Privacy Policy
Last updated: 12 June 2026
This policy explains how fitXball collects and uses personal data, in line with the Kenya Data Protection Act, 2019. fitXball is the data controller. Contact: support@fitxball.com.
1. Data we collect
Account data: name, email address, phone number, username, and password (stored as a secure hash by our authentication provider). Optional profile data: date of birth, gender, country, photo, and sports preferences. Activity data: events you book, check-ins, and credit transactions. Payment data: the M-Pesa phone number and transaction receipt for top-ups — we never see or store your M-Pesa PIN.
2. Why we use it
To operate your account and bookings, verify event entry, process credit top-ups, send service emails (such as login codes and booking confirmations), keep the service secure, and meet legal obligations. We do not sell personal data.
3. Who we share it with
Service providers who process data on our behalf: Supabase (hosting, database, authentication), Safaricom (M-Pesa payment processing), and Brevo (transactional email). Each processes data only as needed to provide their service. Data may be processed outside Kenya under appropriate safeguards.
4. How long we keep it
Account and profile data is kept while your account is active. Payment records are retained as required for tax and audit purposes. When you deactivate your account we remove or anonymise your profile data within a reasonable period, except records we must keep by law.
5. Your rights
Under the Data Protection Act you may access, correct, or request deletion of your personal data, object to processing, and lodge a complaint with the Office of the Data Protection Commissioner. Most data can be corrected directly in Profile → Edit Profile; for anything else email support@fitxball.com.
6. Security
Data is encrypted in transit, access is restricted by row-level security policies, and payment confirmation happens server-side. No system is perfectly secure; we will notify affected users of any breach as required by law.
7. Children
fitXball is not directed at children under 18. We do not knowingly collect their data without guardian consent.
Questions about this document? Email support@fitxball.com.