Skip to content
draft · pending counsel review
last updated 2 May 2026

Privacy.

We collect the smallest amount of personal data we can to run OnTheMove, and we tell you what it is and why.

1. Who we are

OnTheMove (“we”, “us”) is a Dubai-based multi-sport community operating the website and app at onthemovedxb.com. For questions about your data, write to privacy@onthemovedxb.com.

2. What we collect

We collect different data depending on how you interact with us.

If you join the mailing list

  • Your email address.
  • A truncated form of your IP address (the network prefix only, not your full address) for abuse prevention.
  • A short summary of your browser’s User-Agent string.
  • The page on our site where you signed up.

If you create an account

  • Name, email, and (optionally) phone number.
  • Profile data you choose to add: sports, skill level, photo.
  • Authentication identifiers from Google or Apple if you sign in that way.
  • RSVPs, match history, and ratings you give or receive.
  • Payment metadata (last 4 digits, brand, country) if you pay for a session — full card details never reach our servers and are held by Stripe.

Automatically

  • Aggregate, anonymous page-view statistics via Plausible Analytics, which is cookieless and does not track individuals across sites.
  • Server logs (request path, timestamp, status, truncated IP) for security and debugging — kept short.

3. Why we collect it

We process personal data on the following lawful bases under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and, where applicable, the EU General Data Protection Regulation:

  • Performing the service — running RSVPs, payments, and match results requires the data tied to those actions.
  • Consent — joining the mailing list, receiving push notifications, or opting into marketing email is consent you can withdraw at any time.
  • Legitimate interests — fraud prevention, security, and abuse mitigation.
  • Legal obligation — tax records and any data we must retain by law.

4. Who we share it with

We do not sell your data. We share the minimum necessary with service providers acting on our instructions:

  • Supabase — primary database (Tokyo region).
  • Vercel — application hosting and edge network.
  • Resend — transactional email delivery.
  • Stripe — payments. Full card data is processed by Stripe under PCI-DSS; we never store it.
  • Google / Apple — sign-in (only if you choose that route).
  • LightWidget — third-party Instagram embed on the homepage. Disclosed in our Cookies notice.
  • Plausible — analytics (cookieless, no cross-site identifiers).

We may also disclose data when legally required, to enforce our terms, or to protect users from harm.

5. How long we keep it

  • Mailing list: while you stay subscribed, plus 30 days after unsubscribe to honour suppression.
  • Account data: while your account is active, plus 12 months after deactivation, then anonymised.
  • Match history and ratings: anonymised after account deletion (other players’ records still need to reference the match).
  • Payment records: 7 years (UAE tax law).
  • Server logs: 30 days.

6. Your rights

You have the right to:

  • Access the data we hold about you.
  • Correct it if it’s wrong.
  • Delete it (subject to the retention rules above).
  • Export it in a portable format.
  • Object to processing or withdraw consent.
  • Lodge a complaint with the UAE Data Office.

Email privacy@onthemovedxb.com with the request and we’ll respond within 30 days. Most account actions you can do yourself in your profile settings.

7. International transfers

Our database lives in the AWS Tokyo region. Some of our service providers (Vercel, Stripe, Resend) operate in the EU and US. Where data leaves the UAE we rely on the receiving party’s adequacy or standard contractual clauses.

8. Security

HTTPS everywhere, encrypted data at rest, role-based access, and row-level security on the database by default. Passwords are hashed with industry-standard algorithms; we offer passkeys (WebAuthn) and admin TOTP. We can’t guarantee perfect security, but we treat it like the responsibility it is.

9. Children

OnTheMove is for adults (18+) and minors with a parent or guardian acting on their behalf. We don’t knowingly collect data from anyone under 13.

10. Changes to this notice

If we change anything material, we’ll update the date at the top and, where reasonable, email registered users.

11. Contact

Privacy questions: privacy@onthemovedxb.com.
General contact: team@onthemovedxb.com.