Skip to main content
LeCRM.ma
Start
Back home

Data Processing Agreement (DPA)

⚠️ DRAFT — Agreement governing processing of your clients' data by LeCRM, in accordance with Moroccan Law 09-08.

Last updated : June 13, 2026 · Version 1.0

[⚠️ DRAFT — This document is under legal review. All specific details marked [to be completed] must be confirmed before publication.]

1. Parties

Data Controller: You, the Customer subscribing to lecrm.ma (identified in your subscription).

Data Processor: Maroc SAAS SARL AU, publisher of lecrm.ma — contact@lecrm.ma, Laayoune, Morocco.

This DPA governs the processing carried out by the Processor on behalf of the Controller in the context of the lecrm.ma CRM service subscription.

2. Nature and purpose of processing

The Processor processes personal data solely to provide the CRM service (storage, display, and management of your commercial contacts and client data within lecrm.ma). No processing for the Processor's own purposes is carried out.

3. Data processed

The categories of personal data processed on behalf of the Controller include, depending on usage:

  • Client and prospect identification data (names, company names, email addresses, phone numbers)
  • Commercial relationship data (interactions, notes, quotes, invoices entered into the CRM)
  • Any other data the Controller chooses to enter into the platform

The Controller is solely responsible for the lawfulness of the data entered and for informing data subjects.

4. Sub-processors

The Processor uses the following sub-processors, subject to equivalent contractual obligations:

  • DigitalOcean, LLC — infrastructure hosting (servers, databases, backups) — data center: New York (NYC1), United States.
  • [⚠️ DRAFT — transactional email provider to be confirmed]

The Controller is notified of any change in sub-processor with reasonable notice.

5. Your rights as controller

As Data Controller, you may at any time:

  • Request confirmation of the processing operations carried out on your behalf
  • Request the deletion or export of your data (data portability)
  • Audit or request an audit report of the security measures in place

Requests should be addressed to contact@lecrm.ma.

6. Security measures

The Processor implements reasonable technical and organizational security measures, including:

  • Encrypted communications (TLS/HTTPS)
  • Daily database backups
  • Restricted access to production infrastructure
  • [⚠️ DRAFT — additional measures to be documented]

7. Data retention

Data is retained for the duration of the subscription. Upon termination or non-renewal, data is retained for a maximum of 30 days before deletion, unless the Controller requests earlier deletion or export.

8. Contact for DPA requests

DPA requests: contact@lecrm.ma

Maroc SAAS — Medinate Al Wahda, Bloc H No. 39, Laayoune, Morocco