Privacy Policy

Who we are

FairSouk is operated by Jakub Stejskal, a self-employed individual (OSVC) registered in the Czech Republic. We build a mobile guide that helps tourists shop fairly in Moroccan bazaars by providing quality education and ethical price transparency.

Contact: hello@fairsouk.app

Our approach to privacy

We believe in collecting only what we need and being transparent about it. We do not run ads, do not sell data, and do not use tracking cookies. You can use most of FairSouk without giving us any personal information at all.

What data we collect

When you unlock city content (payment)

• Email address — collected by Stripe during checkout so we can send you a purchase confirmation and provide support if needed.
• Payment information — handled entirely by Stripe. We never see or store your card number. Stripe processes payments in EUR.
• Unlock token — a random identifier stored in your browser to remember that you have paid. It contains no personal information.

When you scan a riad QR code

• Referral code — we record which riad referred you so the riad partner receives their referral credit. No personal data is attached to the scan.

When you submit a "What I Paid" entry

• Purchase details — craft category, item type, price paid, and optional notes. This data is anonymous and not linked to your identity.

When you use the app

• Offline storage — after unlocking, the app caches craft content in your browser's IndexedDB and Service Worker cache so it works without internet in the medina. This data stays on your device and is never sent to us.
• No cookies for tracking — we use a session cookie only for riad partner login. Tourist-facing features use no cookies at all.

When you send us feedback

• Feedback content — the message you submit and optionally your email if you provide it. Used only to improve FairSouk.

Analytics

We use Plausible Analytics, a privacy-first analytics tool hosted in the EU. Plausible does not use cookies, does not collect personal data, and does not track you across websites. It tells us things like how many people visited our site and which pages are popular — nothing more.

How we use your data

• To process your payment and deliver the content you unlocked
• To send a purchase confirmation to your email
• To credit riad partners for referrals
• To improve FairSouk based on anonymous usage patterns and feedback

We do not:

• Sell or share your data with third parties for advertising
• Send marketing emails (unless you explicitly opt in)
• Use your data for profiling or automated decision-making
• Track you across other websites

Third-party services

Data retention

• Email addresses — kept as long as needed for purchase support, then deleted. We do not maintain a mailing list unless you opt in.
• Unlock tokens — stored indefinitely so your purchase remains valid.
• Anonymous purchase logs — kept indefinitely to build the crowdsourced price database.
• Referral data — kept for the duration of the riad partnership.

Your rights (GDPR)

As we operate from the Czech Republic and serve visitors in the EU, the General Data Protection Regulation (GDPR) applies. You have the right to:

• Access — request a copy of any personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — ask us to delete your data ("right to be forgotten")
• Data portability — receive your data in a machine-readable format
• Object — object to processing of your data
• Withdraw consent — at any time, where processing is based on consent

To exercise any of these rights, email us at hello@fairsouk.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Czech Office for Personal Data Protection (UOOU) or any EU supervisory authority.

Legal basis for processing

• Contract performance — processing your payment and delivering the content you purchased (Article 6(1)(b) GDPR)
• Legitimate interest — anonymous analytics to improve the service, fraud prevention (Article 6(1)(f) GDPR)
• Consent — optional feedback submissions, optional email for support (Article 6(1)(a) GDPR)

Security

We use HTTPS for all connections, store data on servers in the EU (Frankfurt, Germany), and follow standard security practices. Payment processing is handled by Stripe, which is PCI DSS Level 1 certified.

Children

FairSouk is not directed at children under 16 and we do not knowingly collect data from them.

Changes to this policy

We may update this policy from time to time. Significant changes will be noted with an updated date at the top of this page. We encourage you to review this page periodically.