Legal

Privacy Policy

Last updated: April 2025

Who we are

Discaddie is a disc golf caddie application. The data controller responsible for your personal information is:

Alexander Lund, operating under the Discaddie brand
Contact: bogey@discaddie.com

This policy covers both the website at discaddie.com and the Discaddie mobile and web application.

Age requirement

Discaddie is intended for users aged 16 and older. We do not knowingly collect personal data from anyone under 16. If you believe a person under 16 has provided us with personal data, please contact us at bogey@discaddie.com and we will delete it promptly.

What we collect

We collect only what is necessary to provide the service. This includes:

Account information — your email address, username, and hashed password when you create an account
Practice data — shot records, distances, session logs, and putting challenge results that you enter while using the app
Disc bag data — the discs you add to your bag and their flight characteristics
Caddie plans — hole plans and round caddie strategies you create
Session tokens — authentication tokens stored locally on your device to keep you logged in

We do not collect your location, payment information, contacts, or any device identifiers. We do not use third-party analytics or advertising trackers.

In short: we collect your account credentials and the disc golf data you choose to log. Nothing else.

Why we collect it

Each type of data has a specific purpose:

Account information is required to create and secure your account. The legal basis is performance of a contract (GDPR Article 6(1)(b)).
Practice, bag, and caddie data is the core content of the service — without it the app cannot function. The legal basis is performance of a contract (GDPR Article 6(1)(b)).
Session tokens are necessary to keep you authenticated between sessions. The legal basis is legitimate interest (GDPR Article 6(1)(f)).

How we store it

All data is stored securely using Supabase, a GDPR-compliant cloud infrastructure provider. Your data is stored within the European Union. Supabase does not access or use your data for their own purposes.

Passwords are never stored in plain text — they are hashed using bcrypt before storage.

We do not sell, share, or transfer your personal data to any third parties for marketing or any other purpose.

Third-party processors

We use the following third-party service to operate Discaddie:

Supabase Inc. (supabase.com) — database, authentication, and file storage. Data is stored in the EU. Supabase is certified under the EU–US Data Privacy Framework.

No other third parties have access to your personal data.

How long we keep it

We keep your data for as long as your account is active. If you delete your account, all associated personal data — including your email, username, practice sessions, disc bag, and caddie plans — will be permanently deleted within 30 days.

You can request deletion at any time by emailing bogey@discaddie.com.

Your rights under GDPR

As a resident of the EU/EEA you have the following rights regarding your personal data:

Right of access — you can request a copy of all data we hold about you
Right to rectification — you can correct inaccurate or incomplete data
Right to erasure — you can request deletion of your account and all associated data
Right to restrict processing — you can ask us to pause processing your data in certain circumstances
Right to data portability — you can request your data in a structured, machine-readable format
Right to object — you can object to processing based on legitimate interest
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email bogey@discaddie.com. We will respond within 30 days.

If you believe your rights have been violated, you have the right to lodge a complaint with the Danish data protection authority: Datatilsynet (datatilsynet.dk).

Cookies & local storage

The Discaddie website does not use tracking or analytics cookies. No cookie consent banner is required.

The Discaddie app stores an authentication token in your device's local storage to keep you logged in between sessions. This token is used solely for authentication and is never shared with third parties.

Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or misuse. These include encrypted data transmission (HTTPS), hashed password storage, and row-level access controls ensuring users can only access their own data.

In the event of a data breach that affects your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33.

Changes to this policy

If we make significant changes to how we handle your data, we will update this page and revise the date at the top. For material changes, registered users will be notified by email.

Contact

Questions, requests, or concerns about this policy or your data — reach us at bogey@discaddie.com. We will get back to you personally.