Privacy & Cookie Policy

Information We Collect

Things you give us directly:

• Account information: name, email address, username, password (hashed)
• Profile data: handicap, phone number, home address (optional)
• Activity data: rounds booked, scores posted, friends, messages
• Payment data: processed securely by Stripe — we do not store card numbers
• Camera & photos (mobile only): when you scan a paper scorecard, the captured image is sent to our OCR service to extract pars, yardages, and strokes. The image is processed in-memory and is not retained on our servers after processing. Only the extracted text values (numbers, hole counts) are saved to your round.
• Location (mobile only, with permission): used to show tournaments and golf courses near you. Location is only used while you're actively using the app and is never stored on our servers.

How We Use Your Information

• To provide and improve the Golf Sync service
• To send transactional emails (round invites, payment receipts, account notices)
• To send marketing and product update emails — you may opt out at any time in your account settings
• To detect and prevent fraud or abuse
• To comply with legal obligations

How We Share Your Information

We don't sell your personal data. We do share with:

• AWS — cloud infrastructure hosting all application data
• Stripe — payment processing; subject to Stripe's Privacy Policy
• Amazon SES — transactional and marketing email delivery
• Google Sign-In — if you choose to sign in with Google, we receive your Google account's email address, name, and profile picture to create your Golf Sync account. We do not access any other data on your Google account and we do not post back to Google on your behalf. You can revoke this access at any time via your Google Account settings.
• OpenAI — the AI assistant on your dashboard sends your typed messages to OpenAI's API to generate responses, and the mobile app sends scanned scorecard images to OpenAI's vision API to extract pars/yardages/strokes (no image is retained after processing). Both are processed under OpenAI's Privacy Policy. We do not use your assistant messages or scanned cards to train AI models. Do not include sensitive personal information in assistant messages.
• Nominatim / OpenStreetMap — when you search for tee times by zip code, your zip code is sent to the Nominatim geocoding service (operated by the OpenStreetMap Foundation) to look up geographic coordinates. No account or personal data is transmitted. Subject to the OSMF Privacy Policy.
• Law enforcement when required by law
• Other users only to the extent necessary (e.g., your username and score are visible to friends)

AI Assistant

The “What would you like to do?” assistant on your dashboard is AI (OpenAI), not a human. What you type goes to OpenAI to generate a reply, under their data handling practices. We don't use your assistant messages to train models.

Data Retention

Your data sticks around as long as your account is active. Delete your account from settings any time and we permanently remove your personal data within 30 days.

Your Rights

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Opt out of marketing communications
• Lodge a complaint with a supervisory authority (EU/UK users)

To exercise any of these, email support@golfsync.io.

Email Preferences

Opt out of marketing emails any time from Account Settings. Transactional emails (round invites, payment receipts, security notices) can't be disabled — they're part of how the service works.

Security

We use the standard kit: HTTPS everywhere, encrypted storage, hashed passwords. No system is bulletproof — pick a strong unique password and tell us immediately if you suspect someone got in.