Privacy Policy

Who we are

SurfX is operated by Surf X Digital and Services, a company based in Doha, Qatar. This Privacy Policy explains what we collect, how we use it, and the choices you have.

Operating entity: Surf X Digital and Services Address: Lusail Towers 1, Lusail, Qatar Privacy contact: hello@surfxapp.com

This policy covers both surfxapp.com (this website) and the SurfX mobile app (iOS and Android). The two products collect different things, so we've split the sections accordingly.

What the website collects

The website is intentionally light. The only personal data we collect here is your email address, and only if you sign up to our launch list or newsletter.

That email is stored in our database (Supabase) and is used only to email you about SurfX — launch news, app availability, and the occasional venue update. We do not run third-party analytics, ad pixels, or behavioural tracking on the website.

You can ask us to delete your email at any time by writing to hello@surfxapp.com.

What the app collects

The SurfX mobile app collects more, because it has to in order to work. We try to keep it to what's actually needed.

Account information

Email address — for account login and booking confirmations.
Name — so venues know who's showing up.
Age — some venues and activities have age requirements (water sports, hotel pools, alcohol-licensed venues), and we use age to filter what's bookable for you.
Phone number — used for one-time-password (OTP) verification at signup. We send the OTP via Twilio; the number is stored on our side for account recovery.

Location

If you grant location permission, we use your device's location to show you the nearest venue and to sort listings by distance. Location is used in real time on your device — we don't track or store a continuous location history.

Photos

You can upload photos to your profile or to venue reviews. Photos you upload are stored on our infrastructure and shown to other users only where you've chosen to publish them (e.g. a public review). You can delete uploaded photos from inside the app.

Who we share data with

We don't sell your data. We share specific information with specific service providers, only to make the product work:

Twilio — receives your phone number to send the OTP at signup.
Supabase — hosts our database and authentication infrastructure.
Venues you book — receive your name, email, and booking details so they can fulfil the booking.

These providers are bound to use the data only for the service they perform for us.

How long we keep data

We keep account data for as long as your account is active. If you delete your account, we delete your personal data within a reasonable period, except where we're legally required to retain certain records (e.g. for finance or tax purposes).

Your choices

You can:

Access or correct the data we hold about you.
Delete your account and the data tied to it.
Withdraw location or photo permissions at any time from your device settings — the app will continue to work with reduced functionality.
Unsubscribe from marketing emails using the link at the bottom of any email we send.

To exercise any of these, write to hello@surfxapp.com. We aim to respond within 14 days.

Children

SurfX is not intended for children under 13. We don't knowingly collect personal data from anyone under 13. If you believe a child has signed up, contact us and we'll remove the account.

Changes to this policy

If we materially change this policy, we'll update the "Last updated" date above and, where required, notify you in the app or by email. Continued use of SurfX after changes means you accept the updated policy.

Contact

For any privacy question or request, email hello@surfxapp.com.