Privacy Policy

The data controller is MyManar, a SaaS management platform for rehabilitation professionals.

For any questions regarding the protection of your data, you may contact us at: [email protected]

Professional identity data: full name, email address, phone number, specialty, professional registration number.

Patient identity data: full name, date of birth, legal guardian information (for minor patients).

Health data: patient records (anamnesis), clinical assessments, session notes, treatment plans, therapeutic prescriptions.

Therapeutic game session data: scores, response times, interaction metrics (motor precision, attention continuity, movement efficiency), level progression.

Technical data: IP address, browser type, login data, audit logs.

Patient record management: creation, consultation and updating of clinical records by authorized specialists.

Therapeutic follow-up: therapeutic game prescriptions, session tracking, patient progress analysis.

Cognitive performance analysis: processing metrics from therapeutic games to assist specialists in their clinical evaluation.

Parent portal: enabling legal guardians to follow their child's therapeutic activities and access prescribed game sessions.

Administrative management: billing, appointment scheduling, practice or center management.

Service improvement: anonymized and aggregated analyses to improve the quality of therapeutic tools.

The processing of health data is based on the explicit consent of the patient or their legal guardian (Article 4 of law 09-08).

For minor patients, consent is obtained from the legal guardian before any data processing.

The processing of administrative data is based on the performance of the service contract between MyManar and the healthcare professional.

The treating specialist: access only to clinical data of their own patients.

The center administrator (if applicable): limited access to administrative data and team oversight.

The parent or legal guardian: access to the parent portal to view their child's data only.

Each practice or center's data is strictly isolated. No professional can access data from another practice or center (multi-tenant isolation).

MyManar never sells, rents or shares your data with third parties for commercial purposes.

MyManar provides enhanced protection for minor patients' data, in accordance with law 09-08.

No data from a minor is collected without the prior consent of their legal guardian.

Minors interact with the platform only through the parent portal, under the supervision of their legal guardian.

Minors' data benefits from an extended retention period in accordance with legal obligations for medical records.

MyManar's therapeutic games collect interaction metrics (response time, precision, movements, errors) exclusively for therapeutic purposes.

These metrics constitute health data as they may reveal cognitive or motor profile indicators. They receive the same level of protection as all other clinical data.

Game metrics are indicators intended for the treating specialist. They do not constitute automated medical diagnosis in any way.

The specialist remains the sole decision-maker for the clinical interpretation of game data.

Data is hosted on servers located in the European Union (AWS Paris region, eu-west-3).

This transfer outside Moroccan territory is governed by adequate safeguards in accordance with articles 43 and 44 of law 09-08.

All data is encrypted in transit (TLS 1.3) and at rest (AES-256 encryption).

Clinical data is retained in accordance with legal obligations for medical records in Morocco.

For minor patients, data is retained for a minimum of 20 years after they reach the age of majority.

Data is never permanently deleted: a soft-delete mechanism is used to ensure the traceability required by regulations.

Technical data (audit logs) is retained for 5 years.

End-to-end encryption: TLS 1.3 for data in transit, AES-256 encryption for data at rest.

Data isolation: each practice or center has a strictly isolated data space (multi-tenant architecture).

Role-based access control: each user only accesses data necessary for their role.

Audit logging: all operations on clinical data are recorded (no PII in logs).

Daily encrypted backups with 30-day retention.

Secure authentication via AWS Cognito with enforced password policy.

In accordance with law 09-08, you have the following rights:

Right of access: obtain a copy of all data concerning you or your child.

Right of rectification: request correction of inaccurate or incomplete data.

Right of objection: object to the processing of your data for legitimate reasons.

Right to portability: receive your data in a structured, machine-readable format.

To exercise these rights, contact us at: [email protected]. We will respond within 30 days.

You may also file a complaint with the CNDP (National Commission for the Control of Personal Data Protection).

MyManar uses only strictly necessary cookies for platform operation (authentication session, language preferences).

No advertising or third-party tracking cookies are used.

No data is shared with advertising networks or third-party analytics tools.

MyManar reserves the right to modify this privacy policy. Any changes will be notified to users by email and via the platform.

Users will be asked to accept the new version before continuing to use the service.