Privacy Policy
Last updated: 18 March 2026
1. Data Controller
GolfMode ("we," "us," or "our") is the data controller responsible for processing personal data described in this policy. We are based in Stockholm, Sweden.
Contact: greenkeeper@golfmode.io
2. What Data We Collect
2.1 Mobile App
GolfMode does not currently require user accounts. No login, email address, or personal profile information is collected through the app. The following data is processed:
- Device token (OneSignal) — used solely for delivering push notifications. No user identity is attached.
- Anonymous usage events (PostHog) — screen views, feature interactions, and session data. No personally identifiable information (PII) is collected. PostHog is hosted in the EU.
- Anonymised crash reports (Sentry) — stack traces, device model, and OS version. All PII is scrubbed before transmission. Sentry is hosted in the EU.
- Locally stored preferences — followed players, followed tournaments, and notification settings are stored on your device using SharedPreferences. This data never leaves your device and is never transmitted to our servers.
2.2 Website (golfmode.io)
- Anonymous analytics (Google Analytics via Google Tag Manager, PostHog) — page views, referral source, browser type, and session duration. No PII is collected.
- Cookie consent preference — stored locally in your browser (localStorage). Not transmitted to any server.
- Contact form submissions (Formspree) — if you choose to contact us, we collect your name, email address, and message content. This data is processed by Formspree on our behalf.
3. Legal Basis for Processing (GDPR Article 6)
We process personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Push notification delivery (device token) | Consent (Art. 6(1)(a)) — you opt in via your device settings |
| Anonymous app analytics (PostHog) | Legitimate interest (Art. 6(1)(f)) — improving the app |
| Crash reporting (Sentry) | Legitimate interest (Art. 6(1)(f)) — maintaining service stability |
| Website analytics (GA4, PostHog) | Consent (Art. 6(1)(a)) — via our cookie banner |
| Contact form (name, email, message) | Consent (Art. 6(1)(a)) — you choose to submit the form |
4. Third-Party Services
We work with the following third-party services. No user PII is shared with any third party except where explicitly noted.
| Service | Purpose | Data Shared |
|---|---|---|
| Sportradar | Golf data provider (scores, stats) | None — no user data is shared |
| PostHog (EU) | Product analytics | Anonymous events, no PII |
| Sentry (EU) | Crash reporting | Anonymised crash data, PII scrubbed |
| OneSignal | Push notifications | Device token only, no user identity |
| AWS (eu-north-1) | Infrastructure & hosting | All data encrypted at rest (Stockholm) |
| Google Analytics | Website analytics (via GTM) | Anonymous browsing data (with consent) |
| Formspree | Contact form processing | Name, email, message (user-submitted) |
| ImprovMX | Email forwarding | Email metadata for forwarding only |
5. Cookies and Tracking Technologies
Our website uses the following types of cookies:
- Essential cookies — required for basic website functionality (e.g., cookie consent preference stored in localStorage). These do not require consent.
- Analytics cookies — Google Analytics and PostHog, used to understand website usage. These are only activated after you provide consent via our cookie banner.
We do not use marketing or advertising cookies. You can manage your cookie preferences at any time through our cookie banner or your browser settings. Declining analytics cookies does not affect your ability to use the website.
The GolfMode mobile app does not use cookies.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Push notification device tokens | Until you uninstall the app or revoke notification permission |
| Anonymous analytics events | 24 months |
| Crash reports | 90 days |
| Google Analytics data | 14 months (Google default) |
| Contact form submissions | 12 months, then deleted unless ongoing correspondence |
| Local app preferences (follows, settings) | Stored on your device only — deleted when you uninstall |
7. International Data Transfers
We store and process data primarily within the European Union:
- AWS — eu-north-1 (Stockholm, Sweden). All data encrypted at rest.
- PostHog — EU-hosted instance. Data remains within the EU.
- Sentry — EU-hosted instance. Data remains within the EU.
- Google Analytics — anonymous analytics data may be transferred to the United States. Google is certified under the EU-US Data Privacy Framework, providing adequate safeguards as recognised by the European Commission.
- OneSignal — device tokens may be processed in the United States. Transfers are covered by Standard Contractual Clauses (SCCs).
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption at rest and in transit (TLS 1.2+)
- Least-privilege access controls on all infrastructure
- WAF (Web Application Firewall) protection on all public endpoints
- Infrastructure hosted entirely in AWS eu-north-1 (Stockholm)
- Regular security reviews and dependency updates
9. Your Rights Under GDPR
Under the General Data Protection Regulation, you have the following rights regarding your personal data:
- Right of access (Art. 15) — request a copy of any personal data we hold about you.
- Right to rectification (Art. 16) — request correction of inaccurate personal data.
- Right to erasure (Art. 17) — request deletion of your personal data ("right to be forgotten").
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interests.
- Right to restriction (Art. 18) — request that we restrict processing in certain circumstances.
- Right to withdraw consent (Art. 7(3)) — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at greenkeeper@golfmode.io. We will respond within 30 days as required by GDPR.
Since GolfMode currently does not require user accounts and collects minimal data, most personal data (followed players, settings) is stored locally on your device and is not accessible to us. You can delete this data at any time by uninstalling the app.
10. Children's Privacy
GolfMode is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at greenkeeper@golfmode.io and we will promptly delete such data.
11. Supervisory Authority
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:
Integritetsskyddsmyndigheten (IMY)
Swedish Authority for Privacy Protection
Box 8114, 104 20 Stockholm, Sweden
www.imy.se
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the app or website. Your continued use of GolfMode after any changes constitutes acceptance of the updated policy.
13. Contact Us
For any questions about this Privacy Policy, your personal data, or to exercise your GDPR rights:
- Email: greenkeeper@golfmode.io
- Company: GolfMode, Stockholm, Sweden
Questions about your privacy?
We are here to help. Reach out to our team for any questions or data requests.
Contact Us