TournamentCaddy
Sign In

Privacy Policy

Your privacy matters to us. This policy explains how TournamentCaddy collects, uses, shares, and protects your personal information.

Last updated: February 10, 2026

Introduction

TournamentCaddy ("we," "us," or "our") operates the TournamentCaddy platform (the "Service"), a software-as-a-service golf tournament management application accessible at tournamentcaddy.com and related subdomains.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our platform, participate in tournaments managed through our Service, or otherwise interact with us. Please read this policy carefully. By using the Service, you consent to the practices described in this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Information We Collect

Information You Provide Directly

We collect information you voluntarily provide when you register for an account, create or manage a tournament, register as a player, or contact us. This may include:

  • Account information: name, email address, phone number, password, and profile details.
  • Organization information: organization name, billing address, and team member details.
  • Tournament data: tournament names, dates, venues, formats, player rosters, team assignments, scores, leaderboards, and related configuration.
  • Player information: names, email addresses, phone numbers, handicaps, registration details, and check-in records.
  • Payment information: billing name, billing address, and payment method details. Note that full credit card numbers are processed and stored exclusively by our payment processor, Stripe, and are never stored on our servers.
  • Sponsor information: company names, contact details, sponsorship levels, logos, and promotional materials.
  • Communications: messages, feedback, support inquiries, and any other content you send to us.

Information Collected Automatically

When you access or use our Service, we may automatically collect certain information, including:

  • Device information: browser type, operating system, device type, screen resolution, and unique device identifiers.
  • Usage data: pages visited, features used, actions taken, timestamps, referring URLs, and interaction patterns.
  • Log data: IP addresses, access times, error logs, and server request details.
  • Location data: approximate geographic location inferred from your IP address.

Information from Third Parties

We may receive information about you from third-party services you use to authenticate (such as email-based sign-in providers), payment processors (such as transaction confirmation from Stripe), and analytics providers. We only collect the minimum information necessary to operate and improve the Service.

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and operate the Service: create and manage your account, process tournament registrations, manage scoring and leaderboards, facilitate check-ins, and enable sponsor management.
  • Process payments: handle subscription billing, tournament registration fees, and related financial transactions through Stripe.
  • Communicate with you: send tournament reminders, milestone notifications, score updates, registration confirmations, and administrative messages via email (Resend) and SMS (Twilio).
  • Improve and personalize the Service: analyze usage patterns, conduct A/B testing through feature flags, optimize performance, and develop new features.
  • Ensure security: detect and prevent fraud, abuse, and unauthorized access; maintain audit logs of administrative actions; and enforce our terms of service.
  • Comply with legal obligations: respond to legal requests, enforce our agreements, and comply with applicable laws and regulations.
  • Provide customer support: respond to your inquiries, troubleshoot issues, and provide technical assistance.

Information Sharing & Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

With Tournament Organizers

If you register as a player or participant in a tournament, your registration information (name, email, phone number, handicap, and team assignment) will be shared with the tournament organizer(s) who manage that event through our platform.

With Organization Members

If you are part of an organization on our platform, certain information (such as your name, role, and activity within the organization) may be visible to other members of that organization based on their role and permissions.

Public Leaderboards & Tournament Information

Scores, leaderboard standings, team assignments, and related tournament data may be made publicly available through our leaderboard pages, embeddable widgets, and short-link tournament URLs, as configured by the tournament organizer.

With Service Providers

We share information with trusted third-party service providers who assist us in operating, maintaining, and improving the Service. These providers are contractually obligated to use your information only for the purposes of providing services to us and are bound by confidentiality obligations. Our key service providers include:

  • Stripe — payment processing, subscription management, and billing.
  • Supabase — authentication, database hosting, and data storage.
  • Resend — transactional and notification email delivery.
  • Twilio — SMS notifications and communications.
  • Vercel — application hosting, deployment, and content delivery.

