Privacy Policy
1. Who We Are
Talent Tricks Marketing Management ("TTM", "we", "us", the "Company"), a company registered in Dubai, United Arab Emirates, owns and operates the Rizz DXB private members-club application and associated services ("Rizz", the "Service"). TTM is the controller of the personal data described in this Policy. For privacy questions, requests, or to reach our data-protection contact, email support@rizz.ttmdxb.com.
2. Scope & Governing Law
This Policy explains how we collect, use, share, and protect your personal data and is governed by the laws of the United Arab Emirates, principally the UAE Personal Data Protection Law — Federal Decree-Law No. 45 of 2021 (the "PDPL"). The PDPL's Executive Regulations had not yet been formally issued at the date of this Policy; we apply the PDPL in substance and will update this Policy as the Regulations and the UAE Data Office guidance take effect. It does not cover third-party services that operate under their own privacy policies (Section 8).
3. Personal Data We Collect
Ordinary personal data:
- Identity & account: name, date of birth, nationality, phone number, WhatsApp number, email, hashed password, membership tier, profile photo.
- Membership activity: applications, event bookings, venue check-ins, QR scans, attendance, wallet/reward points, and messages you exchange with our staff.
- Device & technical data: device model, OS and app version, push-notification token (FCM/APNs), crash and diagnostic logs.
- Payment data: a payment token and the masked card brand/last-4 only — your full card number is never stored on our systems (Section 7).
Sensitive (special-category) personal data — biometric: face-liveness scans, a face template stored as a numerical vector, your intro video and verification photos. Under the PDPL, biometric data is sensitive personal data and is given heightened protection (Section 5). Nationality is also treated with care.
4. Why We Process It & Our Legal Basis
We process your data only for the purposes below, on the legal basis stated. The PDPL does not recognise a stand-alone "legitimate interests" basis, so each purpose relies on your consent, the performance of our membership contract with you, or compliance with a legal obligation.
- Operate your account, bookings, check-ins, QR entry, and wallet — performance of our membership contract and your consent.
- Verify your identity and prevent fraud using biometric/face data — your explicit, separate consent (Section 5).
- Send transactional messages (confirmations, OTPs, receipts, service updates) via push, email, and WhatsApp — performance of the contract.
- Send marketing/promotional messages (including via WhatsApp) — your consent, which you can withdraw at any time.
- Process payments — performance of the contract, via our licensed payment providers.
- Detect fraud, enforce our Terms, keep the Service secure, and meet legal, tax, and regulatory obligations — legal obligation and our contract with you.
5. Biometric & Face Data
To verify that you are who you say you are and to keep the community safe, we capture a face-liveness scan, a short intro video, and verification photos, and we generate a face template stored as an irreversible numerical vector (a mathematical representation), not as a usable image. This is biometric — sensitive — personal data under the PDPL.
- We process it only with your explicit, separate consent, given through a clear affirmative action in the app, dedicated to this purpose.
- You can withdraw that consent at any time (via the app or by emailing support@rizz.ttmdxb.com). Withdrawal does not affect processing already carried out lawfully, and — because identity verification is core to membership — may mean you can no longer remain a verified member.
- We do not sell or share your biometric data for any unrelated purpose. Liveness captures and templates are deleted within 30 days of account closure or on withdrawal of consent, except where we must retain limited records to meet a legal obligation.
- Some processing may occur on infrastructure outside the UAE (Section 9); for biometric data we rely on your explicit consent and contractual safeguards with our processors.
6. Messaging & WhatsApp
We use the WhatsApp Business Platform (provided by Meta Platforms) to send membership, booking, and support messages. By giving us your WhatsApp number and opting in, you consent to receive messages from Rizz DXB / Talent Tricks Marketing Management via WhatsApp; we send transactional messages and, where you have agreed, marketing messages. You can opt out at any time by replying STOP or contacting support@rizz.ttmdxb.com, and we will remove you from messaging lists promptly. Your WhatsApp communications are also subject to WhatsApp's privacy policy.
Messages you send us on WhatsApp or in-app are received, stored, and read by our authorized support staff so we can respond and assist you, and are used only for that purpose and to operate the Service. We may access, preserve, and disclose your messages and related records where we believe in good faith it is required to comply with applicable law — including the laws of the United Arab Emirates — a lawful request by a competent authority, a court order, or other legal process, or where reasonably necessary to detect or prevent fraud, enforce our Terms, or protect the rights, safety, and property of members, partners, or us.
