Rails GamingRails
Sign inع

Legal

Privacy Policy

Last updated: 25 June 2026

This Privacy Policy explains how Rails Billiards FZCO ("Rails", "we", "us") collects, uses, shares, and protects your personal data when you visit our venue at Cluster C, JLT, Dubai, use this website, book a station, attend an event, or contact us.

We are committed to compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "PDPL") and to handling your information with care.

1. Who we are

Rails Billiards FZCO operates a gaming café in Cluster C, JLT, Dubai. For questions about this policy or any data request, contact us at info@rails.ae or +971 4 423 7742.

2. Information we collect

2.1 Information you give us directly

  • Identity: your name, email, mobile number, and (for birthday bookings) the birthday person's first name and age.
  • Booking details: zone, time slot, guest count, food preferences, and any notes you share.
  • Communications: messages you send by WhatsApp, phone, email, or through forms on this website.

2.2 Information from your gaming account (ggLeap)

If you link your ggLeap account to this website, we read — but do not store — the following information from ggLeap to show it on your account page:

  • Your ggLeap username, first and last name, profile photo, and registered email address;
  • Time remaining, wallet balance, active GamePasses, and last visit date;
  • Your ggLeap user UUID (stored in our database to keep the link).

2.3 Information from sign-in providers

When you sign in with Google, Google shares your email address and basic profile (name and avatar) with us. We do not receive your Google password and we do not access any other Google data.

2.4 Information from payment processors

We use Stripe to process payments. Stripe receives your card details directly — we never see or store your full card number, expiry, or CVV. We retain a transaction reference and the amount paid.

2.5 Information collected automatically

  • Essential cookies required to keep you signed in and to complete payments. See our Cookie Policy for the full list.
  • Device and connection data recorded by our hosting provider for security and reliability (IP address, browser type, pages requested, timestamps).

3. How we use your information

  • To confirm and manage your bookings, including reminders and changes;
  • To process payments, refunds, and deposits;
  • To run your gaming session at the venue, including time tracking, food orders, and ggLeap account services;
  • To respond to your enquiries on WhatsApp, email, phone, or web forms;
  • To send service messages about your bookings (confirmation, reminder, payment link). We use the WhatsApp Business Cloud API for these messages where you have provided a mobile number;
  • To protect Rails, our staff, and our customers — preventing fraud, investigating misuse, and meeting legal obligations;
  • To improve the website, the venue, and our services.

Legal basis (UAE PDPL)

We process your data on the following bases:

  • Performance of a contract — to deliver the booking, gaming session, or event you have asked us to run;
  • Consent — for optional communications such as marketing newsletters (where applicable);
  • Legitimate interest — to keep our services secure, prevent fraud, and improve what we offer;
  • Legal obligation — to comply with UAE tax, accounting, and consumer-protection laws.

4. Who we share your data with

We do not sell your personal data. We share only what is necessary with the following service providers, each of whom is bound by confidentiality and data-protection commitments:

  • Stripe (payment processing — global).
  • ggLeap / ggCircuit (in-venue gaming management).
  • Supabase (database and authentication hosting).
  • Vercel (website hosting).
  • Google (Sign-in with Google, Google Maps embed, and Google Reviews display).
  • Meta / WhatsApp (WhatsApp Business Cloud API for booking messages).

We may also disclose data when required by law, by a court order, or a competent regulator in the UAE.

5. Data retention

  • Booking records: retained for 5 years from the date of the booking, to meet UAE accounting and consumer-rights obligations.
  • Account profile (Supabase user + ggLeap link): retained while your account is active. You can request deletion at any time.
  • WhatsApp messages: retained for 12 months for customer-service quality, then deleted.
  • Marketing consents: retained until you withdraw consent.

6. Your rights

Under the UAE PDPL, you have the right to:

  • Access the personal data we hold about you;
  • Correct any data that is inaccurate or incomplete;
  • Request deletion of your data where we no longer have a legal basis to keep it;
  • Object to or restrict processing in certain circumstances;
  • Request a portable copy of your data;
  • Withdraw any consent you have previously given.

Email info@rails.ae to exercise any of these rights. We respond within 30 days. If you are unhappy with our response, you may complain to the UAE Data Office.

7. Children

Our venue welcomes guests of all ages and we host birthday parties for children. We require a parent or legal guardian to make any booking for a child under 18 and to provide their consent for the child's personal data (name, age, party details). We do not knowingly collect data directly from a child under 18 through this website. If you believe a child has provided us with personal data without parental consent, please contact us so we can delete it.

8. International transfers

Some of our service providers (Stripe, Google, Vercel, Supabase, Meta) process data outside the UAE — typically in the United States and the European Union. Where we transfer your data internationally, we rely on the safeguards permitted by the UAE PDPL, including contractual data-protection commitments with those providers.

9. Security

We use industry-standard measures to protect your data, including encrypted connections (HTTPS), encrypted password storage, role-based access controls for staff, and audit logging on sensitive operations. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

10. Cookies

We use a small set of essential cookies. See our Cookie Policy for a full list and how to manage them.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows the most recent change. Material changes will be highlighted on this page for at least 30 days, and where the law requires, we will ask for fresh consent.

12. Contact us

Rails Billiards FZCO
Cluster C, JLT, Dubai
Email: info@rails.ae
Phone: +971 4 423 7742

PCs availableBook a station