Privacy Policy
We collect what we need to run the ranking: your sign-in identity, the scores you post, and the matches you've played. We don't sell data, run ads, or track you across other apps or websites. You can delete your account from inside the app at any time.
01. What we collect
Rankd.golf is operated by Saltwater Digital Limited, a company registered in England & Wales (company number 16616025) with a registered office at 42 East Street, First Floor Offices, Newquay, England, TR7 1BE. References to "we", "us", and "our" mean that company. We are the data controller for the personal data described in this policy.
Account information
When you sign in with Apple or Google, we receive a unique account identifier and (depending on the provider and your settings) your email address and name. If you choose Apple's "Hide My Email" option, we receive the relay address instead. We don't see your password.
Profile information you provide
During onboarding we collect: your display name, chosen username,
country, a WHS handicap index (or an estimate if you don't know
yours), and the course you'd like to set as your home club.
Everything in this category is editable in Profile -> Edit.
Match data
When you post a ranked round we record the course played, the tees, your gross score, the resulting WHS Score Differential, the partner you played with, the opposing duo, the match outcome, and the ELO updates for all four players.
Device telemetry
Standard mobile telemetry to keep the app running: device model, OS version, app version, crash stack traces, and request timestamps. Captured via Sentry (crash + error reporting) and Supabase (API access logs). Crash reports include your profile id only after you've signed in, so we can correlate a crash with the matches you were trying to play; no PII beyond that is attached.
Push notification tokens
If you grant push permission, the app registers an Expo push token tied to your profile so we can deliver match-found, partner-confirm, deadline, and result notifications. If you decline (or revoke later in iOS / Android Settings), we keep no token.
What we don't collect
- We don't track you across other apps or websites.
- We don't fingerprint your device.
- We don't run advertising SDKs (no Facebook SDK, no Google Ads, no AdMob). The only third-party SDK that sees product-event data is Mixpanel, listed in section 03 below.
- We don't access your contacts, calendar, microphone, or precise location.
- The only photo-library access is when you tap "Save share card" and iOS / Android asks you for permission to write a single image.
| Category | Examples | Required? |
|---|---|---|
| Account | Apple/Google identifier, email | Required |
| Profile | Name, username, country, handicap, home course | Required to play ranked |
| Match | Gross score, slope/CR, opponents, ELO change | Required to rank |
| Push token | Expo push token | Optional · only on grant |
| Telemetry | Crashes, OS version, app version | Automatic · anonymous unless signed in |
02. How we use it
We use the data only for the following purposes:
- Match you with another duo at a similar combined rating (contract).
- Calculate your Score Differential and update your personal ELO (contract).
-
Render your public profile at
rankd.golf/u/[username]and match share cards atrankd.golf/match/[id]when you or another player shares one (contract). - Send push notifications about your matches, partner invites, and deadlines (consent · you can revoke at any time in iOS / Android Settings).
- Detect abuse, prevent fraud, and investigate score-integrity flags (legitimate interest).
- Diagnose crashes and improve the app via aggregated performance signals (legitimate interest).
We don't send marketing emails. We don't sell your data. We don't use it to train third-party AI models.
03. Who we share with
We share data with a small number of processors strictly to operate the service:
| Service | Purpose | Region |
|---|---|---|
| Supabase | Database + authentication | Frankfurt, EU |
| Apple Sign in with Apple | Authentication | Apple's servers |
| Google OAuth | Authentication | Google's servers |
| Expo Push Notification Service | Routing push notifications to your device | US |
| Sentry | Crash + error reporting | Frankfurt, EU |
| Mixpanel | Product analytics. Receives a fixed set of conversion events (sign-in, onboarding step, queue entered, match resolved, etc.) tied to your internal user id. No emails, names, or contact details. No automatic device or session pings. | Frankfurt, EU |
| Vercel | Hosting Rankd.golf (this website) | EU + US edges |
| Apple App Store / Google Play | App distribution + in-app analytics dashboards | Apple / Google |
We don't share data with advertising networks. We don't sell it to data brokers.
04. Retention
Active accounts. Held for as long as you're using the service.
Deleted accounts. When you tap Profile -> Account -> Delete account, we immediately:
- Scrub your personally identifying profile fields (name, username, country, email).
- Remove your Apple / Google sign-in link so you can start fresh if you ever come back.
- Preserve your historical match results in anonymised form so the ratings of every opponent you ever played stay coherent. You appear as "Deleted player" in their history.
Database backups roll over within 30 days. Crash and error logs roll over within 90 days.
05. Your rights
Under UK GDPR, EU GDPR, and equivalent US state privacy laws you have the right to:
- Access the data we hold about you. Most of it is visible in the app; email us for a full export.
- Correct it. Your profile is editable in
Profile -> Edit. - Delete it.
Profile -> Account -> Delete account. - Object to optional processing (push notifications can be revoked in OS Settings; crash reporting is disabled in dev builds and minimal in production).
- Lodge a complaint with your national data protection authority. In the UK that's the Information Commissioner's Office ( ico.org.uk).
California residents: equivalent CCPA rights apply, including the right to know what we collect, the right to delete, and the right not to be discriminated against for exercising those rights.
06. Security
Data is encrypted in transit (TLS 1.3) and at rest (managed by Supabase / Vercel / Sentry per their security standards). Auth tokens are stored in your device's secure keychain (iOS) or encrypted shared preferences (Android), never in app-readable storage. Database access is governed by Postgres Row-Level Security policies that scope every query to the requesting user.
We never see your Apple / Google password. Sign-in is handled by Apple or Google directly.
07. Minimum age
Rankd.golf is for adults. You must be at least 18 to create an account. We don't knowingly collect data from anyone under 18. If you believe an under-18 account exists, email hi@rankd.golf and we'll remove it.
08. International transfers
Your primary data is stored in EU regions (Supabase Frankfurt, Sentry Frankfurt). Some processors (Apple, Google, Expo, Vercel) are based in the United States; transfers to them rely on Standard Contractual Clauses or equivalent safeguards under their published data protection terms.
09. Changes to this policy
If we materially change this policy we'll flag it in the app and update the "Last updated" date above. Significant changes that affect what we collect or how we share will be notified to active users in-app at least 14 days before they take effect.
10. Contact
Questions about this policy or about the data we hold on you:
- Email hi@rankd.golf
- Postal: Saltwater Digital Limited, 42 East Street, First Floor Offices, Newquay, England, TR7 1BE