Privacy Policy
Last updated: June 2, 2026
OpenCaddie LLC (“OpenCaddie,” “we,” or “us”) values your privacy. This Privacy Policy describes the information we collect, how we use it, and the choices you have.
This Policy applies to opencaddie.ai and the related software and services we provide (the “Service”).
1. Our Privacy Commitment
We designed OpenCaddie around a small number of strong commitments:
- Your data stays yours. You own the golf data you upload — shots, rounds, sessions, plans, and notes.
- Row-level security. Each user’s data lives in a Postgres row scoped to that user’s account. Other users cannot read your data through the application, and that boundary is enforced at the database layer, not just the app layer.
- We don’t share or aggregate. We do not sell your data, share it with advertisers, or aggregate it across users to build a population dataset.
- We don’t train models on your data. Your data is not used to train large language models or other machine-learning systems, by us or by our service providers (see Section 4).
2. Information We Collect
We collect the following categories of information:
- Account information: Your email address, first and last name, and any optional profile information you provide (handicap, primary goal, typical miss, bag setup).
- Golf data you upload: Launch monitor shot data, round scorecards, hole-by-hole stats, practice session logs, and notes about how sessions felt.
- Generated content: AI-generated insights and practice plans we create from your data.
- Usage data: Pages you visit, features you use, and basic device information (browser type, OS, language). We use this to understand how the Service is used and to fix problems.
- Communications: If you email us, your email content and address.
3. How We Use Information
We use your information to:
- Provide the Service — store your data, generate insights, show you your dashboard.
- Send you essential account communications (verification codes, billing receipts, product updates).
- Investigate and prevent abuse, security incidents, or violations of our Terms of Service.
- Improve the Service — usage data helps us understand which features matter and where users get stuck.
- Comply with legal obligations.
We do not use your golf data, your AI-generated insights, or your session notes to train machine-learning models.
4. Service Providers
We use the following service providers to operate the Service. Each is subject to the safeguards described.
- Supabase (database and authentication hosting): stores your account, golf data, and generated insights with row-level security policies enforcing per-user access boundaries.
- Vercel (web hosting and edge delivery): serves the application. Vercel does not access stored user data in the normal course of operating the Service.
- OpenAI (large language model inference): when you generate an AI insight, we send relevant slices of your data to OpenAI as input to the model. OpenAI’s API terms (which we rely on) prohibit OpenAI from using API inputs to train its models. We do not send personally identifying information to OpenAI beyond what is needed to produce coaching output (e.g., your first name).
- Stripe (payments, when Pro launches): handles credit card processing for paid subscriptions. Stripe is a PCI-compliant processor; we do not store full credit card numbers on our servers.
- Email delivery (currently routed through Supabase + Resend / SendGrid): used to send verification codes, account notifications, and product updates you opt into.
We do not share your data with any other third party except as described in this Policy or as required by law.
5. Disclosure for Legal Reasons
We may disclose information if we believe in good faith that doing so is necessary to (a) comply with a law, subpoena, or court order; (b) protect the security or integrity of the Service; (c) protect against fraud, abuse, or unauthorized access; or (d) protect the rights, property, or safety of OpenCaddie, our users, or others. If permitted by law, we will notify you before complying with a subpoena affecting your account data.
6. Data Retention
We retain your account and golf data for as long as your account is active. You may delete your account at any time (see Section 8). Upon deletion, we will delete your account data within thirty (30) days, except where retention is required by law (for example, billing records for accounting purposes).
Aggregated, de-identified usage statistics that cannot reasonably be linked back to you (for example, “X users uploaded data this week”) may be retained indefinitely.
7. Security
We protect your data through industry-standard safeguards including:
- Encryption in transit via TLS for all connections.
- Encryption at rest for stored data, provided by our hosting providers (Supabase and Vercel).
- Row-level security policies in the database that prevent users from accessing one another’s data.
- Limited administrative access — only the founder (Cody Bolitho) has direct database access for maintenance purposes.
No system is perfectly secure. If we discover a breach affecting your data, we will notify you as required by applicable law.
8. Your Rights
You have the following rights with respect to your personal information. To exercise any right, email contact@opencaddie.ai.
- Access: Request a copy of the personal information we hold about you.
- Correction: Update or correct inaccurate information.
- Deletion: Request that we delete your account and all associated data.
- Portability: Receive an export of your data in a structured, machine-readable format.
9. California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), including the right to know what personal information we collect, the right to request deletion, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights.
We do not sell or share personal information for cross-context behavioral advertising. The CCPA categories of personal information we collect are listed in Section 2 above.
10. Children’s Privacy
The Service is not directed to children under the age of 18, and we do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a child under 18, contact us and we will delete it.
11. International Users
The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Privacy laws in the United States may differ from those in your country.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service. The “Last updated” date at the top of this page reflects the most recent revision.
13. Contact
Questions about this Policy or your data? Email contact@opencaddie.ai.