For Legal Reasons

We may disclose your information if required to do so by law, in response to a valid legal process (such as a subpoena, court order, or government request), to protect our rights, privacy, safety, or property (or that of our users or others), to enforce our terms of service, or to investigate potential violations. We may also share information in connection with a merger, acquisition, bankruptcy, or sale of all or a portion of our assets.

Data Storage & Security

We take the security of your information seriously and implement a variety of technical, administrative, and organizational measures to protect it, including:

  • Encryption of data in transit using TLS/SSL and encryption of data at rest.
  • Row-Level Security (RLS) policies in our database ensuring users can only access data they are authorized to view.
  • Role-based access controls (RBAC) with a defined permission hierarchy for organization members.
  • Comprehensive audit logging of administrative actions, score modifications, and sensitive operations.
  • Secure authentication through Supabase Auth with session management and token refresh mechanisms.
  • Regular security reviews and adherence to industry best practices.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining safeguards appropriate to the sensitivity of the data we process.

Cookies & Tracking Technologies

We use cookies and similar technologies to operate, secure, and improve our Service. The types of cookies we use include:

  • Essential cookies: required for authentication, session management, security, and core platform functionality. These cannot be disabled.
  • Preference cookies: remember your settings, such as theme preference (light/dark mode) and display options.
  • Analytics cookies: help us understand how visitors interact with our Service so we can measure performance and improve the user experience.

We also use feature flags with deterministic hash-based evaluation to provide consistent experiences during gradual feature rollouts. These do not track you across third-party sites.

Most web browsers allow you to control cookies through their settings. You can typically choose to block or delete cookies, although doing so may affect the functionality of the Service.

Your Rights & Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information. These may include:

Access & Portability

You have the right to request a copy of the personal information we hold about you. You may also request that we provide your data in a structured, commonly used, and machine-readable format.

Correction

You have the right to request that we correct inaccurate or incomplete personal information. You can update much of your information directly through your account settings.

Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (such as data we are required to retain for legal or legitimate business purposes). Please note that we use soft-delete mechanisms, meaning your data may be marked as deleted but retained in our systems for a limited period before permanent removal.

Opt-Out of Communications

You can opt out of promotional emails by following the unsubscribe instructions in those messages. You may also contact us to update your communication preferences. Please note that even if you opt out of promotional communications, we may still send you transactional messages related to your account or active tournaments (such as registration confirmations, score updates, and billing notices).

Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. We currently do not respond to DNT signals, as there is no industry-wide standard for compliance.

California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, the purposes for which it is used, and whether it is sold or disclosed to third parties. You have the right to request deletion of your personal information and to opt out of the sale of your personal information. We do not sell your personal information. To exercise your rights, please contact us using the information provided below.

European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, and object to processing of your personal data, as well as the right to data portability. Our legal bases for processing your data include your consent, performance of a contract (providing the Service), our legitimate interests (improving and securing the Service), and compliance with legal obligations. You also have the right to lodge a complaint with your local data protection authority.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We may also retain and use your information as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes such as maintaining audit trails and financial records.

Tournament data (including scores, leaderboards, and participant records) is retained to provide historical records for organizers and players. If you request deletion of your account, we will remove or anonymize your personal information within a reasonable timeframe, except where retention is required by law or for legitimate business needs.

Audit logs and security records may be retained for an extended period to support security investigations, fraud prevention, and regulatory compliance.

Children's Privacy

The Service is not directed to children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately and we will take steps to remove that information from our systems.

Tournament organizers who allow minors to participate in their events are responsible for obtaining appropriate parental or guardian consent and for ensuring that any minor participant data is handled in compliance with applicable laws.

International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. Our servers, service providers, and infrastructure partners may be located in the United States and other jurisdictions. These countries may have data protection laws that differ from those of your country.

When we transfer data internationally, we take steps to ensure that appropriate safeguards are in place, including contractual commitments from our service providers to protect your data in accordance with this Privacy Policy and applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page. For significant changes, we may also notify you via email or through a prominent notice on the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us.

Email: support@tournamentcaddy.com

We will respond to your request within a reasonable timeframe and in accordance with applicable law. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.