Privacy Policy
Last updated: March 15, 2026
1. Introduction
Welcome to LVL Golf ("we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application. We comply with the California Consumer Privacy Act (CCPA) and are working toward full Children's Online Privacy Protection Act (COPPA) compliance.
2. Categories of Personal Information Collected (CCPA)
In the past 12 months, we have collected the following categories of personal information:
| Category | Examples | Business Purpose |
|---|---|---|
| Identifiers | Name, email, phone | Account creation, authentication, communication |
| Personal info (Cal. Civ. Code ยง1798.80(e)) | Date of birth, address | Age-appropriate features, location services |
| Internet/network activity | Logs, IP address | Security, analytics |
| Golf & activity data | Scores, practice logs, session notes | Progress tracking, coaching |
| Health-related (optional) | Injury logs, pain check-ins | Injury tracking (opt-in) |
3. Sources of Personal Information
- Directly from you (signup, profile, activity logging)
- From parents/guardians (when they add a child)
- From coaches (when they create student records)
- Automatically (IP, device info via our hosting provider)
4. Third-Party Service Providers
We share data with the following vendors for business purposes. We do not sell your data.
| Provider | Data Shared | Purpose |
|---|---|---|
| Supabase | Account data, activity logs, golf metrics | Database hosting, authentication, file storage |
| Stripe | Name, email, payment info | Payment processing |
| Vercel | IP address, browser info | Hosting, CDN, edge functions |
| Resend | Email addresses, names | Transactional email delivery |
| OpenAI | Voice recordings, activity text | Voice transcription, activity extraction |
| Twilio | Phone numbers, SMS content | SMS notifications |
| Sentry | Error logs (may include user context) | Error monitoring and debugging |
| Mapbox | Location data (course maps) | Map rendering for golf courses |
We require all service providers to maintain appropriate security measures and only process data as instructed by us.
Users under 13: For users under 13, data sharing is limited to essential services only (Supabase for authentication and storage). We do not share data with optional third-party services without verifiable parental consent.
5. Data Retention
- Account data: Retained while account is active; 30-day grace after deletion request
- Activity logs, rounds, sessions: Retained with account
- Security logs: Up to 90 days
- Inactive accounts: May be flagged for cleanup per our data retention policy
6. Children's Privacy (COPPA)
We serve junior golfers and take children's privacy seriously. We are implementing verifiable parental consent (VPC) for users under 13. Until fully implemented, we recommend that parents create and manage accounts for children under 13. Parents can review, export, or request deletion of their child's data by contacting us at privacy@lvlgolf.com.
7. Your Rights (CCPA & General)
You have the right to:
- Know/Access: Download your data via
GET /api/my-data/export(or Settings โ Download My Data) - Delete: Request account deletion via
DELETE /api/my-data(30-day grace period) - Do Not Sell: We do not sell data. Opt-out page: Do Not Sell My Info
- Correct: Update your profile in Settings
- Non-discrimination: We will not discriminate against you for exercising these rights
8. Data Security
We use encryption, secure servers, and access controls. No method of transmission over the Internet is 100% secure.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by posting the new policy on this page and updating the "Last updated" date.
10. Contact Us
If you have questions about this Privacy Policy, please contact us at:
Email: privacy@lvlgolf.com
Subject: Privacy Policy Inquiry