This policy explains what we collect, why we collect it, who we share it with and the rights you have over it. We have written it in plain English and kept the legal scaffolding to a minimum, while staying aligned with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.
Effective date: 30 April 2026Last updated: 11 May 2026
In short. We collect the minimum information needed to verify members, run the matching engine and keep the community trusted. We never sell member data. We never share your contact details with brands or partners without your explicit consent. Inside the platform, what other members can see depends on your pool and membership tier, and you can request access, correction or deletion of your data at any time.
1. Who we are.
Padel Match DXB is a curated padel community for professionals in Dubai, operated by Georges A. as a private undertaking based in Dubai, United Arab Emirates. References to “we”, “us” or “the platform” in this policy mean Padel Match DXB. References to “you” mean the person whose data is being processed, whether you are a member, an applicant, a club manager or a partner contact.
For the purposes of UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”), Padel Match DXB acts as the controller of the personal data described in this policy.
2. What we collect.
We try to collect as little as we reasonably can. The categories below cover everything we ever ask for or generate about you.
Information you provide when you apply or sign in
Full name
Email address
Personal LinkedIn profile URL
Firm or organisation name and your role
Industry, selected from a fixed list
Self-declared playing level
Information you add inside the member app
Profile photo, if you upload one
Short biography, if you add one
Preferred playing areas across Dubai
Your usual playing windows
Match preferences and settings
Information generated by your use of the platform
Matches you post or join, and the dates and venues of those matches
Reliability signals (such as confirmed attendance, late cancellations or no-shows reported by hosts) used only to maintain a reliability band on your profile
Membership tier, current pool memberships and any pool-specific bans imposed by the administrator
Technical information
Device and browser metadata transmitted with each request, such as user-agent string and IP address
Authentication tokens issued by our authentication provider (Supabase) so you can stay signed in without a password
Limited operational logs that help us diagnose issues and prevent abuse
If you use the Android app, the same data categories above apply. The app connects to the same authentication and database services as the website and does not collect additional device-level data such as contacts, location or camera access
If you sign in using a mobile login code instead of an email link, the code and its expiry timestamp are stored temporarily until sign-in is complete and are then deleted automatically
Information about clubs and partner contacts
For clubs listed in the directory: business name, public location, court details, public booking link, and any rates the club has chosen to publish
For club managers and partner contacts: name, business email, and the club or organisation they represent
We do not knowingly collect special-category personal data (such as data about health, religion, ethnicity or political opinions). Please do not include such information in your bio or messages on the platform.
3. How we use your data.
Your data is used for the following purposes, and nothing else:
Verifying that you are a fit for the community. The administrator reviews your application manually using your name, email, LinkedIn profile, firm, role and industry.
Assigning you to the right pool. Pool assignment is decided by the administrator based on your stated industry and professional profile.
Matching you with compatible players. Your level, areas, windows and pool memberships feed the matching engine that proposes compatible four-player games.
Showing you the right view of the directory. What you see depends on your membership tier and the pools you are part of, as described in section 6.
Running the messaging features. Where two members agree, we may facilitate an introduction by sending a one-time email containing each party’s professional details.
Sending necessary lifecycle communications. Application updates, sign-in links, match notifications, post-match summaries and a small number of nudge emails, all from a clearly identified sender.
Maintaining reliability signals. Late-cancellation and no-show reports affect your reliability band. We never publish exact percentages or rankings.
Protecting the community. We maintain logs of administrator actions and use rate limits, automated checks and manual review to deter abuse and prevent fraud.
Improving the product. We use aggregated, de-identified usage signals to understand which features work and which do not.
4. Legal basis.
Under the PDPL, we rely on the following grounds, alone or in combination, depending on the activity:
Consent. When you submit your application and confirm your email through a sign-in link, you consent to your data being processed for the purposes described in this policy.
Contractual necessity. Operating the platform you signed up for requires us to process the data needed to run the membership, pools and matching features.
Legitimate interests. Maintaining the security and integrity of the community, preventing abuse, and protecting member trust are legitimate interests we balance carefully against your rights.
Compliance with applicable law. Where we must respond to lawful requests from competent UAE authorities.
You may withdraw consent at any time. Withdrawal does not affect processing carried out before the withdrawal and may, depending on the data concerned, mean we can no longer maintain your account.
5. Who we share data with.
We share data only where it is needed to operate the platform, and only with the following categories of recipient:
Other members, on a tier-controlled basis (see section 6).
Service providers that help us run the platform (see section 7), under written data-processing terms and only for the specific purposes described.
Partner clubs and brands, only on a strictly opt-in basis. We never share your personal contact details with a partner without your explicit, case-by-case consent. Aggregated, de-identified outcomes (for example “X members attended an event”) may be shared without identifying any individual.
Competent authorities, if compelled by law in the UAE, or where we believe in good faith that disclosure is necessary to protect a member’s safety or to investigate fraud or abuse.
We do not sell personal data. We do not run third-party advertising on the platform. We do not place tracking pixels for advertising networks.
