This Privacy Policy explains how Golf Handicap Online (accessible at golfhandicap.online) collects, uses, stores, and protects your personal data. The application is a progressive web app (PWA) that lets golfers track their scores, calculate a World Handicap System (WHS) handicap index, and publish course reviews.
This policy applies to all users of the application — both registered users (those who create an account) and guest users (who use the app without an account, with data stored only on their own device).
This policy is written in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applies because the operator is based in the European Union (Spain). If you are located in the EU/EEA, you have the rights described in Section 6.
Guest users: If you use Golf Handicap Online without creating an account, no personal data is sent to our servers. All data you enter is stored locally on your device only, and this policy does not apply to that data.
The data controller responsible for your personal data is:
| Name | Individual developer operating Golf Handicap Online |
| Address | Tenerife, Canary Islands, Spain (European Union) |
| dobrinalin@gmail.com | |
| Website | https://golfhandicap.online |
As the data controller, the operator determines the purposes and means of processing your personal data. For any questions about how your data is handled, please use the contact details above.
The Canary Islands are a constituent territory of Spain and, as such, are part of the European Union. Processing activities therefore fall under GDPR jurisdiction, with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD) acting as the competent supervisory authority. You may contact the AEPD at www.aepd.es.
We collect only the data necessary to provide the service. The table below describes each category, whether it is required or optional, and how it is obtained.
| Data | Required? | How collected |
|---|---|---|
| Email address | Yes — for account creation | Entered by you during registration; used to deliver a one-time password (OTP) for passwordless login |
| Full name | Yes — for your player profile | Entered by you in your profile settings |
| Date of birth | Yes — required by WHS rules for age-adjusted calculations | Entered by you in your profile settings |
| Phone number | Optional | Entered by you if you choose to add it to your profile |
| Instagram handle | Optional | Entered by you if you choose to link your profile |
| Avatar photo | Optional | Uploaded by you as a profile picture |
| Golf round scores | Yes — core app function | Entered by you when recording rounds |
| Handicap index | Yes — derived data | Calculated automatically from your submitted scores using the WHS formula |
| Course reviews & comments | Optional | Submitted by you voluntarily |
We do not collect:
Under GDPR, every processing activity must have a valid legal basis. The table below sets out our purposes and the legal bases we rely on.
| Purpose | Data used | Legal basis (GDPR Art. 6) |
|---|---|---|
| Account creation & authentication (OTP login) | Email address | Art. 6(1)(b) — Performance of a contract (providing the service you signed up for) |
| Building and displaying your golfer profile | Name, date of birth, phone (optional), Instagram (optional), avatar (optional) | Art. 6(1)(b) — Performance of a contract |
| Calculating WHS handicap index | Round scores, date of birth, handicap index | Art. 6(1)(b) — Performance of a contract |
| Publishing course reviews & comments | Reviews/comments, name (displayed publicly) | Art. 6(1)(b) — Performance of a contract / Art. 6(1)(a) — Consent (where content is publicly visible) |
| Sending OTP login emails | Email address | Art. 6(1)(b) — Performance of a contract |
| Security, fraud prevention, and abuse detection | Email address, account activity logs | Art. 6(1)(f) — Legitimate interests (protecting the integrity of the service and its users) |
| Compliance with legal obligations | Any data where required by law | Art. 6(1)(c) — Legal obligation |
We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.
We retain your personal data only for as long as necessary to provide the service, meet legal obligations, or resolve disputes.
| Data category | Retention period |
|---|---|
| Account & profile data (name, email, birthdate, phone, Instagram, avatar) | Until you delete your account, or upon receipt of a valid erasure request |
| Golf round scores & handicap index | Until you delete your account or individual rounds |
| Course reviews & comments | Until you delete the review, or until your account is deleted |
| Authentication logs (OTP events) | Up to 90 days, for security and fraud-prevention purposes |
| Backup copies | Deleted within 30 days of account deletion (subject to Supabase backup schedules) |
When you delete your account through the app, we will initiate deletion of all associated personal data from our active databases. Deletion from backup snapshots may take up to 30 additional days.
As an EU/EEA resident, GDPR grants you the following rights regarding your personal data. You may exercise any of these rights by contacting us at dobrinalin@gmail.com. We will respond within 30 days; in complex cases we may extend this by a further 60 days and will notify you.
Request a copy of all personal data we hold about you and information about how we use it.
Ask us to correct inaccurate or incomplete personal data. Many corrections can be made directly in your profile settings.
Request deletion of your personal data ("right to be forgotten"). You can also delete your account directly in the app.
Ask us to pause processing of your data while a dispute about accuracy or lawfulness is resolved.
Receive your data in a structured, machine-readable format (e.g. JSON or CSV) so you can transfer it to another service.
Object to processing based on legitimate interests. We will stop unless we can demonstrate compelling grounds that override your rights.
Where processing is based on your consent, you may withdraw it at any time without affecting prior lawful processing.
You may complain to the Spanish supervisory authority, the AEPD, at www.aepd.es, or to the supervisory authority in your EU member state.
To request deletion of your data, email dobrinalin@gmail.com with subject: Data Deletion Request. Please include the email address associated with your account. We will process your request within 30 days.
We use a small number of carefully selected third-party service providers (data processors) to operate the application. These providers act on our instructions and may only process your data for the specific purposes described below. We do not sell your data to any third party.
Role: Database storage and user authentication.
Data processed: All personal data stored in the app (profile data, scores, reviews, auth records).
Location: EU region (AWS eu-central-1, Frankfurt, Germany).
Basis for transfer: Data stored within the EU; no international transfer.
Supabase Privacy Policy ·
Supabase GDPR documentation
Role: Web hosting and content delivery (CDN) for the PWA.
Data processed: IP addresses and HTTP request logs, as is standard for any web host. No application-level personal data is stored by Netlify.
Location: United States, with CDN nodes globally.
Basis for transfer: Standard Contractual Clauses (SCCs) and Netlify's Data Processing Agreement.
Netlify Privacy Policy ·
Netlify GDPR information
Role: Transactional email delivery (OTP login emails).
Data processed: Your email address and the content of authentication emails.
Location: United States.
Basis for transfer: Standard Contractual Clauses (SCCs) and Resend's Data Processing Agreement.
Resend Privacy Policy
No other third parties receive your personal data. We use no advertising networks, behavioural analytics platforms, or social media tracking pixels.
If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please reach out:
Data Controller & Privacy enquiries
dobrinalin@gmail.comWe may update this Privacy Policy from time to time. Material changes will be communicated via the app or by email to registered users. The "Last updated" date at the top of this page reflects the most recent version. Continued use of the app after an update constitutes acceptance of the revised policy.
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.