Privacy Policy

Last updated : 14/06/2026

Document being finalized: sections marked [TO BE COMPLETED] will be filled in with the company's final legal information before official publication.

1. Data controller

Personal data collected on figway.org is processed by FigWay [TO BE COMPLETED: legal company name, legal form, registered office, company registration number, ICE].

2. Data collected

• Account data: name, email, password (hashed), nationality, target country, role. • Case data: installation status, family situation, target city, monthly budget, expected arrival date, checklist progress. • Uploaded documents (passport, national ID, proof of address, etc.), stored securely on our self-hosted infrastructure, with access restricted to the FigWay team. • Messages exchanged with the Care Manager via the built-in messaging. • Content posted on the community forum (threads, replies). • Technical data: connection logs, IP address, session cookies.

3. Purposes of processing

• Managing the account, subscription and orders. • Providing installation-assistance services (checklist, documents, partner referrals). • Care Manager messaging and operation of the community forum (including moderation). • Service improvement and aggregated usage statistics. • Compliance with legal, accounting and tax obligations.

4. Legal basis

Processing is based on: performance of the contract (Terms of Sale/Use) for service delivery; FigWay's legitimate interest in platform security and forum moderation; user consent for non-essential cookies; and compliance with legal obligations (accounting, tax).

5. Recipients and sub-processors

• Paddle.com: payment processing and invoicing. • Resend: transactional emails (account verification, password reset, notifications). • Google: authentication via "Sign in with Google", if the user chooses this login method. • The Dalil AI assistant (Mistral model via Ollama) runs locally on FigWay's infrastructure: no conversation data is sent to a third-party AI provider. FigWay does not sell or rent users' personal data to third parties for commercial purposes.

6. Retention period

Account and case data are kept for the duration of the contractual relationship, then archived in accordance with applicable legal obligations. Infrastructure backups are kept on a rolling 30-day basis. [TO BE COMPLETED: precise retention periods after account closure, particularly for documents and messages.]

7. CNDP declaration

This personal data processing has been declared to Morocco's National Commission for the Control of the Protection of Personal Data (CNDP), in accordance with law n°09-08, under registration number [TO BE COMPLETED].

8. User rights

In accordance with law n°09-08, you have a right of access, rectification, update, objection on legitimate grounds, and deletion of your personal data. You can exercise these rights by writing to contact@figway.org, stating your identity. [TO BE COMPLETED: data protection officer / postal address, if applicable.]

9. Security

FigWay implements technical measures to protect your data: hashed passwords (bcrypt), encrypted connections (HTTPS), document storage on dedicated infrastructure, and encrypted nightly backups retained for 30 days.

10. Cookies

FigWay uses session cookies strictly necessary for authentication and platform operation. [TO BE COMPLETED: list of any analytics or third-party cookies used, and consent mechanism.]