feera
Back

Last updated 17 May 2026

Privacy Policy

privacy.section.collect

  • Account data: phone number, email, display name, locale, city, optional gender, optional profile photo, optional bio.
  • Play data: bookings, matches, scores, ratings, social score, federation links if you choose to connect one.
  • Payment data: transaction amount, currency, status, last four digits of the card. Your full card number is never stored on our servers.
  • Device data: IP address, user agent, locale; used for security and analytics.
  • Chat data: messages between you and the players or clubs you play with.

privacy.section.use

  • To let you book courts, find players, and play matches.
  • To compute your Glicko-2 rating and surface relevant matches and opponents.
  • To process payments to clubs, coaches, and other players.
  • To send transactional notifications (bookings, payments, match invites) via the channel you prefer.
  • To enforce safety rules (sandbag detection, blocking, no-show flags).
  • For aggregate, anonymised analytics that help us improve the product. We never sell your data.

privacy.section.share

Data is stored on encrypted Postgres servers hosted by Neon in Frankfurt, Germany. Application servers run on Hetzner in Falkenstein, Germany. We use Cloudflare for DNS and CDN, Stripe for international card payments, JazzCash and Easypaisa for Pakistani mobile wallets, 1Link Raast for Pakistani interbank transfers, Twilio Verify for OTP delivery via SMS or WhatsApp, and Resend for transactional email.

privacy.section.rights

You can export every piece of data we hold about you at /me/export. You can request deletion at /me/delete. Deletion is honoured within 30 days, with a 7-day grace period.

privacy.section.retention

Account data is retained for as long as your account is active and for 30 days after deletion. Match and rating data is retained for as long as other affected players' ratings depend on it. Tax receipts are retained for the periods required by Pakistani, UAE, and EU tax law.

privacy.section.security

Sensitive columns (phone, email, payment method details, federation identifiers) are encrypted at rest using Postgres pgcrypto with quarterly key rotation. All HTTPS traffic uses TLS 1.3 with HSTS. We follow OWASP Top 10 mitigations and run automated dependency scanning.

privacy.section.contact

Questions or complaints? Email [email protected].