Turfly

Turfly Privacy Policy

Last Updated: December 7, 2025

Turfly Limited ("Turfly," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have when using the Turfly mobile application and website (collectively, the "Platform").

By using Turfly, you consent to the practices described in this policy.

1. Information We Collect

We collect personal information that helps us operate bookings, verify users, process payments, and improve the Platform.

Information you provide directly:

  • Full name
  • Phone number
  • Email address
  • Date of birth (for age verification)
  • Profile photo
  • Booking and transaction history
  • Reviews, feedback, and support communications

Information collected automatically:

  • Device type, operating system, and app version
  • Unique mobile identifiers (IDFA / GAID)
  • IP address and approximate location
  • Precise GPS location (only with your permission)
  • App usage behavior (screens viewed, time spent, tap activity)

Payment information is processed securely by third-party providers. Turfly does not store full card numbers, wallet credentials, or bank account details.

2. How We Use Your Information

We use your personal data to operate the Turfly marketplace responsibly and securely. This includes:

  • Creating and managing your account
  • Processing bookings and confirming payments
  • Sending booking confirmations, reminders, and cancellations
  • Enabling venue check-in and reservation verification
  • Preventing fraud, abuse, and unauthorized access
  • Providing customer support
  • Recommending nearby venues and relevant offers
  • Meeting legal, tax, and regulatory obligations in Bangladesh

We do not use your personal data for automated decision-making that produces legal or financial effects without human oversight.

3. How and Why We Share Your Information

Turfly is a booking marketplace that depends on real-world coordination between users, venues, and technology providers. To make the Platform function properly, limited data sharing is necessary. We believe in being transparent about this.

With Venue Hosts

When you make a booking, we share the following with the venue operator:

  • Your name
  • Your phone number
  • Your booking time and slot details

This allows the Host to verify reservations, manage capacity, and contact you if needed. Hosts are contractually restricted from using your information for unrelated marketing.

With Payment Providers

All payments are processed securely through:

  • bKash
  • Nagad
  • SSLCommerz
  • Visa
  • MasterCard

These providers receive only the information required to authenticate and settle your transaction. Turfly receives a confirmation token — not your full payment credentials.

With Infrastructure & Booking Systems

Turfly relies on:

  • Counterfoil for real-time slot synchronization and booking infrastructure
  • Google Cloud and Amazon Web Services (AWS) for secure data hosting, backups, analytics, and system reliability

Only encrypted and operationally necessary data flows through these systems under strict confidentiality obligations.

For Legal & Business Reasons

We may disclose personal data:

  • When required by law, subpoena, or court order
  • To comply with tax, financial, or regulatory requirements
  • If Turfly is involved in a merger, acquisition, or asset sale

We do not sell, rent, or trade your personal data to advertisers or data brokers — ever.

Third parties receive only the minimum data necessary to perform their function.

4. Data Retention and Account Deletion

We retain your data only as long as reasonably necessary to provide our services and meet legal requirements.

  • Active accounts: Data remains while your account is in use
  • Deleted accounts:
    • Personal identifiers are erased within 30 days
    • Backup archives are purged within standard backup retention cycles
    • Transaction records may be retained in anonymized form for accounting and audit compliance

You may request account deletion directly within the app or by emailing privacy@turfly.app.

5. Your Rights and Control

You remain in control of your data and can:

  • View and update your profile
  • Disable GPS location at the device level
  • Opt out of marketing communications at any time
  • Request full account deletion

We respond to all verified data requests in accordance with applicable Bangladesh law.

6. Data Security

We apply administrative, technical, and physical safeguards to protect your information, including:

  • Encrypted HTTPS transmission
  • Secure cloud infrastructure
  • Restricted internal access controls

While we work hard to protect your data, no system can guarantee 100% security.

7. Children's Privacy

Turfly is not intended for users under the age of 13. We do not knowingly collect personal data from children. If such data is discovered, it will be promptly deleted.

8. Legal Compliance

Turfly processes personal information in accordance with the laws of Bangladesh, including:

  • The Digital Security Act
  • Applicable data protection and electronic transaction regulations

9. Updates to This Policy

We may update this Privacy Policy periodically. When we do, we will revise the "Last Updated" date. Continued use of Turfly after updates means you accept the revised version.

10. Contact Us

If you have any questions about privacy or data protection, contact:

Turfly Limited
📍 18 Kemal Ataturk Avenue, Floor 8
Banani, Dhaka 1213, Bangladesh
📧 privacy@turfly.app