Privacy Policy

“Maidan,” “we,” “us,” and “our” refer to the team operating the Maidan mobile application and the website at maidan-app.com. If you have a question about this policy or about your data, email hello@maidan-app.com and a real person will reply.

We collect only what we need to run the service. Categories:

• Account information. Your phone number (used for one-time-password login), display name, preferred language (Dari, Pashto, or English), and city or province.
• Profile information. Optional fields you choose to add — jersey number, preferred position, team affiliation, profile photo, bio.
• Match and stats data. Records of matches you play, score, or organise — goals, assists, fouls, cards, saves, substitutions, line-ups, venue, kickoff time, and the community scorer’s notes. This data is associated with your player profile so your career stats accumulate.
• Bookings. When you reserve a court through Maidan, we record the venue, time slot, party size, and any notes you add for the venue.
• Approximate location. With your permission, we use your approximate location to show nearby venues and opponents. You can deny this and search by city instead.
• Device diagnostics. Basic information about your device (model, operating system version, app version, language setting, crash reports) so we can fix bugs and support older devices.
• Communications. If you contact us by email or in-app feedback, we keep the message so we can reply and improve the product.

We do not collect government identity numbers, payment-card numbers, biometric data, or precise GPS coordinates. We do not read your contacts, messages, or media library.

We use the information above to:

• Authenticate you with phone-OTP login, keep you signed in, and protect your account from abuse.
• Run the core product — matchmaking between teams, live scoring, court booking, career stats, leaderboards, and tournaments.
• Personalise the app to your language, city, and preferred format (5v5, 7v7, 9v9, 11v11).
• Send transactional notifications you ask for — match invites, booking confirmations, scorekeeper alerts. We do not send marketing pushes.
• Detect, investigate, and prevent fraud, abuse, harassment, and security incidents.
• Diagnose crashes, measure performance, and make Maidan faster and more reliable.
• Comply with applicable law and respond to lawful requests from authorities with proper jurisdiction.

• We do not sell your information to anyone. Ever. Not to advertisers, not to data brokers, not to anyone.
• We do not run third-party advertising or behavioural-tracking pixels. The website does not embed Google Analytics, Meta Pixel, or similar trackers.
• We do not build a shadow profile of you from third-party sources.
• We do not share your phone number with other players. Match coordination happens inside the app.

Some information is intentionally public inside Maidan so the social fabric of the game works:

• Public to other players: your display name, city, team(s), jersey number, position, career stats, match history, and any achievements (hat tricks, MOTM, etc.).
• Visible to your team and captain: your availability for upcoming matches.
• Visible to a venue you book: your name and booking details.
• Private: your phone number, exact location, email, settings, and account preferences.

Captains can manage their team rosters. Venue owners can manage their listings and bookings. Community scorers can record match events. Each role sees only what the product gives them access to.

To run Maidan we use a small number of vetted infrastructure providers. They process data on our behalf, under contract, only for the purposes we instruct.

• Authentication / SMS delivery — to send the one-time password to your phone.
• Cloud hosting and database — to store your account, match, and booking data securely.
• Push notifications — to deliver match and booking notifications.
• Crash and error reporting — to receive anonymous crash traces from the app.
• Customer email — to receive and reply to support messages.

We do not share data with any third party for their own independent use. The current list of subprocessors is available on request from hello@maidan-app.com.

Maidan is built for Afghanistan but operates on global cloud infrastructure, which may store and process data in countries other than the one you live in. When data crosses borders, we ensure the receiving provider offers protection consistent with this policy and applicable law.

We keep your account and match data for as long as your account is active. If you delete your account, we delete your personal account information within 30 days, with the following narrow exceptions:

• Match records and stats may remain in aggregated, anonymised form (e.g. team totals, league tables) so other players’ careers are not erased when a teammate leaves.
• Logs, backups, and abuse-prevention records may persist for up to 12 months before being purged.
• Records we are legally required to retain (for example, by financial or tax rules if you transacted with a venue) will be retained for the legally required period.

You can, at any time:

• Access the data we hold about you.
• Correct inaccurate or out-of-date data, in the app or by writing to us.
• Delete your account from inside the Settings screen. We will not ask you to justify the request.
• Export a copy of your profile and match data in a machine-readable format.
• Withdraw consent for optional permissions (location, push notifications) without losing access to the core product.
• Object to any processing you believe is unjustified, and lodge a complaint with the relevant data protection authority.

To exercise any of these rights, email hello@maidan-app.com. We aim to respond within 14 days.

We use industry-standard safeguards — encryption in transit (TLS), encryption at rest for sensitive fields, scoped database access, rotating credentials, and audit logging — to protect your information. No system is perfectly secure; if we ever suffer a breach that affects your data, we will notify you and the relevant authorities without undue delay, as required by applicable law.

Maidan is not directed at children under 13. If you are between 13 and 18, you may use Maidan only with the consent and supervision of a parent or legal guardian. If we learn that we have collected information from a child under 13 without verified parental consent, we will delete it.

We may update this policy as the product evolves and as the law changes. When we make material changes we will revise the “Last updated” date above and, where appropriate, notify you in the app or by email. Continuing to use Maidan after a change means you accept the revised policy; if you do not, you can delete your account at any time.

Questions, requests, or concerns? Reach us at hello@maidan-app.com.