Privacy & Cookie Policy

Information We Collect

We collect information you provide directly:

• Account information: name, email address, username, password (hashed)
• Profile data: handicap, phone number, home address (optional)
• Activity data: rounds booked, scores posted, friends, messages
• Payment data: processed securely by Stripe — we do not store card numbers

How We Use Your Information

• To provide and improve the Golf Sync service
• To send transactional emails (round invites, payment receipts, account notices)
• To send marketing and product update emails — you may opt out at any time in your account settings
• To detect and prevent fraud or abuse
• To comply with legal obligations

How We Share Your Information

We do not sell your personal data. We may share information with:

• AWS — cloud infrastructure hosting all application data
• Stripe — payment processing; subject to Stripe's Privacy Policy
• Amazon SES — transactional and marketing email delivery
• OpenAI — the AI assistant on your dashboard sends your typed messages to OpenAI's API to generate responses. Messages are processed under OpenAI's Privacy Policy. Do not include sensitive personal information in assistant messages.
• Nominatim / OpenStreetMap — when you search for tee times by zip code, your zip code is sent to the Nominatim geocoding service (operated by the OpenStreetMap Foundation) to look up geographic coordinates. No account or personal data is transmitted. Subject to the OSMF Privacy Policy.
• Law enforcement when required by law
• Other users only to the extent necessary (e.g., your username and score are visible to friends)

AI Assistant

The "What would you like to do?" assistant on your dashboard is powered by artificial intelligence (OpenAI). It is not a human. Messages you type are sent to OpenAI to generate a response and are subject to OpenAI's data handling practices. We do not use your assistant messages to train AI models.

Data Retention

We retain your data for as long as your account is active. You may delete your account at any time from account settings, which permanently removes your personal data within 30 days.

Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Opt out of marketing communications
• Lodge a complaint with a supervisory authority (EU/UK users)

To exercise these rights, email support@golfsync.io.

Email Preferences

You can opt out of marketing emails at any time from Account Settings. Note that transactional emails (such as round invites, payment receipts, and security notices) cannot be disabled as they are necessary to provide the service.

Security

We use industry-standard security measures including HTTPS, encrypted storage, and hashed passwords. However, no system is completely secure — please use a strong, unique password and contact us immediately if you suspect unauthorized access.