6. Member visibility and tiers.
Inside the platform, what other members can see about you depends on the membership tier they hold and the pools they are part of.
Circle. Default tier. Members can see, message and invite other members in the same approved professional pool.
Network. Members can additionally see and interact with members in pools the administrator has approved as adjacent.
Clubhouse. Members can see and send invitations to specific individuals across all active pools.
The administrator can disable a pool or ban a member from a specific pool, in which case those interactions are blocked regardless of tier.
7. Service providers and processors.
We rely on a small number of trusted service providers. The current list is:
Supabase Inc. – authentication, database hosting and serverless functions. Processes account, profile, pool, match and log data.
Resend, Inc. – transactional email delivery. Processes email addresses and message content for the emails described above.
Vercel, Inc. – website hosting, content delivery and edge caching. Processes IP addresses and request metadata.
Unsplash – image hosting for stock photography only. We do not transmit member data to Unsplash.
The Padel Match DXB Android app connects to the same Supabase infrastructure as the website. It does not introduce additional third-party processors beyond those listed above.
Each of these providers offers documented privacy and security commitments. We review the list periodically and will update this section if we add, remove or change a provider.
8. International data transfers.
Some of the service providers listed in section 7 process data outside the UAE. Where this is the case, we rely on the appropriate transfer mechanisms permitted under the PDPL, including transfers to jurisdictions that the UAE Data Office recognises as offering an adequate level of protection, and contractual safeguards with the relevant provider where applicable.
We will refresh this section as the UAE adequacy regime continues to develop.
9. How long we keep data.
Active member profiles are kept for as long as your membership is active, plus a short retention period for audit and dispute resolution.
Rejected applications are kept for up to twelve months from the rejection date, so we can recognise and handle reapplications fairly. After that, profile data is deleted or fully anonymised.
Removed members retain a minimal record (email address and removal reason) for a similar period, so reapplications can be cross-checked.
Match history and reliability signals are retained for as long as your membership is active.
Operational logs are kept for up to ninety days unless they are part of an active investigation.
Email delivery records at our email provider are retained for the period set by that provider, typically thirty days.
If a longer retention period is required by applicable UAE law, we will keep data for the legally required time and only for that purpose.
10. Security.
We take a defence-in-depth approach. Specifically:
Authentication is passwordless. Sign-in is done with one-time email links or short-lived mobile login codes rather than passwords, which removes the most common credential-theft risk. Mobile login codes expire automatically and are deleted once used.
Database access is governed by row-level security policies. The browser key cannot read data outside the policies, even if the key is exposed.
Privileged operations run only inside trusted serverless functions that verify the caller’s identity before acting.
External URLs supplied by members (LinkedIn, image URLs, club booking links) are validated against an allowlist of protocols and hosts before being rendered.
Administrator actions are written through audit-logged functions, so a tamper-evident record of every member-impacting decision is retained.
Sensitive infrastructure secrets are stored only in our hosting provider’s secret manager, not in the codebase.
No system can offer absolute security. If we ever become aware of a personal-data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the UAE Data Office in accordance with the PDPL.
11. Cookies and analytics.
We use a small number of strictly necessary cookies and equivalent local-storage tokens to keep you signed in and to remember settings such as your selected tab. The Android app stores an authentication token locally on your device for the same purpose. We do not place advertising cookies. We do not use third-party analytics that build a profile of you across other sites.
If we introduce a privacy-respecting analytics tool in future, we will update this section before doing so.
12. Your rights.
Subject to the PDPL, you have the following rights over your personal data. We honour them in good faith and within a reasonable time, normally within thirty days of a verified request.
Access. Request a copy of the personal data we hold about you.
Correction. Ask us to correct inaccurate or incomplete data. Many fields can be edited directly inside the member app.
Deletion. Ask us to delete your data, subject to any legal retention requirements.
Restriction. Ask us to limit how your data is processed in specific circumstances.
Objection. Object to processing based on legitimate interests.
Portability. Receive a copy of your data in a structured, commonly used format.
Withdrawal of consent. Withdraw consent for any processing that relies on it, without affecting earlier processing.
Lodge a complaint. If you believe your rights have been infringed, you can complain to the UAE Data Office (uaedata.ae) or the regulator with jurisdiction over you.
To exercise any of these rights, write to georges@padelmatchdxb.com from the email address on your account. We may need to verify your identity before acting on the request.
13. Age and eligibility.
Padel Match DXB is intended for adult professionals only. By applying, you confirm that you are at least eighteen years old and legally able to enter into the agreements that membership involves. We will close any account where we believe this is not the case and delete the related data.
14. Changes to this policy.
We may update this policy from time to time, for example when we add a new feature, change a service provider or respond to legal developments. The “last updated” date at the top of the page reflects the most recent version. If a change materially affects how we use your data, we will let members know by email before it takes effect.
15. Contact us.
If you have any question about this policy, your data, or how the platform handles a specific situation, the fastest route is a direct email to the founder.
This page is informational and does not constitute legal advice. The members and applicants of Padel Match DXB are encouraged to read it in full and to ask questions if anything is unclear.