Privacy Policy — Mizan Pre-accounting & Invoicing

1. Introduction

Mizan ("we", "our", or "us") operates the Mizan web application and website (collectively, the "Service"), a pre-accounting and invoicing platform for Moroccan businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using Mizan, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

Account & Company Information: When you create an account, we collect your name, email address, and password (stored securely as a hash). To produce invoices and accounting data, we also collect company details you provide, such as company name, legal form, address, and identifiers (ICE, IF, RC, CNSS). If you sign in with Google, we receive your name and email from Google.

Documents & Financial Data: When you upload an invoice, receipt, or bank statement, we process the file using optical character recognition (OCR) and AI to extract data such as supplier, amounts, VAT, dates, and accounting category. The original document is stored securely. We also store the invoices, quotes, clients, suppliers, and products you create.

Usage Data: We collect information about how you use the Service, including workspace activity, browser type, and device information.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Extract and classify data from your documents
Calculate and break down Moroccan VAT and produce reports
Reconcile bank statements with your invoices and receipts
Generate customer invoices, quotes, and accounting exports
Manage your account and workspace memberships
Process subscription payments through Stripe
Respond to your support requests
Detect and prevent fraud or abuse

4. Data Storage & Security

Your data is stored on secure servers with industry-standard encryption in transit (TLS) and at rest. Documents are stored with strict access controls. Passwords are hashed and are never stored in plain text.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

5. Third-Party Services

We use the following third-party services to operate Mizan:

Cloud hosting & storage providers — for secure application hosting and document storage
AI & OCR providers — to extract data from your documents
Stripe — for payment processing (we never store your card details)
Email providers — for transactional emails such as verification, invitations, and notifications

Each third-party service has its own privacy policy governing the use of your information. We encourage you to review their policies.

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your data only in the following cases:

Workspace members: If you share a workspace, other members with appropriate roles — including an accountant you invite — may see the documents and data within that workspace.
Service providers: With the third-party services listed above, strictly to provide the Service.
Legal requirements: If required by law, regulation, or legal process.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and documents within 30 days, except where we are legally required to retain certain records (for example, tax and accounting retention obligations).

8. Your Rights

Subject to applicable law, including Morocco's Law 09-08 on the protection of personal data, you may have the right to:

Access, correct, or delete your personal data
Export your data in a portable format
Withdraw consent for data processing
Object to the processing of your personal data
Lodge a complaint with the competent data protection authority (CNDP in Morocco)

To exercise any of these rights, contact us at [email protected].

9. Children's Privacy

Mizan is intended for businesses and is not directed at children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: [email protected]