Last Updated: March 2026
At GolfLabs, we respect the privacy rights of our users and recognize the importance of protecting the personal data we collect. This Privacy Policy describes how Golf Labs Technologies LLC ("GolfLabs," "we," "us," and "our") collects, uses, discloses, and protects information when you use our website, booking platform, and related services (collectively, the "Services").
Data Controller: Golf Labs Technologies LLC, golflabsllc@gmail.com
By using our Services, you consent to the practices described in this Privacy Policy.
1.1. Account Information When you create an account, we collect your name, email address, phone number, and any other information you provide during registration. Legal basis: Performance of a contract (providing the Services you signed up for) and legitimate interest (account management).
1.2. Payment Information When you make a booking, your payment information (credit/debit card details) is collected and processed directly by our third-party payment processor, Stripe, through their secure payment elements. GolfLabs never receives, transmits, or stores your full credit card number, CVV, or other sensitive card data on our servers. Stripe is PCI-DSS compliant and processes your payment information in accordance with their own Privacy Policy (https://stripe.com/privacy).
We may store limited transaction-related information such as the last four digits of your card, card brand, transaction amounts, and payment status for record-keeping and customer service purposes. Legal basis: Performance of a contract and legal obligation (financial record-keeping).
1.3. Booking Information We collect information related to your bookings, including dates, times, bay selections, session duration, party size, and pricing details. Legal basis: Performance of a contract.
1.4. Technical and Usage Information We automatically collect certain information when you interact with our Services, including: - IP address - Browser type and version - Operating system - Pages viewed and features used - Date and time of access - Referring website or source Legal basis: Legitimate interest (security, service improvement, and fraud prevention).
1.5. Agreement and Consent Records When you accept our Terms of Service, Privacy Policy, or Liability Waiver during the booking process, we record the type of agreement, the version accepted, the date and time of acceptance, your IP address, and your browser user agent for legal compliance and audit purposes. Legal basis: Legal obligation and legitimate interest.
1.6. Communications If you contact us via email or through our Services, we may retain the content of your communications along with your contact information and our responses. Legal basis: Legitimate interest.
1.7. Marketing Preferences If you opt in to receive marketing communications during signup, we record your consent with a timestamp. You may withdraw consent at any time. Legal basis: Consent.
We use the information we collect for the following purposes:
2.1. To provide, maintain, and improve the Services, including processing bookings and payments.
2.2. To verify your identity and authenticate your account.
2.3. To communicate with you about your bookings, including confirmations, reminders, cancellation notices, and receipts.
2.4. To process payments and manage billing.
2.5. To enforce our Terms of Service and protect against unauthorized use or abuse of the Services.
2.6. To comply with legal obligations and respond to lawful requests.
2.7. To analyze usage trends and improve the user experience.
2.8. To send you important service-related notices, such as policy changes or security alerts.
2.9. To send you marketing communications, but only if you have explicitly opted in (you may opt out at any time).
We do not sell, trade, or rent your personal information to third parties. We may share your information with the following data processors:
3.1. Stripe (Payment Processing): We share necessary payment and transaction information with Stripe, Inc. to process transactions. Stripe acts as an independent data controller for payment data. See https://stripe.com/privacy.
3.2. Resend (Email Communications): We share email addresses and names with Resend, Inc. to send booking confirmations, reminders, and marketing emails (with your consent). See https://resend.com/legal/privacy-policy.
3.3. Supabase (Database and Authentication): Your account and booking data is stored on infrastructure provided by Supabase, Inc. See https://supabase.com/privacy.
3.4. Render (Hosting): Our API and application are hosted on Render, Inc. infrastructure. See https://render.com/privacy.
3.5. NumVerify (Phone Validation): During signup, your phone number is validated through the NumVerify API (apilayer). See https://apilayer.com/privacy.
3.6. Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
3.7. Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
4.1. Our Services are hosted in the United States. If you access our Services from outside the United States, including from the European Economic Area (EEA), your personal data will be transferred to and processed in the United States.
4.2. Our third-party processors (Stripe, Resend, Supabase, Render) are based in the United States. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) where applicable, and participation in the EU-US Data Privacy Framework where certified.
4.3. By using our Services, you acknowledge and consent to the transfer and processing of your data in the United States.
5.1. Account information is retained for as long as your account is active or as needed to provide the Services. You may request deletion of your account at any time.
5.2. Booking records are retained for up to seven (7) years for financial, legal, and audit purposes, after which they are anonymized.
5.3. Agreement acceptance records are retained indefinitely for legal compliance purposes (PII is redacted upon account deletion).
5.4. Access logs and technical data are automatically deleted after ninety (90) days.
5.5. Payment records are retained in accordance with applicable tax and financial regulations.
5.6. Marketing preference records are deleted upon account deletion or upon request.
6.1. We implement industry-standard security measures to protect your personal data, including encryption in transit (TLS/SSL), secure authentication, role-based access controls, rate limiting, input validation, structured logging with PII redaction, and cryptographically signed tokens.
6.2. Payment data is handled exclusively by Stripe, which maintains PCI-DSS Level 1 compliance.
6.3. While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
6.4. You are responsible for maintaining the security of your account credentials. Do not share your password or login information with others.
7.1. We use a cookie consent banner. Only strictly necessary cookies are set by default. Functional cookies (e.g., sidebar preferences) require your explicit consent.
7.2. You can change your cookie preferences at any time through the consent banner or your browser settings.
7.3. We do not use third-party analytics or advertising trackers.
Depending on your location, you may have the following rights regarding your personal data:
8.1. Right of Access: You may request a copy of all personal data we hold about you. You can download your data at any time from your account dashboard.
8.2. Right to Rectification: You may access and update your personal information at any time through your account profile settings.
8.3. Right to Erasure ("Right to Be Forgotten"): You may request deletion of your account and personal data. Upon deletion, we will erase your profile, anonymize your booking and access log records, redact PII from agreement records, delete your marketing data, and delete your Stripe customer record. Certain anonymized data may be retained where required by law.
8.4. Right to Data Portability: You may download a copy of your personal data in JSON format from your account dashboard at any time.
8.5. Right to Restrict Processing: You may request that we restrict the processing of your personal data under certain circumstances.
8.6. Right to Object: You may object to processing based on our legitimate interests.
8.7. Right to Withdraw Consent: Where processing is based on consent (e.g., marketing), you may withdraw consent at any time by unsubscribing or contacting us. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
8.8. Right to Lodge a Complaint: If you are in the EEA, you have the right to lodge a complaint with your local Data Protection Authority.
8.9. No Automated Decision-Making: We do not use your personal data for automated decision-making or profiling that produces legal effects.
To exercise any of these rights, contact us at golflabsllc@gmail.com.
9.1. The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
10.1. The Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete it.
11.1. We may update this Privacy Policy from time to time. The "Last Updated" date at the top indicates when the policy was last revised. We will notify you of material changes via email or a notice on our Services. Continued use of the Services after changes constitutes acceptance of the revised policy.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
Golf Labs Technologies LLC Email: golflabsllc@gmail.com