Privacy Policy

Last updated: 14 May 2026

1. Introduction

ParTracker ("we", "us", "our") is operated by Kold Partners, a sole proprietorship based in Denmark. We operate the ParTracker mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, and how we comply with the EU General Data Protection Regulation (GDPR), the Danish Data Protection Act, and the EU AI Act.

For all data-protection matters, the data controller is Kold Partners, reachable at privacy@partracker.app.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address, display name, and optionally your phone number and handicap index. If you sign in with a third-party provider, we receive the information you authorize that provider to share.

2.2 Golf Data

We collect the scores, rounds, handicap index, statistics, and other golf-related data you enter into the app. This includes course information, player groupings, team assignments, and tournament participation.

2.3 Usage Data

We automatically collect limited technical information when you use the Service, including device type, operating system, app version, and general usage patterns. We do not collect precise location data.

2.4 Contact Form

If you contact us through the website or in-app feedback, we collect your name, email address, and the content of your message.

2.5 Consent Records

When you accept this Privacy Policy and the Terms of Service at signup, we record the date, the policy version, and your user identifier so we can demonstrate lawful collection (GDPR Art. 7).

3. Legal Bases for Processing

We rely on the following lawful bases (GDPR Article 6) for each processing purpose:

  • Contract (Art. 6(1)(b)): Account creation, golf data storage, tournament participation, sharing rounds with other players, score and handicap calculation — these are necessary to provide the Service you signed up for.
  • Consent (Art. 6(1)(a)): AI coaching insights and AI trend insights are opt-in features that you can disable at any time in your profile settings.
  • Legitimate interests (Art. 6(1)(f)): Error monitoring, abuse prevention, security logging, and aggregate usage analytics, where we have balanced our interest against your rights.
  • Legal obligation (Art. 6(1)(c)): Compliance with applicable Danish and EU law where we are required to retain or disclose data.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Calculate scores, handicaps, and tournament standings
  • Enable you to share rounds and compete with other players
  • Send important service notifications (e.g. security alerts)
  • Respond to your inquiries and support requests
  • Analyze aggregate usage trends to improve the experience

5. AI Features (EU AI Act Art. 50)

ParTracker uses generative AI to provide optional round-summary coaching insights and weekly trend insights. These features are opt-in and can be disabled at any time via Profile → Preferences → AI Coaching.

In line with the EU AI Act's transparency requirements (Article 50), AI-generated content inside the app is labelled as AI-generated. The AI provider is Anthropic, PBC, using their Claude family of models. Before any request leaves EU infrastructure, we pseudonymise the inputs: we strip your name, email, user identifier, and any guest identifiers, and replace them with anonymous tokens. The AI provider never sees your identity or your friends' identities. We re-personalise the response on our own servers before displaying it to you.

AI prompts and responses are not retained by us beyond short-lived processing logs. Per Anthropic's standard commercial terms, your inputs are not used to train their models.

6. Subprocessors / Service Providers

We do not sell your personal information. We share data only with the following service providers, each acting as a processor under a Data Processing Agreement:

  • Supabase (Singapore, with infrastructure in Ireland): database, authentication, file storage, and edge functions. Your account data and golf data are stored in the EU (eu-west-1, Ireland).
  • Vercel (United States, with infrastructure in Frankfurt): hosting for partracker.app and admin.partracker.app. Edge functions and server renders are pinned to the Frankfurt (fra1) region.
  • Anthropic, PBC (United States): Claude models used for the optional AI coaching and trend-insight features. Inputs are pseudonymised before transmission. See Section 5.
  • Email delivery:Auth-related transactional email (sign-in links, password resets) is currently sent via Supabase's default SMTP provider. We are migrating to an EU-resident SMTP provider (Brevo or Mailjet, both based in France); this policy will be updated when the migration is complete.
  • Apple Push Notification service (Apple Inc., US) and Firebase Cloud Messaging (Google LLC, US): platform-required push notification routing. Notification payloads contain only a generic title and short message body, no personal data beyond what is needed to display the notification.
  • Legal requirements: We may disclose information if required by Danish or EU law, or in response to a valid legal request.

An up-to-date list of subprocessors is available on request at privacy@partracker.app.

7. International Transfers

Some of our processors (Anthropic, Vercel as a US-headquartered company, Apple, Google) are based outside the EEA. Personal data transferred to these processors is protected by the EU Standard Contractual Clauses (2021/914) and, where applicable, by additional safeguards such as pseudonymisation before transfer (Anthropic) and EU-region pinning of data at rest and compute (Supabase Ireland, Vercel Frankfurt).

8. Data Retention

We keep your personal data only for as long as is necessary for the purpose it was collected. Specifically:

  • Account and golf data: retained for the life of your account. Deleted within 30 days of account deletion (see Your Rights, below). Inactive accounts (no sign-in for 36 months) are flagged and may be removed after notice.
  • Database backups: rolling 30-day window. Deletions propagate to backups as those backups age out.
  • Contact form / feedback messages: retained for 24 months from receipt, then deleted.
  • Authentication logs (sign-ins, password resets): retained for 12 months for security and abuse prevention.
  • AI prompts and responses: not stored long-term. Short-lived processing logs are retained up to 7 days for debugging.
  • Consent records: retained for the life of your account plus the statutory limitation period, to demonstrate lawful collection.

9. Data Storage and Security

Your data is stored at rest on Supabase infrastructure in Ireland (eu-west-1). Application servers run on Vercel infrastructure in Frankfurt (fra1). We implement industry-standard security measures including encryption in transit (TLS) and at rest, row-level security policies, pseudonymisation for AI processing, secure authentication, and rate limiting.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. In the event of a personal-data breach affecting you, we will notify you and the Danish Data Protection Agency in accordance with GDPR Articles 33 and 34.

10. Your Rights

Under the GDPR and applicable Danish law, you have the right to:

  • Access the personal data we hold about you (Art. 15)
  • Request correction of inaccurate data (Art. 16)
  • Request deletion of your data (Art. 17 — "right to be forgotten")
  • Object to or restrict processing of your data (Arts. 18, 21)
  • Request data portability in a structured, machine-readable format (Art. 20)
  • Withdraw consent for any consent-based processing (Art. 7)
  • Lodge a complaint with a supervisory authority

The data export (Art. 15 / Art. 20) and account deletion (Art. 17) rights can be exercised directly inside the app via Profile → Privacy & Data. For all other requests, contact us at privacy@partracker.app.

You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, Denmark — datatilsynet.dk.

11. Guest Players

Guest players are created by registered users to include non-registered friends in rounds. Guest profiles contain only a display name and are linked to the account of the user who created them. No email or phone number is collected for guest players. The registered user who created a guest is responsible for ensuring that person consented to being added.

12. Children

ParTracker is not directed to children under 13. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can remove it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be highlighted in-app at next sign-in. Other changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@partracker.app.