This Privacy Policy (“Policy”) describes how FFP Passport collects, uses, shares and protects your personal data when you use the FFP Passport platform, including ffppassport.com, the member app, and any related services (collectively, the “Platform”).
This Policy should be read together with our Terms & Conditions and Refund Policy. By using the Platform, you confirm that you have read and understood this Policy.
1. Who we are
FFP Passport is operated by Find Fit People LLC-FZ, with its registered address at Meydan Hotel, Meydan, Dubai, United Arab Emirates.
For the purposes of this Policy, Find Fit People LLC-FZ is the “data controller” of your personal data — meaning we determine how and why your data is processed.
You can reach us in connection with any data protection matter at hello@ffppassport.com.
2. Scope of this policy
This Policy applies to all members, visitors and users of the Platform. It covers data collected through the website, the member app, our communications with you, and during your interactions with FFP partner venues in connection with your membership.
This Policy does not cover the privacy practices of third parties whose websites or services you may access through links on the Platform. Partner venues, event organisers and other third parties operate under their own privacy policies, which we encourage you to review.
3. Personal data we collect
We collect the following categories of personal data:
3.1 Data you provide directly
- Account information — name, email address, mobile number, date of birth (for age verification), gender (where you choose to share), city and neighbourhood in the UAE
- Profile information — sports you participate in, fitness level per sport, activity preferences, profile photo and any biographical information you add
- Payment information — payment card details are entered directly into our payment processor (Stripe) and are not stored on our servers; we receive only confirmation of payment and a Stripe customer reference
- Communications — any content of emails, WhatsApp messages or support requests you send us
- Member content — photos, comments, reviews, event check-ins and other content you post on the Platform
3.2 Data we generate about your use of the Platform
- Activity data — meet-up requests, event attendance, challenge participation, partner venue check-ins and claims
- Fitness tracking data — calories logged, activity sessions, fitness stats, biological age inputs and personal records, where you choose to log them
- Earnings and Ambassador data — referrals made, AED amounts earned, tier progression
3.3 Data collected automatically
- Device and technical data — IP address, browser type and version, device type, operating system, timezone and approximate location derived from IP
- Usage data — pages viewed, features used, time spent on the Platform, referral source
- Cookies and similar technologies — see Section 10 for details
3.4 Data we receive from third parties
- Payment confirmation from Stripe (transaction reference, payment method type, last four digits of card, billing country)
- Authentication data from third-party login providers, if used in future
4. How we use your data
We use your personal data for the following purposes:
- To deliver your membership — create your account, issue your 6-digit access code, give you access to the Platform and member benefits
- To match you with other members — the Meet & Move feature uses your sports, fitness level, age range and city to suggest matches
- To facilitate events, experiences and challenges — manage RSVPs, attendance, leaderboards, prizes and check-ins
- To process payments — via Stripe, including refunds where applicable
- To verify partner venue claims — share necessary details with partner venues so you can redeem Member Perks
- To send service communications — access codes, payment receipts, membership updates, event confirmations, security alerts
- To send marketing communications — updates about new partners, events, experiences and platform features, where you have consented or where applicable law permits
- To improve and develop the Platform — analyse usage patterns, debug issues, build new features
- To protect the community — investigate reports of misconduct, prevent fraud, enforce our Terms & Conditions and Code of Conduct
- To comply with legal obligations — respond to lawful requests from UAE authorities or other applicable regulators
5. Legal basis for processing
We process your personal data under the UAE’s Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL) and, where applicable, the EU’s General Data Protection Regulation (GDPR) and the UK GDPR for members residing in those jurisdictions.
The legal bases we rely on are:
- Performance of a contract — processing necessary to provide the membership and services you have purchased
- Consent — for marketing communications, optional profile fields, and certain cookies; you can withdraw consent at any time
- Legitimate interests — to improve the Platform, ensure security, prevent fraud, defend legal claims and develop our business; we balance these interests against your rights
- Legal obligation — to comply with UAE law and lawful requests from competent authorities
6. Who we share data with
We share your personal data only where necessary, and only with parties bound by appropriate confidentiality and data protection obligations.
