Privacy policy
This policy informs you, pursuant to Art. 13, 14 GDPR, which personal data we process when you visit poisonzero.com, for what purposes, on what legal basis, and which rights you have.
1. Controller
The controller within the meaning of the GDPR and of Moroccan Data Protection Act No. 09-08 is:
Jon Smallhill, smallhill ventures – c/o OctiCode SARL
78 BD La Résistance Résidence El Marzouki
20250 Casablanca, Morocco
Email: poisonzero@smallhill.ventures
You can find the full provider identification in the legal notice.
2. Applicable legal bases
- Consent (Art. 6(1)(a), Art. 7 GDPR).
- Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR).
- Legitimate interests (Art. 6(1)(f) GDPR).
- § 25 TDDDG – storing or reading information on terminal equipment only with consent, unless strictly necessary to provide the explicitly requested service.
3. Security measures
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. These include, in particular, full encryption of the data traffic between your browser and our servers via HTTPS/TLS, data minimization by avoiding any collection that isn't strictly necessary, and regular security updates of the server software in use.
4. International data transfers
Any transfer of data to third countries (outside the EU/EEA) takes place only where the requirements of Art. 44 et seq. GDPR are met. Transfers to providers based in the USA (e.g. Google LLC) are based primarily on the EU-US Data Privacy Framework (European Commission adequacy decision of 10 July 2023); where a provider is not certified there, standard contractual clauses pursuant to Art. 46(2)(c) GDPR are used.
5. Storage and deletion
We delete personal data in accordance with the statutory provisions as soon as the underlying consents are withdrawn or no further legal bases exist. Exceptions apply where statutory retention obligations require longer storage.
6. Rights of data subjects
Under Art. 15 to 21 GDPR you have, in particular, the following rights; equivalent rights are granted to you — where applicable — by Moroccan Data Protection Act No. 09-08:
- Right to object (Art. 21 GDPR).
- Right to withdraw consent (Art. 7(3) GDPR).
- Right of access (Art. 15 GDPR).
- Rectification (Art. 16 GDPR).
- Erasure and restriction of processing (Art. 17, 18 GDPR).
- Data portability (Art. 20 GDPR).
- Complaint to a supervisory authority (Art. 77 GDPR).
7. Provision of the online offering and web hosting
We process users' data in order to make our online offering available to them. For this we process the IP address, which is necessary to deliver the content to the browser.
- Types of data processed: usage data (pages accessed, time of access); meta/communication data (IP address, user agent, referrer, HTTP status code).
- Purposes: provision of the offering, security, server-side logging for error diagnosis and abuse prevention.
- Retention: server logs are deleted or anonymized after a maximum of 30 days.
- Legal basis: legitimate interests in stable and secure operation (Art. 6(1)(f) GDPR).
- Provider: Firebase App Hosting by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), parent company Google LLC, USA. Data processing agreement pursuant to Art. 28 GDPR concluded.
8. Cookies and local storage
We use cookies and comparable technologies (e.g. localStorage) only on the basis of consent pursuant to § 25 TDDDG or Art. 6(1)(a) GDPR, unless they are strictly necessary to provide the explicitly requested services. On your first visit you will see a consent banner for this purpose.
- Strictly necessary (always active): storing your cookie choice (key
pz_consent_v1in localStorage) so the banner does not reappear on every visit. The optional service worker (PWA) additionally stores static content (HTML, CSS, images) in your browser cache to enable offline access — without transmitting any personal data. Legal basis: § 25(2)(2) TDDDG. - Statistics (Google Analytics 4): set only if you explicitly consent. See the next section for details.
You can change or withdraw your consent at any time via the “Cookie settings” link in the footer.
9. Web analytics — Google Analytics 4
For anonymous reach measurement we use Google Analytics 4. GA4 is loaded only after your explicit consent; before that, no analytics cookies are set and no data is transmitted to Google (Consent Mode v2, default denied).
- Data processed: usage data (pages visited, time spent), meta/communication data (truncated IP address, device/browser info), pseudonymous online identifiers (cookie IDs).
- Purposes: reach measurement, improvement of our offering.
- Legal basis: consent (Art. 6(1)(a) GDPR, § 25(1) TDDDG).
- Configuration: IP anonymization active.
- Recipient: Google Ireland Limited or Google LLC (USA); data processing agreement pursuant to Art. 28 GDPR. International transfers: see above.
- Withdrawal: at any time via “Cookie settings” in the footer.
10. Fonts (Google Fonts)
We load fonts (including Inter, IBM Plex Mono, Archivo Black) via the Google Fonts CDN (fonts.googleapis.com / fonts.gstatic.com). Provider: Google Ireland Limited / Google LLC. Data processed: IP address, user agent, referrer. Legal basis: legitimate interests in an appealing presentation (Art. 6(1)(f) GDPR). Privacy policy: policies.google.com/privacy.
11. The app (app.poisonzero.com)
The control panel at app.poisonzero.com is a separate service with its own authentication (Firebase Authentication). The respective notices in the panel apply to the processing there.
12. Changes and updates
We adapt this privacy policy as soon as changes to the data processing make it necessary. Where we provide addresses and contact information of third parties, please note that these may change over time.