Privacy Policy — Squadra (سكوادرا)
Last updated / Effective date: June 11, 2026 · Version: 1.0
1. Introduction & Scope
Squadra ("we", "us", or "the App") respects your privacy. This policy explains how we collect, use, and protect your personal data when you use the Squadra app — a platform for organizing matches, splitting teams, booking venues, managing clubs and groups, player cards, and academies.
This policy applies to all users: players, venue owners/partners, academy participants and their guardians, and visitors. It is governed by the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia and its implementing regulations issued by the Saudi Data & AI Authority (SDAIA).
By using the App, you acknowledge that you have read this policy.
2. Controller Identity & Contact
- Data controller: Squadra
- National address: Riyadh, Al-Yarmouk District, Malwi Street, Kingdom of Saudi Arabia
- Contact & privacy requests: info@squadrasa.net
To exercise your rights or for any privacy enquiry, contact us at the email above.
3. Definitions
- Personal data: any data that identifies you or makes you identifiable.
- Sensitive data: data of a special nature under the law (we do not intentionally collect sensitive data).
- Processing: any operation performed on data (collection, storage, use, disclosure, destruction).
- Guardian: the legal guardian of a minor or their lawful representative.
- Partner/Host: the owner of a venue or academy listed on the platform.
4. Data We Collect
We collect only what is necessary to operate the App:
a) Account & identity data: name (first/last/display), username, email, phone number, and password (hashed/encrypted by our authentication provider). When you sign in via Google or Apple, we receive your name and email from the sign-in provider.
b) Sports profile data: city, position, preferred foot, goalkeeping ability, height and weight (optional), profile photo, your private notes, and your player card and its stats.
c) Social data: friend requests and connections, club and group memberships, and contact numbers — only if you enable "phone matching" (an optional feature to match your contacts, performed locally; we do not reveal your number without your consent).
d) Activity & booking data: trainings, matches and attendance, bookings (dates, times, status, amount, notes), ratings and reviews.
e) Partner/venue data: venue name, address, coordinates, and contact channels (phone/WhatsApp/Instagram), and partner-application data (business name, contact details, license type) — provided voluntarily by the partner.
f) Device & notification data: notification token (Expo Push Token), operating-system type, and device name — to deliver notifications.
g) Location data: when you request "nearby venues" we ask for location permission to calculate distance only. We do not store your location — it is used momentarily and then discarded.
h) Limited technical data: basic operational and diagnostic logs for security and stability. We do not use advertising tracking and we do not sell your data.
5. How We Collect Data
- Directly from you when you register, build your profile, book, and interact.
- Automatically from your device (notification token, technical data).
- From sign-in providers (Google/Apple) when you choose to sign in through them.
- From partners when they list their venues and activities.
6. Purposes & Legal Basis
| Purpose | Legal basis |
|---|---|
| Account creation, authentication, and core services | Performance of a contract |
| Bookings, payments, and their management | Performance of a contract / Legal obligation (invoicing) |
| Operational notifications (reminders, friend requests, booking confirmations) | Performance of a contract / Legitimate interest |
| Phone matching and friend-discovery features | Your consent (optional) |
| Security improvement and fraud prevention | Legitimate interest / Legal obligation |
| Marketing messages (if any) | Your consent (withdrawable at any time) |
7. Children's Data & Guardian Consent
The App serves audiences that may include minors (particularly via academies). Therefore:
- The minimum age to create a self-service account is 13. Those under 13 may not self-register.
- Those under 18 require guardian consent and supervision to use the App and to enroll in activities/academies.
- We take reasonable steps to verify the validity of guardianship at academy enrollment, and we do not process a minor's data in a way that harms their interests.
- The guardian may view the minor's activity and exercise their rights on their behalf; these rights revert to the minor upon reaching legal capacity.
- We do not direct marketing to children and do not build profiles of them.
If you become aware that a child under 13 has created an account without permission, contact us to delete it.
8. Disclosure & Data Sharing
We do not sell your data. We may share it, only as necessary, with:
- Venue owners/academies: booking details required to fulfil the booking.
- Technical sub-processors (see Section 9).
- Regulatory/judicial authorities upon a lawful request.
- In a merger or business transfer, while committing to protect your data.
Within social features (friends/clubs/rosters) we expose only public fields (name, username, photo) and never reveal your phone number.
9. Sub-processors (Service Providers)
We use trusted providers to operate the App, including:
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and file storage |
| Sign-in, and maps/geocoding for addresses | |
| Apple | Sign in with Apple (on iOS) |
| Expo | App build infrastructure and notification service |
| SMS provider | Delivering phone verification codes (OTP) |
| Payment provider | Payment processing (when enabled) |
10. Cross-Border Transfers
Some data may be stored or processed on our providers' servers outside the Kingdom. In that case we rely on an appropriate legal safeguard (transfer to a jurisdiction with an adequate level of protection, or SDAIA-approved contractual clauses), and we limit transfers to the minimum necessary. [Hosting region and transfer mechanism to be specified on adoption]
11. Retention & Destruction
We retain your data only for as long as necessary:
- Account & profile: for the life of the account, then deleted or anonymized upon a deletion request (and purged from backups within ≤30 days).
- Bookings, invoices, and payment records: up to 6 years to comply with tax and accounting regulations.
- Support communications: up to 24 months.
- Notification tokens / device data: until de-registration or account deletion.
- Technical logs: up to 90 days.
- Shared content (clubs/groups/ratings): anonymized rather than deleted to preserve others' records.
12. Account Deletion
You can delete your account from within the App (Settings), or via our public account-deletion page: https://squadrasa.net/account-deletion. Upon deletion we remove or anonymize your personal data, except what we are legally required to retain (such as invoices).
13. Your Rights & How to Exercise Them
Under the law, you have the right to: be informed, access your data, rectify, erase, restrict processing, port, withdraw consent, and object. To exercise any right, email us at info@squadrasa.net and we will respond within the statutory period. You can also adjust your privacy settings in the App (visibility, phone matching, photo visibility).
14. Data Security
We apply reasonable technical and organizational measures (encryption in transit, access controls, row-level security) to protect your data from unauthorized access or disclosure. No system is 100% secure, but we strive for the best possible protection.
15. Cookies & Tracking Technologies
We do not use advertising tracking. We may use basic local storage to operate the App (such as saving your session and preferences). On the web, only strictly necessary files may be used for operation.
16. Data Breach Notification
In the event of a breach affecting your data, we commit to notifying the Saudi Data & AI Authority (SDAIA) within 72 hours of becoming aware of it, and to notifying affected individuals without undue delay where there is a serious risk to their rights.
17. Changes to This Policy
We may update this policy and will publish the updated version with a new effective date, notifying you of material changes via the App or email. Your continued use after an update constitutes acceptance.
18. Contact & Complaints
For any privacy enquiry or complaint, email us at info@squadrasa.net. You also have the right to lodge a complaint with the Saudi Data & AI Authority (SDAIA) if your complaint is not resolved.
Squadra — Riyadh, Al-Yarmouk District, Malwi Street · info@squadrasa.net