This Privacy Policy describes how Birdie Bet ("we", "us", "the app") handles information when you use the Birdie Bet mobile application and the Birdie Bet website. By using the app or the website, you accept the practices described below.
We have written this policy to be readable. Where the law requires specific language (for example, references to GDPR or CCPA rights), the legally required language is included alongside the plain-language summary.
1. What Birdie Bet is
Birdie Bet is a golf scorecard companion. It lets you:
- Track your score for 9- or 18-hole rounds of golf.
- Calculate side games commonly played between friends on the course (Nassau, skins, foursomes, Vegas, Wolf).
- Calculate a WHS (World Handicap System) index from your own rounds.
- Share a live, in-progress round with friends through a 6-character code or QR.
- Keep a history of your rounds, rivals and statistics.
Birdie Bet does not receive, hold, transmit, or settle any real-world money. Any agreement between players about the side games they play is solely between those players. Birdie Bet only counts the points.
2. The information we handle
2.1 Account information
When you create an account we collect:
- Email address — used as your login identifier.
- Password — never stored in plaintext. Authentication is handled by Google Firebase Authentication, which stores a salted hash on Google servers.
- Display name — the name you choose for your scorecards. Optional. Defaults to a random alias when omitted.
You can use the app without creating an account in a local-only mode. In that mode, the app stores your data only in your device's local storage. No data leaves your device.
2.2 Golf round information
We store the data you enter:
- Scores per hole, putts, marker tags (Birdie, Eagle, Hole-in-One, Sandy).
- Side-game configuration and per-hole results.
- The course name and tee you played.
- The date of the round.
- The names you give to your rivals (which can be aliases).
- An optional memory photo per round, which you choose to attach yourself.
2.3 Live round sharing
When you tap "Share live round", the app creates a public document in our database identified by a 6-character access code. Anyone who has the code (or scans the QR you share) can read the live state of that specific round.
- The shared document contains scores, hole results, side-game state, configuration and player display names for the active round only.
- It does not include your email address, password, account history, statistics, or any other round.
- You can delete a shared round at any time from the app or by emailing us.
- Anyone with the 6-character code can read and post updates to that round. Treat the code like a verbal password.
2.4 Device and connection information
Standard request metadata is processed automatically: IP address (transient), device type, OS version, app version, and approximate region inferred from IP. We do not collect a persistent device identifier, advertising ID, IMEI, MAC address, or SIM information.
2.5 Camera access
The app offers a "scan scorecard" feature where you can take a photo of a paper scorecard. When you use it:
- Your phone's standard system camera UI is invoked using a web file-picker mechanism. The app does not request the Android
CAMERApermission. - The photo is sent once to our processing function, which forwards it to a third-party model (Anthropic, see section 4) to extract the scores. The photo is not stored by us after the response is returned.
- Manual entry is always available.
2.6 Location
Birdie Bet does not collect device location. The course you played is selected from a course database; it is not derived from GPS.
2.7 Push notifications
The current production build (v1.0.0) does not send push notifications. If a future version adds them, we will update this policy and re-prompt for consent before any device token is registered.
2.8 Analytics and crash reports
We use Google Firebase, which includes basic, anonymized crash and performance telemetry. Firebase Analytics is not enabled in the current build; if we enable it, we will update this policy first.
2.9 Children
Birdie Bet is intended for users 18 years of age or older. We do not knowingly collect information from anyone under 13 (or under the equivalent local digital-consent age). If you believe a child has used the app, email admin@birdiebet.mx and we will delete the account.
3. How we use the information
We use the information described above to:
- Sign you in and keep your session active.
- Save and sync your golf rounds across your own devices.
- Show your rounds, statistics, trophies and handicap.
- Make the live-round share feature work.
- Diagnose crashes, fix bugs and improve performance.
- Reply to your support emails.
We do not sell or rent your information; do not use your data to train machine-learning models; show no advertising in the app; do not profile you for any purpose beyond product reliability.
