Last Updated: April 16, 2026

This Privacy Policy describes how BAYE Conception, the publisher of the Zaame application, collects, uses, and protects users' personal information.
Publisher Contact Information:

BAYE Conception
47 Bd Mohammed Ben Abdellah, Résidence Belle Vue, 6th Floor, No. 1 – Casablanca, Morocco
Email: [email protected]

1. Collection of Personal Data

We collect the following information when you use the Zaame application or website:

• Identification information: (First name, last name, email address, phone number, etc.)
• Connection and usage information: (IP address, device type, pages viewed, etc.)
• School management information: (Student lists, teachers, grades, attendance, etc.)
• Any other information you choose to provide via our forms.
  Payment data: chosen payment method (card, Mobile Money, etc.), transaction session ID, amount, status, and payment date. Credit card numbers and Mobile Money identifiers are never stored by Zaame.
• Mobile phone numbers: collected for Mobile Money payments (PawaPay, CinetPay, Pesapal) to initiate transactions.
• Files and documents: files uploaded by users (profile photos, course materials, assignments, chat attachments).
• Messages and conversations: content of messages exchanged through the internal messaging system and session chat.
• User preferences: display theme (dark/light), language, configuration settings.
• Attendance data: student attendance statuses (present, absent, late, excused) for class sessions.

2. Use of Data

Your personal data is used to:

• Provide and manage our educational services.
• Personalize the user experience.
• Ensure security and prevent fraud.
• Communicate with you regarding service-related matters.
• Respond to your requests and provide technical assistance.
• Comply with our legal obligations.
  Process school payments through third-party payment providers configured by the institution
• Facilitate communication between users (messaging, session chat)
• Generate documents (PDF report cards, Excel exports, QR codes)
• Send service-related notifications and alerts (payment reminders, grade updates, payment confirmations)
• Manage two-factor authentication (2FA) via email

3. Visibility and Data Access by BAYE Conception

BAYE Conception, as the publisher and technical host of the ZAAME platform, has technical access to all hosted data for maintenance, debugging, and support purposes. However, BAYE Conception contractually commits not to view, exploit, or disclose the internal data of institutions (accounting, grades, results, message content) except in the following cases:

• Technical support explicitly requested by the institution
• Corrective maintenance requiring data access
• Legal or judicial obligation

All access is logged and limited to what is strictly necessary.

Regarding Google Services

ZAAME integrates certain Google services, such as:

• Google Meet: To allow teachers to organize virtual classes.
• Google Sign-In (OAuth): To offer users the option to log in easily using their Gmail account.

Information obtained through these services (such as name, email address, or Google ID) is used solely to:

• Authenticate the user.
• Facilitate the creation of Google Meet meetings directly from ZAAME.

No Google data (messages, files, contacts, etc.) is stored, shared, or exploited by BAYE Conception. Access is strictly limited to the data necessary for the operation of the integrated features and is subject to the explicit consent of the user.

Security and Compliance

BAYE Conception applies advanced security measures to ensure the confidentiality and protection of all data hosted on ZAAME, in accordance with the General Data Protection Regulation (GDPR) and Google's privacy policies.

4. Data Retention Period

Data is retained for as long as necessary to provide the service, and then archived or deleted in accordance with legal requirements.

5. Data Sharing

We do not sell or rent your personal data. We may share your information only with:

• Our technical and hosting providers (o2switch or other trusted partners).
• Legal authorities if required by law.
• Educational institutions registered on Zaame (only within the scope of intended use).
  
  We do not sell or rent your personal data. We may share your information only with:
   
• Our hosting providers: o2switch (or other trusted partners) for server hosting
• Third-party payment providers, solely for the purpose of processing transactions:
  • Stripe (Europe, North America, Australia) — stripe.com/privacy
  • CinetPay (Francophone West Africa) — cinetpay.com
  • PawaPay (Sub-Saharan Africa) — pawapay.io
  • Paystack (Nigeria, Ghana) — paystack.com
  • Fawry (Egypt) — fawry.com
  • PayMob (Egypt) — paymob.com
  • Flutterwave (Africa) — flutterwave.com
  • Pesapal (Kenya, East Africa) — pesapal.com
  • PayFast (South Africa) — payfast.co.za
• Google: for OAuth authentication and Google Meet/Calendar integration
• Legal authorities if required by law
• Registered educational institutions: only within the scope of intended use
• Each payment provider is subject to its own privacy terms. Only the data strictly necessary for processing the transaction is transmitted (amount, currency, transaction ID, payer's email and/or phone number).

