Privacy Policy

PlanDXB ("we", "us", or "our") operates a community sports-scheduling platform based in Dubai, UAE, currently dedicated to beach volleyball at Kite Beach and partner venues. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile app and related services.

1. Information We Collect

We collect the following information when you register and use the app:

• Account identity: your name and display name, profile picture (optional), and a tourist/resident flag
• Phone number used for SMS OTP login (UAE format), plus an email and password if you sign in as a community admin
• Match activity: registrations, cancellations, attended/no-show records, and your no-show count
• Penalty records: late-cancel and no-show penalties, including amount and status (pending/paid/waived)
• Device data: device type, OS version, app version, IP address, push-notification token, and basic usage logs

2. How We Use Your Information

We use your information only for the following purposes:

• To run the match-registration workflow — confirming your spot, ordering the roster, and notifying you of changes
• To send transactional notifications (match reminders, registration confirmed, cancellation/penalty notices) via push notifications and SMS OTP for sign-in
• To enforce the community's cancellation policy and record late-cancel / no-show penalties as documented in-app
• To produce anonymous aggregate statistics (e.g. fill rates, attendance) that help admins schedule future sessions

3. Data Sharing & Third Parties

We share data only with the third-party services that make the app work:

• Twilio: SMS delivery for one-time login codes
• Cloudflare R2: secure object storage for profile pictures via short-lived presigned URLs
• Expo: delivery of push notifications to your device
• Sentry: anonymous crash reports to help us fix bugs (no personally identifying content in stack traces)

4. Data Storage & Security

Your data is stored in PostgreSQL with encryption at rest. Authentication tokens are kept in your device's secure storage (Keychain on iOS, Keystore on Android). All API traffic is encrypted with HTTPS/TLS. Access tokens last 15 minutes; refresh tokens last 30 days and are rotated on every use. Admin passwords are hashed with bcrypt and never stored in plain text.

5. Data Retention

We keep your data for as long as your account is active. You can request deletion of your account at any time by contacting privacy@plandxb.ae; we will remove your profile and unlink your registrations within 30 days. Aggregated, anonymized statistics may be retained for product analytics.

6. Your Rights

Under UAE data-protection regulations you have the right to:

• Access the information we hold about you and receive a copy
• Request correction of inaccurate or out-of-date information in your profile
• Request deletion of your account, subject to legitimate retention obligations
• Opt out of non-essential push notifications from your device settings while continuing to receive critical service messages

7. Children's Privacy

PlanDXB is intended for users 16 years and older. We do not knowingly collect personal information from anyone younger. If you believe a minor has registered, contact us and we will delete the account.

8. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact: privacy@plandxb.ae — PlanDXB, Dubai, United Arab Emirates.