Privacy Policy

The Scorecard (“we”, “us”, the “app”) is a golf-club companion app: tee-time bookings, scoring, side games, GPS yardages during play, and shot-analysis training tools. This policy explains what data we collect, why, who else handles it on our behalf, and the rights you have over it.

1. What we collect

We only collect what we need to operate the features you use:

• Account info — name, email address, and password hash (or the opaque user ID returned by your social-login provider). When you sign in with Apple and choose “Hide My Email,” we only ever see Apple's relay address.
• Profile info you choose to add — handicap index, payment handles (e.g. Venmo, Zelle), home club / course, profile photo.
• Phone number (only if you provide one) — used as an alternate login identifier.
• Gameplay data — rounds, scores, tee selections, side-game entries, tee-time bookings, club memberships.
• Location (GPS) during a round — only while you are on an active round screen and only on the device. Used to show distances to the green and hazards. Coordinates are not transmitted to our servers unless you explicitly mark a shot location.
• Photos you upload — scorecard photos for new-course setup, optional training-clip images. Scorecard photos are sent to our OCR processor (Anthropic) for automated extraction; the photo itself is also stored in our cloud storage so an admin can verify the extraction later.
• Training videos you record — uploaded to your own Google Drive (if you connected it) or to our cloud storage. Visible only to you.
• Push subscription tokens — only if you grant push-notification permission, used to deliver in-app notifications.
• Standard request logs — IP address, user agent, request timestamps, retained for security and debugging for up to 30 days.

2. How we use it

• To run the features you actively use (sign in, scoring, GPS, tee bookings, games).
• To send transactional notifications (round invites, score confirmations, course-onboarding status).
• To prevent abuse and secure the service.
• To improve the product. We do not sell your data, share it with advertisers, or use it to train third-party AI models.

3. Who else handles your data

We use a small set of trusted vendors as data processors. Each one only sees the narrow slice of data needed for its role.

• Supabase — database, authentication, file storage.
• Vercel — application hosting and edge network.
• Anthropic — Claude vision API, used to extract structured data from scorecard photos. Photos are processed and not retained for model training.
• Resend — transactional email delivery.
• Apple, Google, Facebook — social-login providers (only when you choose to sign in with them).
• Google APIs — Maps (course imagery) and Drive (only if you connect it for training-clip storage).

We don't share your data with any other third parties. We may disclose data in response to a valid legal request (subpoena, court order) and will tell you if we are legally permitted to.

4. Data retention

• Account data is kept while your account is active.
• Round, score, and game data is kept as part of your account history.
• Request logs are retained up to 30 days.
• Scorecard photos used for course onboarding are retained while the course exists in our directory.
• When you delete your account (see §5), all of the above is deleted within 30 days.

5. Your rights

• Access — your full data (rounds, scores, games) is visible inside the app. Email privacy@thescorecard-app.golf for an export.
• Deletion — in the app, go to Settings → Delete my account. That permanently deletes your profile and every round, score, membership, photo, and game entry tied to your account. There is no manual approval step. The action cannot be undone.
• Correction — edit your profile fields any time in Profile. For anything you can't edit yourself, email us.
• Marketing opt-out — we don't send marketing email. Notification preferences are in Settings.
• Regional rights — if you are in the EEA / UK / California, you have additional rights under GDPR / UK GDPR / CCPA (object, restrict, portability, non-discrimination). Email privacy@thescorecard-app.golf to exercise them.

6. Security

Data is encrypted in transit (TLS) and at rest (per Supabase / Vercel platform defaults). Access to production systems is limited to the minimum number of admins, and we use multi-factor auth on every account that has access. Despite our care, no system is perfectly secure — if you believe your account has been compromised, email security@thescorecard-app.golf.

7. Children

The app is intended for adults and golf-club members aged 13 and older. We do not knowingly collect data from children under 13. If you are a parent and believe your child has registered, email us and we will delete the account.

8. Changes to this policy

We'll update this page when we change how we handle data. The effective date at the top reflects the most recent change. Material changes will also be announced in-app or by email to your account.

9. Contact

Questions about this policy or your data:
privacy@thescorecard-app.golf