Dome is a sports‑facility booking platform provided by Daflo Innovations Inc., with mobile and
web applications that process payments via Stripe and store user and venue data in a Software-
as-a-Service (SaaS) environment. The following is a tailored privacy policy structure for Dome
users and venues​
​
1. Introduction
Daflo Innovations Inc. (“Daflo”, “we”, “us”, “our”) respects the privacy rights of users of the
Dome platform and recognizes the importance of protecting personal data collected through
our websites and applications. This Privacy Policy explains how Dome collects, uses, shares, and
protects Personal Data relating to: (a) individuals who access the Dome websites or apps
(“Users”), and (b) organizations and administrators who operate facilities via Dome (“Venues”).
​
By using the Dome branded web and mobile applications, you agree to the practices described
in this Privacy Policy, as updated from time to time.
2. Scope of this Privacy Policy
This Privacy Policy covers our treatment of Personal Data that we collect when you access or
use Dome web and mobile applications. “Personal Data” means any information relating to an
identified or identifiable natural person, such as a name, identification number, location data,
online identifier, or factors specific to that person’s identity.
​
This Policy does not apply to the privacy practices of third‑party companies we do not own or
control, including Venues’ own websites or systems, payment providers such as Stripe, or
analytics/communication tools that Venues use independently of Dome. Venues may maintain
their own privacy policies governing how they handle Personal Data they receive via Dome;
users should review those venue‑specific policies for additional details.

3. Personal Data We Collect
3.1 User Registration and Contact Information
Registration for Dome is available only through the Dome Mobile Application. When you
register or log in, we collect:
​
 Email address (required and used as the sole account identifier).
 Full name (required so venues can identify your bookings).
 Mobile number (optional, used for contact and notifications if provided).
 Profile photo or avatar (optional).
​

 You must provide a valid email address to create and use a Dome account. One‑time
passwords (“OTPs”) are sent to this email address to authenticate registration and login,
instead of a traditional password. If you do not complete the OTP verification, your
registration will not be finalized.
​​
3.2 How Dome Uses Personal Data
Dome uses collected Personal Data for the following purposes:
 Account and identity management: To register and authenticate users, verify identity,
and provide secure access to Dome features.
​
 Bookings and facility management: To manage bookings, show availability, record
booking interactions, and communicate booking details to Venues and users.
 Payments: To enable and support payment processing via Stripe for bookings where
online payment is required, sharing limited Payment Information with Stripe as
necessary.
 Service operation and improvement: To operate, maintain, and improve the Dome
platform, including remembering preferences and optimizing user experience.
 Support and communication: To respond to inquiries, send booking confirmations and
updates, notify users of changes, and deliver essential service‑related communications.
 Security, fraud prevention, and compliance: To monitor for abuse, detect and
investigate suspicious activity, enforce agreements and policies, and comply with legal
obligations.
 Analytics and reporting: To analyze aggregated usage patterns, capacity, and
performance metrics so Venues and Daflo can understand how the platform is used and
improve features.
​
Where required by applicable law, Dome processes Personal Data based on legitimate interests
in providing and improving the platform, fulfilling contracts with Venues and users, and
complying with legal obligations.
3.3. Access, Correction, and Deletion
Users have the following controls over their Personal Data within Dome:
 Update personal information: You can view and update your name, optional mobile
number, and optional profile photo at any time through the Dome Mobile Application.
Your email identifier cannot be changed once the account is created, but you may
request account deletion and re‑register with a different email.

 Cancel bookings: You can view and cancel eligible bookings within the Dome Mobile
Application and, where available, via the user web booking interface, subject to
venue‑specific cancellation rules and timelines.
​
 Delete account: Users can delete their Dome account directly within the Dome Mobile
Application, without needing to contact support or the venue. When you initiate
account deletion in the app, Dome will remove or anonymize your profile data, subject
to any legal or legitimate business requirements to retain certain booking or transaction
records (for example, where venues must keep historical booking data for audit or tax
purposes).
Some changes or deletions may need to be coordinated with each venue that has used your
data, especially where venues are required to retain certain booking records for compliance or
audit purposes.

3.4 Technical, Usage, and Location Information
Dome automatically collects certain usage and technical data when you use the Services (“Log
Data”), such as:
IP address, device identifiers, browser type, operating system, and app version.
Pages or screens viewed, actions taken (e.g., bookings created, updated, canceled), and
timestamps.
Approximate location data derived from your device or IP address.
3.5 Booking and Payment Information
When you make a booking through Dome for a Venue, we collect booking and
transaction‑related information, including:
 Booking details (facility, date/time, price, booking notes).
 Limited payment‑related metadata such as payment status and Stripe transaction
identifiers.
 When you enter card information and Billing address, it is collected and processed
directly by Stripe using secure components such as Stripe Elements; Dome does not
receive or store full card numbers or security codes. Stripe uses and protects your
Payment Information in accordance with its own privacy policy.

