Privacy Policy

1. Who We Are

InnoDI (Institut d'Innovation et de la Transformation Digitale) is an online higher education institution registered in Morocco. We are the data controller for the personal data described in this policy.

Contact: info@innodi.ma

2. Data We Collect

2.1 Account Data (via Google OAuth)

When you sign in with Google, we receive and store:

• Full name
• Email address
• Profile photo URL
• Google account unique identifier (UID)

2.2 Application Data

When you apply for admission, we collect:

• Phone number
• Chosen MSc program
• Motivation statement
• Enrollment goal (degree or certificate)

2.3 Academic Data

As you use the platform, we automatically record:

• Course progress (sections completed, quiz attempts, action items)
• Quiz grades and mastery status (stored as an immutable audit trail)
• XP points and achievement milestones
• Generated academic documents (transcripts, enrollment letters)
• Reflective journal entries

2.4 Profile Data

You may optionally provide:

• Phone number, biography, LinkedIn profile URL
• Portfolio website URL

2.5 Technical Data

We use Firebase Analytics which may collect:

• Browser type and version
• Device type and screen resolution
• IP address (anonymized)
• Pages visited and time spent

3. How We Use Your Data

• Education delivery: Track your course progress, calculate grades, issue certificates and transcripts.
• Admissions: Process your application, review motivation statements, communicate admission decisions.
• Account management: Authenticate your identity, manage your student profile, sync data across devices.
• Academic records: Maintain official grade records for accreditation compliance (ANEAQ).
• Document verification: Allow third parties (employers, visa offices) to verify the authenticity of InnoDI-issued documents via our verification portal.
• Platform improvement: Analyze usage patterns to improve course content and user experience.

4. Legal Basis for Processing

We process your data based on:

• Contractual necessity: To provide educational services you enrolled in.
• Legitimate interest: To maintain academic integrity, prevent fraud, and improve our platform.
• Legal obligation: To maintain academic records as required by Moroccan education law and ANEAQ accreditation standards.
• Consent: For optional data (profile bio, LinkedIn, reflective journals).

5. Data Storage & Security

Your data is stored in Google Firebase (Firestore), hosted on Google Cloud Platform infrastructure. We implement the following security measures:

• Firestore Security Rules with deny-all default and role-based access control
• Google OAuth for authentication (we never store passwords)
• HTTPS encryption for all data in transit
• Grade records are immutable — they cannot be modified or deleted after creation
• Admin access is restricted to verified administrator accounts

6. Data Sharing

We do not sell your personal data. We may share data with:

• Google Firebase: As our infrastructure provider (data processor).
• ANEAQ / Ministry of Higher Education: Academic records as required for accreditation.
• Document verification: When you generate a verifiable document, its metadata (student name, program, issue date) is publicly queryable via our verification portal. This is necessary for the document to serve its intended purpose.

7. Your Rights

Under Moroccan data protection law (Loi 09-08) and international best practices, you have the right to:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Correct inaccurate personal data.
• Deletion: Request deletion of your account and associated data (note: academic grade records may be retained for accreditation compliance).
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interest.

To exercise these rights, email info@innodi.ma.

8. Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account deletion request.
• Academic records: Retained permanently as required by accreditation standards.
• Application data: Retained for 5 years after the application decision.
• Analytics data: Anonymized and aggregated after 26 months.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via your student dashboard. Your continued use of the platform after changes constitutes acceptance.

10. Contact Us

For any privacy-related questions or requests:

Email: info@innodi.ma

Institution: InnoDI — Institut d'Innovation et de la Transformation Digitale

Location: Morocco