6. Data Sub-processors

To provide our Service, we engage a limited number of third-party service providers (sub-processors) for infrastructure and hosting. Our primary sub-processor is Google (for Firebase). We have diligent vetting processes and data processing agreements in place with all sub-processors to ensure they meet our stringent security and confidentiality standards.

7. Data Retention and Deletion

You, as the Data Controller, determine the retention period for your data. You can modify or delete your Business Operational Data at any time through the Dashboard. Upon termination of your service agreement, we will permanently delete all of your Client Data from our production systems in accordance with our data deletion timeline, which will be provided upon request.

8. Your Rights as the Data Controller

You retain full rights to access, modify, export, and delete your Client Data at all times through the administrative tools provided in the Service.

9. Policy Updates

We may update this policy to reflect changes in our practices or for legal and regulatory reasons. We will provide notice of any material changes through the Service or via email.

10. Contact and Inquiry

For any questions regarding this policy or our security practices, please contact our data privacy team at:

Email: info@ryadfresh.ma