Privacy Policy

We use the information we collect to:

• Create and manage your account and membership.
• Process bookings, payments, and credits.
• Send booking confirmations, receipts, and service-related notifications.
• Send marketing communications (only with your consent; you may opt out at any time).
• Personalise venue and session recommendations.
• Improve the Service through analytics and feedback.
• Comply with legal obligations and enforce our Terms & Conditions.
• Detect, prevent, and respond to fraud or security incidents.

We do not sell your personal information. We share it only in these circumstances:

• Partner venues: we share your name and booking details with the venue hosting your session so they can manage attendance.
• Service providers: we use trusted third-party providers including Supabase (database & authentication), Stripe and M-Pesa (payments), and Expo/Apple/Google (mobile app delivery). These providers process data only on our behalf under data processing agreements.
• Legal requirements: we may disclose your information where required by law, regulation, court order, or to protect the rights and safety of Active CityPass, our users, or others.
• Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

We retain your personal data for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time (see Section 6). We may retain certain records for up to 7 years where required by Kenyan tax or financial regulation.

We implement industry-standard technical and organisational measures to protect your information, including encrypted data storage (Supabase with row-level security), HTTPS for all data in transit, and access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but commit to promptly notifying you of any confirmed breach affecting your data.

Under applicable data protection law you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data — you can update most information directly in the app under Profile > Account Details.
• Delete your account and personal data — use the "Delete Account" option in the app or email us at privacy@activecitypass.com.
• Object to or restrict processing, including opting out of marketing emails via the unsubscribe link in any email.
• Data portability — request a copy of your data in a machine-readable format.

To exercise any of these rights, contact us at privacy@activecitypass.com. We will respond within 30 days.

Our website uses essential cookies required for authentication and security. We do not currently use tracking or advertising cookies. You can control cookie settings in your browser; disabling essential cookies may prevent you from logging in.

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the app or sending an email before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us: