Privacy Policy

Pin Reaper

Last Updated: 31 October 2025

1. Introduction

Pin Reaper Limited ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our golf tracking application and related services (the "Service").

We are the data controller responsible for your personal data. This Privacy Policy should be read in conjunction with our Terms and Conditions.

Data Controller:
Pin Reaper Limited
Email: [email protected]

2. Legal Basis for Processing

We process your personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • Other applicable data protection laws

We process your data based on the following legal grounds:

  • Contract: Processing is necessary to provide the Service you have subscribed to
  • Consent: You have given clear consent for specific processing activities
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving the Service, preventing fraud)
  • Legal Obligation: Processing is necessary to comply with legal requirements

3. Information We Collect

3.1 Information You Provide

When you create an account and use the Service, you provide us with:

  • Account Information: First name, last name, username, email address, password (encrypted)
  • Profile Information: Optional profile details, handicap index preferences
  • Golf Round Data: Scores, statistics, course information, dates and times of rounds
  • Social Features: Friend connections, comments, reviews, shared rounds
  • Payment Information: Processed securely by our payment provider (we do not store complete card details)
  • Communications: Messages, support requests, feedback you send to us

3.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Data: Features used, pages viewed, time spent on pages, click patterns
  • Location Data: With your permission, approximate location to suggest nearby golf courses
  • Log Data: IP address, browser type, access times, referring URLs
  • Cookies and Tracking Technologies: See Section 8 for details

3.3 Information from Third Parties

  • Authentication Providers: If you sign in using third-party services (e.g., Google, Apple), we receive basic profile information
  • Payment Processors: Transaction confirmations and payment status
  • Golf Course Data: Course information from public databases and golf associations

4. How We Use Your Information

4.1 Providing the Service

  • Create and manage your account
  • Record and display your golf rounds and statistics
  • Calculate handicap estimates
  • Enable social features (friend connections, sharing, comments)
  • Process subscription payments
  • Provide customer support

4.2 Improving the Service

  • Analyze usage patterns to improve features and user experience
  • Conduct research and development
  • Test new features and functionality
  • Monitor and improve Service performance and reliability

4.3 Communications

  • Send transactional emails (account confirmations, password resets, payment receipts)
  • Send Service updates and important notifications
  • Respond to your inquiries and support requests
  • Send marketing communications (only with your consent, which you can withdraw at any time)

4.4 Safety and Security

  • Prevent fraud, abuse, and unauthorized access
  • Enforce our Terms and Conditions
  • Protect the rights, property, and safety of our users
  • Comply with legal obligations

4.5 Legal Compliance

  • Respond to legal requests and prevent harm
  • Comply with applicable laws and regulations
  • Establish, exercise, or defend legal claims

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

5.1 With Your Consent

  • Friends on the Service: When you choose to share rounds or connect with friends
  • Public Information: Comments and reviews you post may be visible to other users

5.2 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

  • Cloud Hosting: Amazon Web Services (AWS) - data stored in London, UK
  • Payment Processing: Stripe or similar payment processors
  • Email Services: For sending transactional and marketing emails
  • Analytics: To understand Service usage and performance
  • Customer Support: To provide technical support

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.3 Business Transfers

If Pin Reaper Limited is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Legal process, court orders, or government requests
  • Protecting the rights, property, or safety of Pin Reaper, our users, or the public
  • Investigating potential violations of our Terms and Conditions
  • Preventing fraud, abuse, or illegal activity

5.5 Aggregated Data

We may share aggregated or anonymized data that cannot identify you personally (e.g., overall usage statistics, trends in golf handicaps) for research, marketing, or other purposes.

6. Data Storage and Security

6.1 Where We Store Your Data

Your data is stored on secure servers located in London, United Kingdom (AWS EU-West-2 region). This ensures your data remains within the UK and is subject to UK data protection laws.

6.2 How We Protect Your Data

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Secure password storage using industry-standard hashing algorithms
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Employee training on data protection and security
  • Regular backups and disaster recovery procedures
  • Monitoring for suspicious activity and security incidents

6.3 Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

  • Active Accounts: We retain your data while your account is active
  • After Account Deletion: We retain your data for 1 month to allow account recovery, then permanently delete it
  • Legal Requirements: Some data may be retained longer if required by law (e.g., financial records for tax purposes)
  • Anonymized Data: We may retain anonymized or aggregated data indefinitely for statistical purposes

7. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

7.1 Right to Access

You have the right to request a copy of the personal data we hold about you. You can export your data through your account settings or by contacting us.

7.2 Right to Rectification

You have the right to correct inaccurate or incomplete personal data. You can update most information through your account settings.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data. You can delete your account through the Service settings, or contact us to request deletion.

7.4 Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain circumstances.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another service.

7.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In the UK, this is the Information Commissioner"s Office (ICO):

Information Commissioner"s Office
Website: https://ico.org.uk
Phone: 0303 123 1113

7.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device when you use the Service. They help us recognize you, remember your preferences, and improve your experience.

8.2 Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the Service to function:

  • Authentication and session management
  • Security and fraud prevention
  • Load balancing and performance

Functional Cookies

These cookies remember your preferences:

  • Language preferences
  • Display settings
  • User interface customizations

Analytics Cookies

These cookies help us understand how you use the Service:

  • Pages visited and features used
  • Time spent on pages
  • Errors encountered
  • Traffic sources

Marketing Cookies (With Consent)

These cookies are used to deliver relevant advertising:

  • Track conversions from marketing campaigns
  • Measure effectiveness of advertising
  • Deliver personalized content

8.3 Managing Cookies

You can control cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of the Service. Most browsers allow you to:

  • View what cookies are stored and delete them individually
  • Block third-party cookies
  • Block all cookies
  • Delete all cookies when you close your browser

8.4 Third-Party Tracking

Some third-party services we use (such as analytics providers) may use their own cookies. We do not control these cookies. Please review the privacy policies of these providers:

  • Google Analytics
  • Stripe (payment processing)

9. Children"s Privacy

The Service is available to users aged 13 and older. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].

10. International Data Transfers

Your data is stored in the United Kingdom. If you access the Service from outside the UK, your data may be transferred to and processed in the UK. By using the Service, you consent to this transfer.

The UK has been recognized by the European Commission as providing an adequate level of data protection. We ensure that any international transfers comply with applicable data protection laws.

11. Marketing Communications

11.1 Types of Communications

We may send you:

  • Transactional Emails: Account confirmations, password resets, payment receipts (these cannot be opted out of)
  • Service Updates: Important changes to the Service or Terms
  • Marketing Emails: New features, tips, special offers (you can opt out at any time)

11.2 Opting Out

You can unsubscribe from marketing emails by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your email preferences in your account settings
  • Contacting us at [email protected]

Please note that even if you opt out of marketing emails, we will still send you essential transactional and Service-related emails.

12. Third-Party Links

The Service may contain links to third-party websites, plugins, or applications. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

13. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by UK GDPR.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email or through the Service
  • For material changes, provide at least 30 days" notice

Your continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller: Pin Reaper Limited

Email: [email protected]

Website: https://pinreaper.co.uk

We aim to respond to all requests within one month. If your request is complex or we receive multiple requests, we may extend this period by two months, and we will notify you of any extension.

16. Specific Information for Users in Different Jurisdictions

16.1 UK Users

As our primary user base is in the UK, this entire Privacy Policy is designed to comply with UK GDPR and the Data Protection Act 2018.

16.2 EEA Users

If you are in the European Economic Area, you have the same rights as UK users under the EU GDPR. Data transfers between the UK and EEA are recognized as adequate.

16.3 Other International Users

If you are located outside the UK or EEA, your data will be transferred to and processed in the UK. By using the Service, you consent to this transfer and acknowledge that UK data protection laws will apply.