6.1 Service providers (processors)
- Stripe — payment processing
- Supabase — database, authentication and storage
- Netlify and Vercel — website and application hosting
- Resend and other email service providers — transactional and member emails
- Anthropic, OpenAI and other AI infrastructure providers — only where used to power member-facing features such as matching, search or content moderation, and only with the minimum data needed
- Analytics providers — usage analytics and platform performance monitoring
6.2 Other members
To enable the community features of the Platform, certain profile information you choose to share — such as your name, profile photo, sports, level and city — may be visible to other members. You control what appears on your profile.
6.3 Partner venues
When you redeem a Member Perk at a partner venue, we share the minimum information necessary to verify your membership and the claim (typically your name and confirmation that you are an active passport holder).
6.4 Event organisers
When you RSVP for an event or apply for an experience, we share your name, contact information and any relevant participation details with the organiser of that event.
6.5 Legal and safety
We may disclose data where we believe in good faith that it is necessary to: (a) comply with UAE law or a lawful request from a competent authority; (b) protect the rights, property or safety of FFP Passport, our members or the public; or (c) detect, prevent or address fraud, security or technical issues.
6.6 Corporate transactions
If FFP Passport is involved in a merger, acquisition or sale of assets, your data may be transferred as part of that transaction, subject to confidentiality and continued protection under this Policy.
We do not sell your personal data.
7. International data transfers
FFP Passport is based in the United Arab Emirates, but some of our service providers store and process data in other countries, including the European Union, the United Kingdom and the United States.
When we transfer personal data outside the UAE, we take steps to ensure an appropriate level of protection, such as relying on adequacy decisions, standard contractual clauses, or processor commitments under the GDPR where applicable.
8. How long we keep your data
We keep your personal data for as long as necessary to provide the membership and services, and to fulfil the purposes described in this Policy.
- Active account data — kept for the duration of your membership and a reasonable period afterwards to allow renewal
- Payment records — retained for the period required by UAE accounting, tax and anti-money-laundering law (typically seven years)
- Communications — retained for the period needed to resolve any related issue and to defend potential legal claims
- Member content — remains visible on the Platform until you remove it or close your account, after which we may retain backup copies for a limited period
- Anonymous or aggregated data — may be retained indefinitely for analytics and product improvement, in a form that does not identify you
When personal data is no longer needed for any lawful purpose, we will delete or anonymise it.
9. Your rights
Subject to the applicable law in your country of residence (including the UAE PDPL, GDPR or UK GDPR), you have the following rights in relation to your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate or incomplete data; many fields you can update directly in your account
- Erasure — ask us to delete your personal data, subject to legal retention requirements
- Restriction — ask us to limit the processing of your data in certain circumstances
- Portability — request a copy of your data in a structured, machine-readable format
- Objection — object to processing based on our legitimate interests, including direct marketing
- Withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing
- Lodge a complaint — with the UAE Data Office or your local data protection authority
To exercise any of these rights, email us at hello@ffppassport.com. We will respond within 30 days, or sooner where required by law. We may ask you to verify your identity before acting on a request.
10. Cookies and tracking
We use cookies and similar technologies to operate the Platform, remember your preferences, understand how the Platform is used, and improve our services.
- Strictly necessary cookies — required for the Platform to function, including authentication (your access code session) and security
- Preference cookies — remember your settings and choices
- Analytics cookies — help us understand which features are used and how to improve them
You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Platform.
11. Children’s privacy
The Platform is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us at hello@ffppassport.com and we will take steps to delete it.
12. Data security
We take the security of your personal data seriously. We use a combination of organisational and technical safeguards, including:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Encryption at rest for sensitive data stored in our database
- Payment data handled by PCI-DSS compliant providers (Stripe); FFP Passport never stores full card numbers
- Access controls limiting which team members can view personal data
- Regular review of our infrastructure and dependencies
No system is perfectly secure. While we work to protect your data, we cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authority in accordance with applicable law.
13. Changes to this policy
We may update this Policy from time to time to reflect changes in our services, the law, or how we process data. The current version is always available at ffppassport.com/privacy.
We will notify members of material changes by email, in the app, or via the Platform. The date of the most recent update is shown at the top and bottom of this page.
14. Contact
If you have questions about this Policy, want to exercise a right, or need to report a privacy concern, please contact us:
Find Fit People LLC-FZ
Meydan Hotel, Meydan, Dubai, United Arab Emirates
Email: hello@ffppassport.com
WhatsApp: +971 56 261 7359
Last updated: May 2026 · Questions: hello@ffppassport.com