Privacy Policy

This Privacy Policy describes how JP Copeland ("we", "us", "Putt4Dough") collects, uses, and shares information when you use putt4dough.vercel.app and the related Putt4Dough software (the "Service"). It applies to people who visit the site, sign up for an account, or download the local Putt4Dough tracker software.

If you have questions, email jp@dataonthespot.com.

1. Plain-English summary

We collect the minimum data needed to run the Service. Specifically:

• If you visit anonymously, we don't store anything about you on our servers. Your putts stay in the browser tab.
• If you sign up, we keep your email, name (via Clerk), and the putts you take so you can see your stats across devices. You can delete your account and everything goes with it.
• If you buy Pro, Stripe handles your card. We never see card details. We do see that you paid and how long your access lasts.
• We don't sell your data. We don't run ads. We don't share your data with anyone except service providers we need to run the Service.
• The webcam tracker stays on your computer. Webcam frames don't leave your machine. Only ball-speed and direction numbers come to us.

The rest of this policy is the formal version.

2. Information we collect

2.1 Information you provide

• Account information: when you sign up, our authentication provider (Clerk) collects your email address and, optionally, your name and OAuth identities. We rely on Clerk to manage credentials securely.
• Display name (optional): if you opt in to the public leaderboard, you choose a display name shown alongside your ranking. By default, we suggest "First name + Last initial" from your Clerk record.
• Payment information: when you purchase Pro, our payment processor (Stripe) collects your card details and billing information directly. We never see, store, or process raw card data.

2.2 Information we generate from your use

• Putt telemetry: ball speed (mph), launch angle (degrees), and computed roll/cup-distance values for each putt you take.
• Session and lifetime statistics: aggregated counts derived from your putts (total shots, makes, make percentage, average speed, by-distance breakdowns).
• Account state: your subscription tier, expiry date, and a Stripe customer ID after purchase.

2.3 Information collected automatically

• Server logs: when your device communicates with our backend, our hosting provider (Fly.io) logs the IP address, user agent, request path, and response status. These logs are retained per Fly's defaults (typically a few days).
• Browser local storage: the Service stores small bits of local-only state in your browser (mute preference, scene choice, streak record, a device-scoped UUID for session isolation). This data does not leave your browser.

2.4 Information we do NOT collect

• We do not run advertising or behavioral profiling.
• We do not place or read tracking cookies beyond the authentication cookies our auth provider needs.
• We do not collect device fingerprints, location data beyond IP, or contact lists.
• The Putt4Dough camera tracker software runs on your computer. It analyses webcam frames locally and never uploads images, video, or audio. Only numerical putt telemetry is sent to our backend.
• We do not knowingly collect data from children under 13. See § 8.

3. How we use information

We use the information we collect to:

• Operate, maintain, and improve the Service.
• Authenticate you and protect your account.
• Process your Pro purchase and grant the access you paid for.
• Show you your putt history, stats, and progress.
• Display your display name and aggregate stats on the public leaderboard if you opted in.
• Communicate with you about transactional matters (purchase receipts, account changes, security notices).
• Comply with legal obligations and respond to lawful requests.

We do not use your information for advertising or for training machine-learning models.

4. How we share information

We share information only with the following categories of recipients:

4.1 Service providers

We use the following third-party processors to operate the Service. Each is bound by a Data Processing Agreement (DPA) that limits their use of your information to providing services to us:

4.2 Public surfaces

If you opt in to the public leaderboard, we make your display name, your rank in each per-distance bucket, and your make percentage visible to anyone visiting the leaderboard page. You can opt out at any time from the Practice page; doing so removes you from future leaderboard reads.

4.3 Legal requests

We may share information when we believe in good faith that disclosure is required to comply with a valid legal process (subpoena, court order, government investigation), to protect the safety of any person, or to enforce our Terms of Service. If we receive such a request, we'll evaluate it and, where legally permitted, notify the affected user before complying.

4.4 Business transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will provide notice and obtain your consent if and as required by applicable law before any such transfer makes your data subject to a materially different privacy policy.

4.5 We do not sell personal information

We do not sell, rent, or trade your personal information for monetary or other valuable consideration. We do not "share" personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA) as amended by the CPRA.

5. Data retention

• Account data and putt history are retained for as long as your account is active.
• When you delete your account, we delete your associated putt history, session records, and personal information from our database within 30 days. Backups containing your information are overwritten in the normal course of our backup rotation, generally within 90 days.
• Anonymous browsing data is held only in transient memory on our servers and is discarded when your session ends or our process restarts.
• Stripe payment records may be retained by Stripe per their policies and by us for tax and accounting purposes (typically 7 years), with personally identifying information minimised to the legal minimum.
• Server logs are retained per our hosting providers' defaults — typically days, not months.

6. Your rights

6.1 All users

You may at any time:

• Update your account email or name through the Clerk-powered account UI.
• Toggle your leaderboard opt-in on or off from the Practice page.
• Request a copy of your data or deletion of your account by emailing jp@dataonthespot.com. We will respond within 30 days.

6.2 California residents (CCPA / CPRA)

In addition to the rights above, California residents have the right to:

• Know what personal information we collect, use, disclose, and (if applicable) sell or share. This Privacy Policy provides that disclosure.
• Delete the personal information we have collected, subject to certain exceptions.
• Correct inaccurate personal information.
• Limit the use of "sensitive personal information" — although we do not collect such information.
• Non-discrimination for exercising these rights.

We do not sell or share personal information; therefore, you do not need to opt out of those activities. To exercise any of these rights, email jp@dataonthespot.com. We will verify your identity by confirming you control the email address associated with your account.

6.3 EU/EEA/UK residents (GDPR / UK GDPR)

If you are in the European Economic Area or the United Kingdom, you have the rights to access, rectify, erase, restrict processing, object to processing, and data portability concerning your personal data, as well as the right to lodge a complaint with a supervisory authority. The legal bases on which we process your personal data are:

• Contract: processing necessary to provide the Service you requested.
• Legitimate interests: operating, securing, and improving the Service in ways you would reasonably expect.
• Consent: for processing that is not strictly necessary to provide the Service (such as the leaderboard opt-in). You may withdraw consent at any time.
• Legal obligation: for tax, accounting, and other legal compliance.

To exercise any rights, email jp@dataonthespot.com. If you are in the UK or EU and unsatisfied with our response, you may also contact your local data protection authority.

International transfers: when your information is transferred from the EEA/UK to the United States or other jurisdictions that may not provide an equivalent level of data protection, we rely on Standard Contractual Clauses or other appropriate safeguards as available.

7. Security

We use technical and organisational measures designed to protect your information, including encryption in transit (HTTPS), reputable infrastructure providers with SOC 2 attestations, scoped database access, and signed webhook verification for payment events. No system is perfectly secure; if we become aware of a security incident affecting your information, we will notify you and the relevant authorities as required by applicable law.

8. Children

The Service is not directed to children under 13 (or the equivalent local age of consent in EU member states). We do not knowingly collect personal information from such children. If you believe a child has provided personal information to us, contact jp@dataonthespot.com and we will delete the account.

9. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. If changes are material, we will provide additional notice (e.g., via email to registered users or a banner on the Service). Your continued use of the Service after a change indicates your acceptance of the updated policy.

10. Contact

For questions, requests, or concerns about this Privacy Policy or our data practices:

Email: jp@dataonthespot.com