7. Payments
Card payments are processed directly by our licensed payment providers, Stripe and Nomod, who are responsible for the security of your card data. We never receive or store your full card number; we retain only a payment token and the masked card brand/last-4 to process current and future authorised payments. Wallet/reward points are a loyalty balance, not stored monetary value or e-money. See Stripe's privacy policy and Nomod.
8. Who We Share Data With
We share the minimum data necessary with the processors and recipients below. Some operate on our behalf as processors; some as independent controllers under their own policies. Several process data outside the UAE (Section 9).
- WhatsApp / Meta Platforms — business messaging (phone/WhatsApp number, message content). WhatsApp · Meta.
- Stripe — card payments, fraud prevention. Stripe Privacy Policy.
- Nomod — card payments. nomod.com.
- Google / Firebase — push notifications and app infrastructure. Firebase · Google.
- Apple Push Notification service — push notifications (device push token). Apple.
- SMTP2GO — transactional email delivery (email address + email content). SMTP2GO.
- Expo / EAS — over-the-air app updates (device OS + a randomised update token). Expo.
9. International Transfers
Some of the providers above store or process personal data outside the United Arab Emirates. Where we transfer your data abroad, we do so to jurisdictions recognised as providing adequate protection, under contractual safeguards / data-processing agreements with our processors, or — for biometric data and where required — on the basis of your explicit consent. We take reasonable steps to ensure your data receives an equivalent level of protection.
10. Consent & How to Withdraw It
Where we rely on your consent, we obtain it through a clear affirmative action (no pre-ticked boxes), and biometric/face capture has its own separate consent step. You can withdraw consent at any time — including for marketing, WhatsApp, and biometric processing — in the app or by emailing support@rizz.ttmdxb.com, as easily as you gave it. Withdrawal does not affect processing already carried out lawfully. You can opt out of marketing without losing your core membership.
11. Your Rights
Subject to the PDPL, you have the right to: be informed about and access your personal data; have it corrected or erased; restrict or stop its processing (including stopping direct marketing); object to decisions based solely on automated processing or profiling; receive your data in a portable form; withdraw consent; and lodge a complaint with the UAE Data Office (the competent supervisory authority). To exercise any right, use the in-app "Delete Account" action under Profile or email support@rizz.ttmdxb.com. We handle requests free of charge and aim to respond within 30 days; we may need to verify your identity first, and some requests are subject to legal exceptions.
12. Data Retention
We keep personal data only as long as needed for the purposes above. As a guide: account and activity data are retained while your membership is active and for up to 12 months after; biometric/liveness captures and templates are deleted within 30 days of account closure or on withdrawal of consent; attendance records are retained up to 24 months; and financial/transaction records may be kept longer where required by UAE tax and accounting law. When you request deletion (see Delete Account), we anonymise your identifiers and retain only non-identifying or legally-required records. These periods are our commitments and may be adjusted to align with the PDPL Executive Regulations.
13. Security
We use industry-standard safeguards: encryption in transit (TLS) and at rest; least-privilege access controls for staff (including the WhatsApp support inbox); tokenised payments (no full card numbers); and biometric templates stored as irreversible numerical vectors. Authentication tokens are stored in the device secure enclave. No system is perfectly secure, but we work to protect your data and review our controls.
14. Data Breaches
If a personal-data breach occurs that is likely to affect your rights, we will assess it and notify the UAE Data Office and affected members where required, without undue delay and in accordance with the PDPL and its Executive Regulations. If you suspect an incident, contact support@rizz.ttmdxb.com.
15. Children & Child Safety
Rizz DXB is a private members club for adults aged 18 and over. The Service is not intended for, and may not be used by, anyone under 18, and we use your date of birth to enforce this. We do not knowingly collect personal or biometric data from minors; if we learn that we have, we will delete it promptly.
We maintain a zero-tolerance policy against child sexual abuse and exploitation (CSAE). Read our full Child Safety Standards for what is prohibited, how to report a concern, and our child-safety point of contact.
16. Changes to This Policy
We may update this Policy, post the new effective date, and notify you of material changes in-app or by email. Where a change materially affects biometric or other sensitive processing, we will seek your fresh consent before it takes effect.
17. Complaints & Governing Law
If you have a concern, please contact us first at support@rizz.ttmdxb.com; you also have the right to complain to the UAE Data Office. This Policy and our processing are governed by the laws of the United Arab Emirates, including the PDPL, and the regulations applicable in the Emirate of Dubai. Any dispute is subject to the exclusive jurisdiction of the courts of Dubai, UAE.
18. Contact
Talent Tricks Marketing Management, Dubai, United Arab Emirates. Data-protection contact: support@rizz.ttmdxb.com.