GolfHandicapp

Privacy Policy

Last updated: 14 May 2026

This policy explains what personal data we collect when you use the GolfHandicapp mobile app and related services ("the Service"), how we use it, and the rights you have over it. If anything is unclear, email us at support@golfhandicapp.com.

GolfHandicapp is operated by Amersham Web Services Ltd ("we", "our", "us"), a company registered in England and Wales. We are the data controller for the personal data we collect through the Service.

1. What we collect

Account data

  • Email address (for sign-in and recovery)
  • Display name and gender (if you choose to provide it)
  • Home club (optional)
  • Profile photo (optional, stored in our cloud storage)

Round and play data

  • Scores, course played, date, hole-by-hole details
  • Calculated handicap index, scoring metrics, and history
  • Notes and comments you attach to rounds

Course contributions

  • Course details, scorecards, tees, and reviews you add or submit
  • Reports you make about course data accuracy

Approximate location

  • Used only when you actively use the "nearby courses" feature
  • We do not track your location in the background

Scorecard photos (AI Scorecard Scanner feature)

  • When you use the AI Scorecard Scanner, the photo of your paper scorecard is sent to our AI processing partner (Anthropic) so the scores, par, and stroke index can be extracted automatically
  • We do not store scorecard photos on our servers. They are held in memory only for the duration of the request
  • The feature is optional. You can enter scores manually if you prefer

Device and diagnostic data

  • App version, device platform, OS version
  • IP address (used for security and abuse detection)
  • Crash and error reports

Subscription status

  • Whether you have an active subscription, the plan, and renewal date. We do not receive or store your card or payment details — those stay with Apple or Google.

2. How we use your data

  • Run the Service — show your handicap, rounds, profile, and course data; sync your data across devices you sign into.
  • Calculate handicaps and scoring — process round and course data to compute WHS-style metrics.
  • Personalise the experience — recommend nearby courses, surface rounds and players relevant to you.
  • Communicate with you — about your account, subscription renewals, important changes, and (only if you opt in) product updates.
  • Keep the Service safe — detect abuse, fraud, and policy breaches; investigate reports.
  • Improve the Service — analyse aggregated, anonymised usage patterns. We do not sell your data and we do not use third-party advertising trackers.

3. Legal bases (UK GDPR)

We process your personal data on the following bases:

  • Contract — to provide the Service you've signed up for and to manage your subscription.
  • Legitimate interests — to keep the Service secure, prevent abuse, and improve product quality. We balance our interests against your privacy expectations and you can object at any time.
  • Consent — for optional features such as marketing emails or location use. You can withdraw consent at any time without affecting prior processing.
  • Legal obligation — for example to retain billing or tax records, or to respond to lawful requests from authorities.

4. Who we share data with

We do not sell, rent, or trade your personal data. We share it only with:

  • Supabase — our database, authentication, and storage provider. Data is held in their managed infrastructure. They act as our data processor under a written agreement.
  • Anthropic — when you use the AI Scorecard Scanner, the photo of your paper scorecard is sent to Anthropic's Claude Vision API so the scores can be extracted. Anthropic acts as our data processor for this purpose. Photos are processed for the duration of the request and retained briefly by Anthropic for safety and abuse review per their commercial terms (typically up to 30 days), after which they are deleted. Photos are not used to train AI models. You can avoid this entirely by entering scores manually.
  • Apple and Google — for in-app subscription billing, receipt validation, and renewal management. We receive only the entitlement (whether you're subscribed) and the product ID. We do not receive payment details.
  • Google Analytics — used on the marketing website at golfhandicapp.com only, to measure aggregate visitor traffic. Cookies are set only after you accept the cookie banner; if you decline, no Google Analytics cookies are set and no measurement data is sent.
  • Service providers we may use — for example email delivery or crash reporting. Where we use such providers we limit what they can do with the data and require them to handle it securely.
  • Legal and safety — if required by law, to enforce our terms, or to protect rights, property, or safety of users or others.

We do not transfer personal data outside the UK or EEA unless the recipient is bound by appropriate safeguards (such as Standard Contractual Clauses) or another lawful transfer mechanism.

5. How long we keep data

  • Active accounts — for as long as you continue to use the Service.
  • After deletion — within 30 days of a deletion request we remove your profile, rounds, comments, follows, reactions, and course reviews. Some anonymised, aggregated data may be retained for statistical purposes.
  • Billing-related records — retained for as long as required by applicable tax and accounting law (typically 6 years in the UK).
  • Security and abuse logs — IP addresses and abuse signals may be retained for up to 12 months for security investigation.

6. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data — most fields you can edit yourself in the app's Settings; otherwise email us.
  • Delete your account and associated data (in-app or by email).
  • Portability — request an export of your data in a common format.
  • Object to processing based on legitimate interests, or to direct marketing.
  • Restrict processing in certain circumstances.
  • Withdraw consent for processing that relies on consent.
  • Complain to the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we've handled your data incorrectly.

To exercise any of these rights, email support@golfhandicapp.com. We may ask you to verify your identity. We respond within one calendar month.

7. Children

GolfHandicapp is not designed for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided data to us, contact us and we'll delete it.

8. Cookies and tracking

The mobile app does not use browser cookies.

This support site (support.golfhandicapp.com) uses minimal first-party cookies for session management. No third-party trackers.

The marketing site (golfhandicapp.com) uses Google Analytics 4 to measure visitor traffic in aggregate. Google Analytics is loaded only after you click Accept on the cookie banner. If you decline, no Google Analytics cookies are set, no data is sent to Google, and nothing about your visit is recorded. Your decision is stored in your browser; you can change it any time by clearing your browser storage for the site, which will re-show the banner on your next visit.

We do not run third-party advertising trackers and we do not share your data with ad networks.

9. Security

We use Supabase's encrypted storage and HTTPS-only network access. Account passwords are hashed and never stored in plain text. We restrict internal access to your data on a need-to-know basis. No system can be guaranteed completely secure — if you suspect a breach, contact us immediately.

10. Changes to this policy

If we make a material change to this policy we'll let you know via the app or by email before the change takes effect. Continued use of the Service after the change takes effect constitutes acceptance.

11. Contact

Privacy queries:

For complaints about how we handle personal data, you can also contact the UK Information Commissioner's Office at ico.org.uk.