Privacy Policy
1. Who We Are
Pocket Caddy Limited is a private limited company incorporated in England and Wales (company number 17260257), with its registered office at 17 Goldcrest Drive, Chatham, Kent, ME4 3SD.
We are the data controller for the personal data we collect through the Pocket Caddy mobile application ("App"). If you have any questions about this Privacy Policy or how we handle your data, contact us at Rhys@pocketcaddy.uk.
This policy applies to all users of the App and is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What Data We Collect
2.1 Account Data
When you create an account we collect:
- Your email address
- A hashed and salted password (we never store your password in plain text)
- The date and time your account was created
2.2 Golf Performance Data
When you use the App you may provide:
- Club names, average carry and total distances, and dispersion figures
- Individual shot records (carry, total distance, lateral dispersion)
- Round scores and hole-by-hole scorecards
- Voice recordings made within the App for shot logging purposes
- Screenshots or images uploaded from launch monitor or ball-tracking platforms (e.g. Toptracer, Garmin Approach R10, Rapsodo, FlightScope, TrackMan, or similar)
2.3 Usage and Analytics Data
We collect anonymised and aggregated data about how the App is used, including:
- Features accessed and frequency of use
- Session duration and navigation patterns
- App performance and error reports
This data is collected in aggregate form and cannot be used to identify you individually.
2.4 Device Data
We may collect basic device information necessary to provide the App, including operating system version and device type. We do not collect your device's advertising identifier.
3. How We Use Your Data
4. Third-Party Data Processors
We use the following third-party services to operate the App. Each acts as a data processor on our behalf and is contractually bound to handle your data securely and only for the purposes we specify:
Data transfers to the USA are carried out under the UK International Data Transfer Agreement (IDTA) or equivalent safeguards with each processor.
5. How Long We Keep Your Data
We retain your data for as long as your account is active. Specifically:
- Account data, club profiles, and round history: retained for the lifetime of your account
- Voice recordings: processed in real time and discarded immediately after transcription. We do not store audio files.
- Uploaded screenshots and images: processed to extract shot data and discarded. We do not store the original images.
- Anonymised usage analytics: retained indefinitely in aggregate form
When you delete your account, all personal data associated with it will be permanently deleted from our systems within 30 days, except where we are required to retain it by law.
6. Your Rights Under UK GDPR
As a UK data subject you have the following rights:
- Right of access — you can request a copy of the personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate data
- Right to erasure — you can ask us to delete your data (subject to legal obligations)
- Right to restriction — you can ask us to limit how we use your data
- Right to data portability — you can request your data in a machine-readable format
- Right to object — you can object to processing based on legitimate interests
- Rights relating to automated decision-making — our strategy recommendations are generated algorithmically; you have the right to request human review of any decision that significantly affects you
To exercise any of these rights, contact us at Rhys@pocketcaddy.uk. We will respond within one calendar month.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have handled your data unlawfully.
7. Security
We take appropriate technical and organisational measures to protect your data, including:
- Passwords are hashed using PBKDF2 with SHA-256 and a unique salt per user — we cannot read your password
- Data in transit is encrypted using TLS
- Data at rest is encrypted within Supabase
- Access to production data is restricted to authorised personnel only
No method of transmission over the internet is completely secure. If you believe your account has been compromised, contact us immediately at Rhys@pocketcaddy.uk.
8. Children’s Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Where changes are material, we will notify you via the App or by email at least 14 days before they take effect. The effective date at the top of this document will always reflect the most recent version.