DiscGolfer
← Back

Privacy Policy

Last updated: 23 April 2026

1. Who we are

DiscGolfer ("the App", "we") is a hobby project that helps disc golfers track scores and friendly side bets during rounds. The App is operated by a private individual based in Finland and is available as a web app and as a Progressive Web App (installable to your phone's home screen on iOS and Android).

2. What data we collect

  • Account data— email address, username, and display name you provide at sign-up. Optional: profile bio and avatar image.
  • Game data— scores, bet events, settlement records, course selections, and hole data you enter during rounds.
  • Social data— friend connections, group chat memberships, chat messages, emoji reactions, and photos you choose to share in group chat.
  • Favorites & preferences— course favorites, hidden games, and layout proposals.
  • Technical data— IP address, browser/device type, and basic request logs automatically collected by our hosting provider for security and abuse-prevention purposes. Client-side error reports (scope + short message) are written to an admin-only log so bugs can be diagnosed.

We do not collect precise location data, payment information, advertising identifiers, health / fitness data, contacts, or data from third-party services. We do not track you across other apps or websites. We do not use analytics cookies.

3. How we use your data

  • To provide and operate the App (authentication, score tracking, bet settlement).
  • To let you find and connect with other players (friend search by username).
  • To maintain and improve the shared course catalog (proposals, admin review).

We do not use your data for advertising, profiling, or automated decision-making.

4. Legal basis (GDPR)

  • Contract— processing is necessary to provide the service you signed up for (Art. 6(1)(b) GDPR).
  • Legitimate interest— basic security logging and abuse prevention (Art. 6(1)(f) GDPR).

5. Data processors & hosting

  • Supabase— database, authentication, file storage, and API hosting. Your data is stored in an EU-hosted Supabase project(Frankfurt / AWS eu-central-1). All personal data — account records, game scores, photos, chat messages — resides in the EU. Supabase's operating entity (Supabase Inc.) is US-registered; the corporate-level processing agreement covers any administrative access by their support engineers under Standard Contractual Clauses.
  • Vercel Inc.(USA) — web application hosting and edge delivery. Vercel serves the application code and static assets; it does not store your personal data. Request-level logs (IP, user-agent, path) pass through Vercel for up to 90 days. Processed under their DPA with SCCs.

We do not sell, share, or rent your data to any other third parties.

6. Data retention

Your account data and game history are retained as long as your account exists. When you delete your account, all associated personal data (profile, scores, bet events, friend connections, chat messages you authored, photos you uploaded) is permanently deleted within 30 days. Technical logs (IP, request metadata) are retained for up to 90 days and then deleted automatically. Admin error logs in client_errors are pruned to the last 30 days.

Rounds you played with other users remain visible to thoseusers in their own history, because those records are shared game data — not just yours. Your personal profile row is removed so your name appears as a guest entry on their side of the record.

7. Deleting your account

You can delete your account from inside the App at any time:

  1. Sign in.
  2. Open Profile.
  3. Scroll to Delete account.
  4. Confirm. You'll be signed out immediately; full erasure completes within 30 days.

Alternatively, email the contact address in Section 12 and we'll erase your account on your behalf within 30 days.

8. Your rights

Under GDPR you have the right to:

  • Access— request a copy of your personal data.
  • Rectification— correct inaccurate data (you can edit your username and display name in the App).
  • Erasure— delete your account and all associated data (see Section 7 for in-app steps).
  • Data portability— receive your data in a machine-readable format (JSON export on request).
  • Object / restrict— object to processing based on legitimate interest.
  • Lodge a complaint— with the Finnish Data Protection Ombudsman (tietosuoja.fi) or your local supervisory authority.

To exercise any of these rights, contact us at the email below.

9. Cookies & local storage

The App uses browser localStorage to persist your authentication session and in-progress game state, plus a short-lived cache of feed data (home, history, profile) so the app paints instantly on repeat visits. We do not use tracking cookies, analytics cookies, or third-party cookies. No cookie consent banner is required because we do not set any cookies beyond what is strictly necessary for the service to function.

10. Children

The App is not directed at children under 13 (USA COPPA) or under 16 (EU GDPR). We do not knowingly collect personal data from children under these thresholds. If you believe a child has created an account, contact us and we will delete it within 7 days.

11. Mobile app & platform notices

If you install the App to your phone's home screen (iOS Safari, Android Chrome, or via a platform app store wrapper), the App still runs as a Progressive Web App in your browser's engine. We do not collect device identifiers, the IDFA (iOS advertising identifier), Android Advertising ID, or any other cross-app tracking token. The only device signals we see are the user-agent string and public IP address, both used for standard web-server operations and abuse prevention only.

Where the App is distributed via a platform app store (Apple App Store, Google Play), the relevant platform's own data-collection policies apply to the download transaction itself (crash reports, install telemetry collected by the platform). We do not receive these.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated within the App. Continued use after changes constitutes acceptance.

13. Contact

For privacy-related questions, data-access requests, or erasure requests, email: privacy@dgda.app. We respond within 30 days as required by GDPR.