3.6 Venue‑Provided User Data
Venue administrators using Dome Web Interface may input Personal Data about their users
such as names, email addresses and phone numbers for booking and facility management
purposes. Dome processes this User Data only on behalf of the Venue and in accordance with
the applicable service agreement between Daflo and the Venue and this privacy policy
3.7. Venue Access and Venue Portals
Each venue using Dome is provided with a venue‑specific web portal for administrators and
authorized staff. Through this portal, venue personnel can:
​
 Log in with venue administrator credentials.
 View bookings, user details relevant to their venue (such as name, email, and optional
mobile number), and booking history.
 Manage bookings, including creating, editing, and canceling reservations on behalf of
users in accordance with their own policies.
​
 Venues must use the information they access through their web portal solely for
managing bookings, operating their facilities, and fulfilling legal obligations, and they
remain responsible for their own compliance with applicable data‑protection laws.
​​
4. Data Retention
Dome retains Personal Data only for as long as necessary to provide the Services, meet
contractual and legal obligations, and support legitimate business interests, after which it is
deleted or anonymized where feasible.
​
 Booking audit logs (who created, updated, charged, or canceled a booking) retained for
a limited period (e.g., up to 90 days).
 Booking records (time, holder, price, title, notes) retained for several years after the
booking date, configurable by each Venue to align with its audit and tax requirements.
 User profile data retained while accounts remain active and for a reasonable period
thereafter, or according to venue‑defined retention settings.
 Server and analytics logs and backup archives are stored only for limited durations
necessary to maintain security, investigate issues, and ensure recoverability, typically on
the order of weeks to a few months.
​

​
5. Sharing Personal Data with Third Parties
Dome does not sell or trade Personal Data, but may share it in the limited circumstances below:
 Service providers: With carefully selected third‑party providers who support core
platform functions, such as cloud hosting, email delivery, analytics, customer support
tools, and payment processing.
​
 Venues: With Venues that use Dome to manage bookings, so they can identify users,
manage reservations, and comply with their own legal obligations.
​
 Legal and safety: Where required to comply with law, regulation, or legal process, to
enforce agreements or investigate potential violations, or to protect the rights,
property, or safety of Dome, Venues, users, or the public.
​
 Business transfers: In connection with mergers, acquisitions, reorganizations, or sales of
assets, subject to appropriate safeguards so that Personal Data remains protected.
​
 With consent: With other third parties where you have given clear consent to do so.
Dome may also share aggregated or anonymized data that does not identify individuals, such as
general usage statistics or performance metrics; this information may be disclosed for
analytical, reporting, or business purposes.
​
6. Payment Information and Stripe
When you make a purchase or booking that requires online payment, card details are entered
into secure payment fields provided by Stripe or similar PCI‑DSS‑compliant processors. Dome
does not receive or store full card numbers or CVV codes; those are handled directly by Stripe’s
infrastructure using industry‑standard security controls.
​
Stripe uses your Payment Information according to its own privacy policy and may act as an
independent controller of that data for certain processing activities. Dome receives only limited
payment metadata (such as the last four digits of a card, card brand, and transaction IDs)
needed to display receipts, manage refunds, and reconcile transactions for Venues.
​

​
7. Access by Venues and Editing of User Data
Venue administrators may view and manage Personal Data of users associated with their
venue, including names, contact numbers and booking details, in order to operate the facility
and fulfill bookings. In this context, the Venue acts as a controller or co‑controller of Personal
Data and is expected to have a lawful basis to submit and update such data on users’ behalf.
​
For security reasons, Dome typically restricts venue administrators from directly editing certain
sensitive fields (such as user passwords, login credentials, or full card details. Users can review
and update much of their profile information by logging into Dome and accessing their account
settings; additional changes or data deletion can be requested via Dome support or the
relevant Venue, subject to legal and contractual requirements.
​
8. Your Rights and Choices
Depending on your jurisdiction and applicable law, you may have rights regarding your Personal
Data, which may include:
 Right of access to the Personal Data Dome holds about you.
 Right to rectification of inaccurate or incomplete data.
 Right to erasure in certain circumstances.
 Right to restrict or object to certain processing.
 Right to data portability (where technically feasible).
 Right not to be subject to certain automated decision‑making.
​
Dome will respect such rights to the extent required by applicable law and by contracts with
Venues. To exercise these rights, users can typically:
​
 Sign into their Dome account and update profile information.
 Contact Dome support at the address specified by Daflo.
 Contact the relevant Venue for data related to that Venue’s operations.

Dome may deny or limit requests where allowed by law, for example where fulfilling a request
would conflict with legal record‑keeping requirements, compromise the rights of others, or
require disproportionate technical effort.
​
9. Security
Dome maintains reasonable technical and organizational safeguards to protect Personal Data,
including:
 Role‑based access controls limiting personnel access to data needed for their work.
 Encryption of sensitive data in transit using protocols comparable to TLS.
​
 Hosting and infrastructure practices designed to maintain confidentiality, integrity, and
availability of data.
No method of transmission or storage can be guaranteed 100% secure, and users share
responsibility for protecting their account credentials, logging out when finished, and keeping
devices secure, consistent with Skedda’s guidance.
​
10. International Transfers
Dome Infrastructure is setup to store and process Personal Data in Canada only. Any 3 rd party
service providers we choose, we take measures to ensure the data stays within the borders of
Canada or USA. Where Personal Data is transferred across borders, Dome will take appropriate
steps to ensure an adequate level of protection, such as using data‑processing agreements with
Stripe. By using Dome, you understand that your data may be processed in countries with
different data protection rules than your own.
​
​
11. Use of Services by Minors
Dome Services are not directed to children under the age of thirteen (13), and Daflo does not
knowingly collect Personal Data from children below this age through Dome. If it is discovered
that Personal Data of a child under 13 has been collected without appropriate consent, Dome
will take steps to delete that information as required by law.
​
12. Changes to this Privacy Policy
Daflo may modify this Privacy Policy from time to time to reflect changes in Dome, legal
requirements, or data‑processing practices. When changes are material, Daflo will provide
appropriate notice (for example, via the app, website, or email) and update the “last updated”

date at the top of the policy. Your continued use of Dome after the effective date of the
updated policy constitutes acceptance of the changes.
​
13. Contact Information
If you have questions or concerns about this Privacy Policy, or wish to exercise your privacy
rights in relation to Dome, you can contact Daflo Innovations Inc at info@dafloinnovations.com.
Venues and users with questions specifically about a Venue’s handling of Personal Data should
contact that Venue directly using the contact information provided in Dome or in the Venue’s
own privacy notices.