Handy Golf — Privacy Policy

Effective date: August 21, 2025

1) Who we are & scope

  • Controller: Handy Golf, LLC, 336 East University Pkwy #1083, Orem, Utah 84058.
  • Contact: support@handygolf.com.
  • Applies to: our iOS/Android apps, website, support channels, and promotions linking to this policy.

2) Who can use Handy Golf (children & teens)

  • Children under 13 (U.S.): We do not knowingly collect personal information from children under 13 or allow them to create accounts. If we learn we have collected personal information from a child under 13, we will delete it (COPPA).
  • Teens 13–17: Teens may use the Services with a parent/guardian’s consent where required by law. We apply teen-protective defaults (see below), limit data uses, and offer family control options.
  • EEA/UK users: When we rely on consent, parental authorization is required where a child is under the member-state age of digital consent (typically 13–16; default 16 unless a country sets a lower age). We take reasonable steps to verify the authorizing adult.
  • California residents under 16: We do not sell or share their personal information unless there is an affirmative opt-in (for under-13, from a parent/guardian; for 13–15, from the teen).
  • Colorado residents under 18: We obtain consent before processing minors’ data for targeted advertising, sale, or certain profiling and follow enhanced protections effective October 1, 2025.

Teen-protective defaults we apply

  • No targeted advertising to users we know are under 18.
  • Sensitive data (e.g., precise location, contacts) is off by default for under-18 users.
  • Parental tools: request access, deletion, or account closure for a child/teen, as permitted by law.

3) Information we collect

Information you provide

  • Account & profile: name, email (or sign-in ID), age band (e.g., “13–17,” “18+”), handicap range, country.
  • Content: practice logs, scores/“Drive” score, messages, photos/videos (e.g., swing capture), audio you enable, comments, likes.
  • Community features: friend connections, team/league membership, challenge participation, in-app chat content.
  • Support: survey responses, bug reports, and messages to support.

Information we collect automatically

  • Usage & device data: app interactions, feature clicks, session length, crash logs, device type, OS, IP address, identifiers.
  • Approximate location (from IP) to localize content; precise location only if you opt in.
  • Cookies/SDKs on our sites and in our apps for core functionality, analytics, and (for adults) advertising controls.

Information from others

  • Invites & social: if a user invites you (email, phone, or share link).
  • Payment processors: limited transaction confirmations (we don’t store full card data).
  • Vendors/partners: analytics and anti-fraud signals.

4) How we use information

  • Provide and maintain the Services (accounts, content storage, practice plans, Drive score, leaderboards).
  • Personalize training plans and cues; show trends and comparisons.
  • Enable social features you choose (friend groups, challenges).
  • Communicate updates, security alerts, and service messages.
  • Improve reliability, safety, and performance; prevent fraud and misuse.
  • Comply with law and enforce our Terms.

Additional limits for under-18

  • No targeted ads; no sale/share of personal information without required opt-in; minimal data collection for core features; heightened review before any new data use.

5) Legal bases (EEA/UK only)

  • Contract (to deliver the Services you request).
  • Consent (e.g., push notifications, precise location, marketing; parental consent where required for children).
  • Legitimate interests (e.g., service integrity, product improvement) balanced against your rights. Legal obligations (e.g., responding to lawful requests).

6) When we share information

  • Service providers/processors: hosting, analytics, customer support, communications, payment processing, moderation.
  • Community visibility: your display name, avatar, and performance you choose to share (e.g., leaderboards).
  • Legal, safety, and rights: to comply with law or protect users, our rights, or others.
  • Business transfers: merger, acquisition, or asset sale (we’ll notify you of changes to control).
  • Advertising/measurement (adults only): with your consent or as permitted by law.
  • We do not sell personal information in the common sense of the term; where state laws define “sell” or “share” broadly (e.g., certain ad tech), we honor required opt-in for minors and opt-out for adults, including global opt-out signals where required.

7) Your choices & rights

  • Access, deletion, correction, portability: manage most data in-app or contact us at support@handygolf.com. We’ll verify your request consistent with local law.
  • U.S. state rights (e.g., CA, CO): opt out of sale/sharing and targeted advertising (adults); opt in required for minors; limit use of sensitive data; appeal denials of your requests. We provide a “Do Not Sell or Share My Personal Information” link and honor recognized universal opt-out signals where required.
  • EEA/UK rights: object to processing, restrict processing, and lodge a complaint with your data protection authority.
  • Parents/guardians: If you believe your child under 13 has used the Services, or you need to review/delete a child/teen’s information or withdraw consent, contact us at support@handygolf.com. We use verifiable parental consent methods consistent with regulatory guidance.

8) Data retention

  • We keep personal data only as long as necessary to provide the Services and for legitimate and essential business purposes (e.g., security, complying with legal obligations, resolving disputes). You can request deletion at any time; some content (e.g., posted to groups) may remain visible to others if they have copied it.

9) Security

  • We use administrative, technical, and physical safeguards designed to protect personal data (e.g., encryption in transit, least-privilege access, logging). No system is perfectly secure; please use strong credentials and keep them confidential.

10) International data transfers

  • If you are outside the U.S., your data may be processed there or in other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) and assess local laws before transfer.

11) Third-party links & SDKs

  • Our Services may link to third-party sites or use third-party SDKs. Their privacy practices are governed by their own policies. Review those policies before sharing information.

12) Special notices for children & teens (detailed)

  • Age gates & knowledge standard: We use age prompts and other measures designed to prevent under-13 accounts and to treat under-18 users with stricter defaults. If we later learn we collected data from an under-13 user, we delete it and notify the parent where feasible, consistent with COPPA.
  • Parental authorization (EEA/UK): Where we rely on consent and offer services directly to a child below the member-state’s set age (13–16), we will obtain/verify consent from a holder of parental responsibility.
  • California minors (under 16): We will not sell/share personal information without an affirmative opt-in (parent for <13; teen for 13–15), and we provide clear methods to reverse opt-ins.
  • Colorado minors (under 18): We obtain consent before targeted advertising, sale, or certain profiling, and follow enhanced protections effective Oct 1, 2025.

13) Changes to this policy

  • We may update this policy from time to time. We’ll post the new version and change the “Effective date” above. If changes materially affect your rights, we’ll provide additional notice (e.g., in-app message).

14) How to contact us

  • Email: support@handygolf.com
  • Mail: Handy Golf, LLC, 336 East University Pkwy #1083, Orem, Utah 84058
  • EU/UK representative & DPO (if applicable): [Contact details]

15) Region-specific supplements

  • California Notice at Collection & Do Not Sell/Share: Link in app footer and settings. Include the categories of data collected and purposes; provide an easy opt-out and honor universal opt-out signals.
  • Colorado Privacy Act Disclosures: Provide a clear list of processing purposes, categories shared, and an appeals process for denied requests.
  • GDPR: Add a table mapping data categories to legal bases, retention, and recipients; name SCCs for transfers.