Privacy Policy

Last updated: 13 May 2026 · العربية

This Privacy Policy explains how CaptainPass ("we", "us", "our") collects, uses, and protects your information when you use the CaptainPass mobile application, owner web portal, and admin dashboard (the "Service"). By using the Service you agree to this Policy.

1. Who we are

CaptainPass is operated from the Sultanate of Oman. Contact: support@captain-pass.com.

2. Information we collect

• Account information: name, email address, phone number, date of birth, gender, nationality, preferred sport, and skill level — provided by you at signup.
• Authentication data: when you sign in with Google or Apple we receive a verified email and unique identifier; we do not see your social account password.
• Game and booking data: games you create, join, or pay for, including venue, time, and your role (captain or player).
• Reviews and replies: ratings and text you submit about venues, plus the venue owner's reply to your review.
• Wallet and payment metadata: wallet credit balance, refund history, and (when payments go live) payment confirmations from our payment processor. We never see or store your full card number.
• Photos uploaded by owners: images you publish for your venue. These are public on the platform.
• Device data: device type, OS version, app version, push notification token (so we can send you game reminders), and crash diagnostics.
• Usage analytics: events such as logins, game joins/cancellations, screen views, and errors. We use this data to understand how the app is used and to fix bugs.
• Feedback and support messages: anything you send us via the in-app feedback form or by email.

We do not collect: precise GPS location, contacts, microphone, camera (beyond uploading venue photos you choose), or health data.

3. How we use it

• To operate the Service: matching captains and players, processing bookings and payments, sending push notifications you ask for, and showing in-app notifications about your games.
• To secure your account and prevent fraud or abuse (App Check + reCAPTCHA Enterprise).
• To analyze usage in aggregate so we can improve features and fix bugs.
• To respond to support requests.
• To comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for behavioural advertising.

4. Notification preferences

You control which categories of notifications you receive (Games, Payments, Social, Venues, System) from Profile → Notifications in the mobile app. You can also disable push notifications entirely from your device's system settings.

5. Service providers

We rely on the following processors. Each is bound by their own privacy terms and processes data only on our instructions:

• Google Firebase (Authentication, Firestore database, Cloud Storage, Analytics, Cloud Functions, App Check, Cloud Messaging) — hosting and core infrastructure.
• Google reCAPTCHA Enterprise — bot / abuse protection on the websites and admin portals.
• Sentry — error and crash reporting.
• Expo — over-the-air updates and push notification delivery.
• Apple / Google — sign-in providers if you use them.
• Zoho Mail — handles the @captain-pass.com support inbox.
• Cloudflare — DNS and edge network for captain-pass.com.
• AmwalPay — Oman-based payment processor for card transactions. We never see or store your card number.

6. Storage and security

Your data is stored on Google Cloud servers and protected by industry-standard encryption in transit (TLS 1.2+) and at rest. Access is restricted to authorised personnel. We use Firebase Security Rules, App Check, and reCAPTCHA Enterprise to limit what the app and its users can read or modify.

7. Retention

We keep your account data for as long as your account is active. If you delete your account from the mobile app, we delete your profile, friends, and wallet history within 30 days; reviews and replies you posted — and your seat in games already played — are anonymised (your name and account link removed) rather than deleted, so other players' records stay intact. In-app notifications older than 90 days are automatically removed. Anonymized analytics events are kept indefinitely. Records required for legal, accounting, or anti-fraud purposes (e.g. payment receipts) are kept for the period required by Omani law.

8. Your rights

You can:

• View and edit your profile inside the app.
• Delete your account from Profile → Delete account, or request it via how to delete your account. The data deletion is permanent and cannot be undone.
• Download a JSON export of your data from Profile → Download my data.
• Request correction of inaccurate data, or withdraw consent for analytics, by emailing support@captain-pass.com. We respond within 30 days.
• Disable push notifications from your device's system settings, or per-category from Profile → Notifications.

9. Children

CaptainPass is intended for users aged 13 and older. If you are under 13, please do not use the Service. If we learn we have collected data from a child under 13 we will delete it.

10. International transfers

Our infrastructure is hosted by Google Cloud, which means your data may be processed on servers outside Oman, including in the European Union and the United States. We rely on industry-standard contractual safeguards (Google Cloud DPA + Standard Contractual Clauses) for these transfers.

11. Changes to this policy

We may update this policy. The date at the top reflects the latest version. Material changes will be communicated in-app or by email.

12. Contact

Questions or complaints: support@captain-pass.com.

CaptainPass · Muscat, Sultanate of Oman