← Back to settings

Privacy Policy

Last updated: June 9, 2026

This Privacy Policy explains how Club Docket ("we", "us") collects, uses, and protects your personal information when you use our website, iOS app, and Android app (collectively, the "Service"). By using the Service you consent to this Policy.

1. Information we collect

  • Account information: name, email, username, password hash, profile photo, club affiliations.
  • Single Sign-On data: if you sign in with Google or Apple, we receive your name, email, and a stable identifier from that provider. We do not receive your provider password.
  • User Content: posts, replies, photos, scorecards, messages, and forum activity that you create.
  • Precise location (opt-in): when you enable the in-app GPS features (Settings → Background location, GPS Caddie, Shot Tracker, club geofence check-in), we collect device GPS coordinates to drive distances to pins/hazards, automatic club check-in, and live presence for your members. Background location is used only when you explicitly opt in. You can turn it off at any time in Settings or in iOS / Android system settings.
  • Device & usage data: device model, OS version, browser, IP address, language, app interactions, crash logs.
  • Payments: Stripe processes all transactions. We receive only the last 4 digits of your card, billing ZIP, and transaction metadata. We never see your full card number or CVV.
  • Push notification tokens: if you enable push notifications, we store the device push token via OneSignal.

2. How we use information

  • Operate, maintain, and personalize the Service.
  • Power GPS Caddie distances, geofenced club check-ins, and tee-time presence.
  • Process tournament entry fees and pay out prize pools.
  • Send transactional emails and (with your consent) push notifications.
  • Detect, prevent, and respond to fraud, abuse, and Terms violations.
  • Comply with legal obligations and respond to lawful requests.

We do not sell or rent your personal information to third parties.

3. Service providers (sub-processors)

We share data with the following processors under data-processing agreements, and only as needed to operate the Service:

  • Supabase — managed PostgreSQL, auth, storage (USA).
  • Stripe — payments and payouts (USA / global).
  • OneSignal — push notification delivery (USA).
  • Cloudflare — CDN, edge hosting, DDoS protection (global).
  • Despia — native iOS / Android app shell wrapper.
  • Google LLC — Google Sign In (only if you choose it) and Google Maps tiles.
  • Apple Inc. — Sign In with Apple (only if you choose it).
  • GolfAPI.io — course, hole, and hazard reference data.
  • Resend — transactional email delivery.

4. Your rights & choices

You can access and edit your profile, change your email, manage notification preferences, manage background location, and delete your account from Settings. Depending on where you live you may also have the right to:

  • Request a copy of the personal data we hold about you (access / portability).
  • Request correction of inaccurate data (rectification).
  • Request deletion of your data (erasure / "right to be forgotten").
  • Object to or restrict certain processing.
  • Withdraw consent for processing that relies on consent.
  • For California residents (CCPA / CPRA): opt out of "sharing" of personal information for cross-context behavioral advertising — we do not engage in this practice.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@clubdocket.com. We respond within 30 days.

5. Data retention

We retain your account data while your account is active. When you delete your account, your data enters a 7-day soft-delete window so you can recover it; after 7 days it is permanently purged from production systems, except records we must retain to comply with law (such as payment and tax records, typically 7 years).

6. Children

Club Docket is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected information from a child under 13, we delete it. Parents who believe their child has provided us with personal data can email privacy@clubdocket.com and we will promptly remove it.

7. International transfers

Club Docket is operated from the United States and our service providers (notably Supabase and Stripe) process data in the United States and other jurisdictions. If you access the Service from outside the United States, you consent to the transfer, storage, and processing of your data in the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards to lawfully transfer personal data out of the EEA / UK.

8. Security

We use encryption in transit (HTTPS / TLS), encryption at rest for stored credentials, row-level security on all user-data tables, and strict access controls for staff. No system is perfectly secure; please report suspected vulnerabilities to security@clubdocket.com.

9. Changes to this Policy

If we make material changes, we will notify you in-app or by email at least 7 days before the changes take effect. The "Last updated" date at the top of this Policy reflects the most recent revision.

10. Contact

Privacy questions or requests: privacy@clubdocket.com.

Club Docket, LLC
Mailing address: 5 Penn Plaza, 23rd Floor, New York, NY 10001, USA