6. Security

We implement technical and organizational measures to protect your data against unauthorized access, loss, modification, or disclosure.

Payment data (card numbers, Mobile Money identifiers) never passes through Zaame's servers and is processed directly by PCI-DSS certified providers.

• Passwords are stored in hashed form (irreversible algorithm).
• Two-factor authentication (2FA) via email is available to strengthen account security.
• Communications between the browser and our servers are encrypted via HTTPS/TLS.
• Uploaded files are stored on secure servers with access control per institution.
  
  Payment Data
   

• 6 bis.1 For online payments (Zaame subscriptions and school payments), sensitive banking data (card numbers, CVV codes, Mobile Money identifiers) is collected and processed exclusively by certified payment providers, and is never stored on Zaame's servers.

  6 bis.2 Zaame only retains the following transaction metadata:

  • Payment session ID
  • Amount and currency
  • Transaction status (pending, paid, failed, refunded)
  • Payment date and time
  • Payment method used (card, Mobile Money, etc.)

  6 bis.3 This metadata is retained for a period consistent with applicable accounting and tax obligations (minimum 10 years for accounting documents in Morocco).

  6 bis.4 In the event of a refund, the request is processed through the original payment provider. Zaame does not perform any direct fund transfers.

7. User Rights

In accordance with the GDPR and applicable laws, you have the following rights:

• Access to your data.
• Rectification of your data.
• Deletion of your data.
• Limitation or opposition to processing.

• Portability of your data.

  To exercise these rights, please contact us at: [email protected].
  
  Data Deletion and Portability
   

• a) Account deletion: Any user may request the deletion of their account and personal data by contacting [email protected]. Deletion is carried out within 30 days.

  b) Deletion by the institution: The institution may delete the data of its students, teachers, and parents directly from the admin interface.

  c) Subscription expiry: If a subscription is not renewed, the institution's data is retained for 6 months after expiration, then permanently deleted. The institution may request a data export before this deadline.

  d) Messages and files: Session chat messages may be deleted by their author within 5 minutes of sending. After that, they remain accessible to the session participants.

8. Cookies and Similar Technologies

We use cookies to improve the user experience and analyze traffic. You can manage your preferences through your browser settings.

Zaame uses the following technologies:

• Session cookies: required for application functionality (authentication, user session)
• LocalStorage: storage of display preferences (dark/light theme, orientation guide state, language)
• Service Worker: for offline functionality (PWA) and notifications

Zaame does not use any advertising tracking cookies or third-party analytics tools (no Google Analytics, Facebook Pixel, etc.).

9. Transfers Outside the European Union

In the event that data is transferred outside the EU, we ensure that appropriate safeguards are put in place in accordance with current legislation.

Some data may be transferred outside the European Union in the following cases:

• Payments via Stripe: data processed in the United States (Stripe is certified under the EU-US Data Privacy Framework)
• Payments via African providers (CinetPay, PawaPay, Paystack, Fawry, PayMob, Flutterwave, Pesapal, PayFast): data processed in the respective provider countries
• Google services (OAuth, Meet, Calendar): data processed in the United States (Google is certified under the EU-US Data Privacy Framework)
• Hosting: servers located in France (o2switch)

For transfers to countries that do not have an adequate level of protection recognized by the EU, we ensure that Standard Contractual Clauses (SCCs) or equivalent mechanisms are in place.

10. Changes to the Policy

We may update this Policy at any time. Changes will be published on our site and in the application with a revised update date.

11. Contact

For any questions regarding this Privacy Policy or your personal data, you can write to us at:

📧 [email protected]