Privacy Policy

Snook A Look is operated by RIVORA LABZ FZE LLC, a company incorporated in the Sharjah Free Zone, UAE. References to “we”, “us”, or “our” in this policy mean RIVORA LABZ FZE LLC.

Contact: privacy@snookalook.com

• Account data — email address, display name, profile photo (optional).
• Location data — approximate location used for nearby-club discovery, collected only when you opt in.
• Gameplay data — frames played, breaks, scores, match history, RSVPs, friend connections.
• Device & session telemetry — crash reports, performance traces, and session replays collected via Sentry to fix bugs. Sentry replays are masked by default.
• Auth tokens — short-lived JWT access tokens and refresh tokens stored in HttpOnly cookies (not accessible to JavaScript).
• OAuth identifiers — if you sign in with Apple or Google, we receive and store a provider-issued identifier (“sub”). This identifier is backend-only and is never displayed to other users or shared with third parties.
• OAuth-provided profile data — on first sign-in via Apple or Google, we may receive your name and email address from the provider. If you use Apple’s “Hide My Email”, Apple provides a relay address (@privaterelay.appleid.com) instead of your real email; we store and communicate with this relay address as-is and never attempt to resolve it to your personal email.
• Communications — messages you send to us (support, feedback).

• To operate the app and personalise your experience (contract).
• To show you available snooker tables near you (contract + legitimate interest).
• To diagnose crashes and improve reliability (legitimate interest).
• To send you booking confirmations and match notifications (contract).
• To comply with UAE and international legal obligations (legal obligation).
• To send marketing updates — only with your explicit consent, and you can withdraw at any time.

We share data only with processors that are contractually bound to protect it:

We do not sell your data to third parties.

• Active account data is retained for the lifetime of your account.
• After deletion, a 30-day grace period applies during which you can reactivate. See Delete my account.
• Audit logs and anonymised aggregates may be retained longer to fulfil legal obligations.
• Sentry crash data is retained for 90 days.

Depending on your jurisdiction you may have the right to:

• Access — request a copy of data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request erasure of your account and personal data. See Delete my account.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• GDPR opt-out — EU/EEA residents may lodge a complaint with their local supervisory authority.
• CCPA opt-out — California residents may opt out of sale of personal information (we do not sell data, but you may exercise this right).
• UAE PDPL — UAE residents may exercise rights under Federal Decree-Law No. 45 of 2021.

To exercise any right, email privacy@snookalook.com. We respond within 30 days.

• Essential cookies — session tokens (HttpOnly, Secure, SameSite=Lax). Required for login.
• Preference cookies — theme (light/dark), density settings. Stored in localStorage.
• We do not use third-party advertising cookies.

We use HTTPS everywhere, HttpOnly session cookies, role-based access controls, and automated vulnerability scanning. No system is perfectly secure — if you discover a vulnerability, please report it to security@snookalook.com.

Snook A Look is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe we have, contact privacy@snookalook.com and we will delete it promptly.

We may update this policy. Material changes will be notified via in-app banner or email at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.