Privacy Policy
Last updated: 25 April 2026
This policy explains how Tora eCom ("Tora eCom", "we", "us") processes personal data when you visit our website, use our order and delivery management service, or interact with us. It is intended to support transparency requirements for our users and, where you connect advertising or social platforms, for partners such as Meta. This is a general template, not legal advice, and you should have it reviewed for your business.
Controller and contact
Tora eCom is the data controller for personal data we determine the purposes and means of processing, unless we state otherwise. You can reach us for privacy matters at: contact@tora.ma
We may add or update a postal address, legal entity name, and a dedicated privacy contact in this section as we formalize our corporate information.
We may add or update a postal address, legal entity name, and a dedicated privacy contact in this section as we formalize our corporate information.
Data we may collect
Depending on your relationship with us, we may process:
• account and contact data: name, email, phone, company name, billing and role within your organization when you create or maintain an account;
• service and order data: information about orders, shipments, integrations, and your use of features, including logs, configuration, and support tickets;
• device and technical data: IP address, device type, browser, approximate location, timestamps, and diagnostic data to secure and improve the service;
• marketing and communication data: preferences, subscription status, and how you respond to our messages;
• if you or your organization connect Meta / Facebook products (e.g. Marketing API, Conversions API, Facebook Login where offered, app events, pixel, or ad reporting): we may process identifiers, events, and measurement data needed to use those products. Categories depend on the integration; we do not use this policy to publish secrets or private keys, only to describe the nature of the processing. Such processing may also be subject to Meta’s terms, documentation, and your or your ad account’s settings in Meta systems.
• account and contact data: name, email, phone, company name, billing and role within your organization when you create or maintain an account;
• service and order data: information about orders, shipments, integrations, and your use of features, including logs, configuration, and support tickets;
• device and technical data: IP address, device type, browser, approximate location, timestamps, and diagnostic data to secure and improve the service;
• marketing and communication data: preferences, subscription status, and how you respond to our messages;
• if you or your organization connect Meta / Facebook products (e.g. Marketing API, Conversions API, Facebook Login where offered, app events, pixel, or ad reporting): we may process identifiers, events, and measurement data needed to use those products. Categories depend on the integration; we do not use this policy to publish secrets or private keys, only to describe the nature of the processing. Such processing may also be subject to Meta’s terms, documentation, and your or your ad account’s settings in Meta systems.
Why we use data and legal basis
We process data to:
• provide, maintain, and secure our service (performance of a contract, legitimate interest in a reliable platform, and legal compliance);
• communicate with you, including support and (where you have not opted out and law allows) service and marketing messages;
• understand usage, improve the product, and run analytics in line with this policy and applicable settings;
• comply with law, including tax, accounting, and law enforcement requests where we must respond;
• where you have given consent, for optional activities such as certain cookies or specific marketing, which you can withdraw. Specific legal bases (including GDPR) depend on context and your location; you may have additional information where required in your country.
• provide, maintain, and secure our service (performance of a contract, legitimate interest in a reliable platform, and legal compliance);
• communicate with you, including support and (where you have not opted out and law allows) service and marketing messages;
• understand usage, improve the product, and run analytics in line with this policy and applicable settings;
• comply with law, including tax, accounting, and law enforcement requests where we must respond;
• where you have given consent, for optional activities such as certain cookies or specific marketing, which you can withdraw. Specific legal bases (including GDPR) depend on context and your location; you may have additional information where required in your country.
How we share data
We do not sell your personal data as a “sale” in the traditional sense. We may share it with:
• infrastructure and hosting, email, and security providers (processors) who may only use data to provide our instructions;
• professional advisers where needed;
• public authorities when required by law. When you use or connect Meta, Facebook, or other platforms, some data may be shared with them as you direct us or as the integration works; their use is also governed by their policies and the settings you and your ad accounts have with them. We may also share aggregated or de-identified data that does not identify you for analytics and improvement.
• infrastructure and hosting, email, and security providers (processors) who may only use data to provide our instructions;
• professional advisers where needed;
• public authorities when required by law. When you use or connect Meta, Facebook, or other platforms, some data may be shared with them as you direct us or as the integration works; their use is also governed by their policies and the settings you and your ad accounts have with them. We may also share aggregated or de-identified data that does not identify you for analytics and improvement.
International transfers
If you are in a region with transfer rules (e.g. EEA, UK, Switzerland, Morocco, or other jurisdictions), and we or our sub-processors process data in other countries, we will use appropriate safeguards (such as standard contractual clauses) where required by law. The exact mechanisms may be described in a supplemental notice or in our DPA for customers if applicable.
Retention and security
We keep personal data for as long as we have a valid purpose: for example, for the duration of your account, to comply with law, to resolve disputes, and for backups on a defined cycle. We apply technical and organizational measures appropriate to the risk, including access controls, encryption in transit where applicable, and vendor reviews. No method of transmission is 100% secure.
Your rights
Depending on applicable law, you may have the right to access, rectify, delete, restrict, or object to certain processing, and the right to data portability. You may have the right to lodge a complaint with a supervisory authority. To exercise your rights, contact: contact@tora.ma
We will respond within a reasonable time or as required by law. For Meta-related tools, some controls (ad preferences, ad accounts) are managed directly in Meta. If you are an end customer of a merchant on our platform, the merchant is often the controller of your order data; we will direct or assist as appropriate in line with the law.
We will respond within a reasonable time or as required by law. For Meta-related tools, some controls (ad preferences, ad accounts) are managed directly in Meta. If you are an end customer of a merchant on our platform, the merchant is often the controller of your order data; we will direct or assist as appropriate in line with the law.
Children
Our service is not directed to children under 16 (or the age in your region if higher). We do not knowingly collect personal data from children for those purposes. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.
Changes to this policy
We may update this policy from time to time. The “last updated” date will change, and for material changes we will provide a notice on the site or by email as appropriate. Continued use of the service after the effective date may be subject to the updated terms where the law allows.