4. Third parties that process information on our behalf
| Service | Role | Data sent |
|---|---|---|
| Google Firebase (Auth + Firestore + Storage) | Account auth, cloud sync, memory photos | Email, password hash, round data, optional photo |
| Netlify | Static hosting and serverless functions | Request metadata, request payloads |
| Golf Course API | Course/tee data lookup | The course-name query you type |
| Anthropic (Claude) | OCR of scanned scorecards (on demand) | The single photo you choose to scan |
Each provider's privacy commitments: Firebase, Netlify, Golf Course API, Anthropic.
5. Where your data lives
- Firebase Firestore: Google's
us-central1region by default. - Netlify: distributed CDN with edge nodes worldwide. Function execution is on AWS infrastructure.
- Your device: your active round and a local cache of recent rounds.
6. How long we keep the information
| Data type | Retention |
|---|---|
| Account record (email + password hash) | Until you delete your account |
| Rounds, rivals, statistics, trophies | Until you delete them or your account |
| Live-round shared document | Until you delete it |
| Memory photos | Until you delete the round |
| Scanned scorecard photo | Not retained; discarded after response |
| Server access logs (Netlify) | 30 days max |
| Crash reports | 90 days max |
7. Security
- Connections to our servers use TLS 1.2 or higher.
- Passwords are hashed by Firebase Authentication; we never see them.
- Firestore documents are protected by per-user security rules.
- Public live-round documents are isolated from all other collections.
- Netlify functions enforce CORS and validate origins.
No system is perfectly secure. If we ever discover a security incident affecting your data, we will notify affected users by email within 72 hours of confirmation.
8. Your rights
Depending on where you live, you may have the following rights. We honor them globally regardless of jurisdiction.
- Access — request a copy of the data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — delete your account and all associated data.
- Portability — receive your data in a machine-readable format (JSON).
- Restriction — ask us to stop processing your data while a request is reviewed.
- Objection — object to a specific processing activity.
- Withdraw consent — for any activity based on consent, withdraw it at any time.
To exercise any of these rights, email admin@birdiebet.mx from the address on your account. We will respond within 30 days.
California (CCPA / CPRA)
If you are a California resident, you also have the right to know what categories of personal information are collected, request deletion, and be free from retaliation for exercising any of these rights. We do not "sell" or "share" personal information as those terms are defined under California law.
European Economic Area, UK, Switzerland (GDPR / UK GDPR)
The legal basis for processing your account and round data is performance of a contract (Art. 6(1)(b) GDPR). The legal basis for security and crash diagnostics is legitimate interest (Art. 6(1)(f)). The legal basis for the optional scanned scorecard photo is consent (Art. 6(1)(a)) — withdraw by not using the scan feature. You have the right to lodge a complaint with your local supervisory authority.
9. Cookies and similar technologies
The Birdie Bet web app uses localStorage and sessionStorage to keep you signed in and to cache your current round. We do not use third-party advertising cookies. We do not use analytics cookies in the current build. The service worker (sw.js) caches static assets to make the app work offline; cached assets contain no personal data.
10. International transfers
If you are outside Mexico or the United States, your data may be transferred to and processed in those countries. Our service providers (Google, Netlify, Anthropic) maintain Standard Contractual Clauses or equivalent mechanisms for cross-border transfers, as required by GDPR.
11. Deleting your account and data
- Self-serve: email admin@birdiebet.mx with subject "Delete my account" from the email on your account. We delete within 30 days and confirm by reply.
- Live-round only: contact us with the 6-character code; we will remove just that shared document.
- Specific round: open the round in the app and delete it from the History page.
Deletion is permanent. Backups are purged within 60 days.
12. Changes to this policy
We will post any change to this policy on this page and update the "Last updated" date at the top. Material changes (for example, a new third party that handles your data) will also be announced in-app and by email if we have one for you.
13. Contact
Questions or requests? Write to admin@birdiebet.mx. Postal address can be provided on request.