Privacy Policy

We collect different information depending on how you use Ready Golf Pools. Here’s a straightforward breakdown.

Pool Admins (Account Required)

If you create a pool, you sign in through Clerk, our authentication provider. We receive and store:

• Your email address (verified by Clerk)
• A user ID assigned by Clerk
• Pool data you create – pool names, tournament selection, format settings, and pick deadlines

Pool Participants (No Account Needed)

Participants never need to create an account. When you join a pool and submit picks, we collect:

• Your name (as entered on the pick sheet – this appears on the leaderboard)
• Your email address (only if the pool admin has enabled the “require email” setting)
• Your golfer picks (the selections you make for each tier)

We also generate a unique edit token (a random identifier) that lets you modify your picks before the deadline. This token is stored in your browser and is the only way to edit your entry.

Automatically Collected Information

• Page views – We use Vercel Analytics to understand how people use the site. This tracks page views only, with no personal identifiers or cross-site tracking.
• IP address hashes – For rate limiting purposes, we temporarily store hashed (not plaintext) IP addresses to prevent abuse of public endpoints.

Payment Information

Pools with 5 or more entries require a one-time payment from the pool admin. All payment processing is handled entirely by Stripe. We never see, store, or have access to your credit card number, bank account details, or other payment credentials. We only receive confirmation from Stripe that a payment was completed.

What We Do Not Collect

• Credit card or bank account numbers
• Precise location or GPS data
• Social media profiles or contacts
• Advertising or marketing tracking data (no ad pixels, no retargeting)

We use the information we collect to:

• Run your pools – display picks on the leaderboard, calculate scores, and determine standings
• Send transactional emails – confirmation when you create a pool, submit picks, or join a pool (via Resend)
• Authenticate pool admins – so you can manage your pools across devices
• Prevent abuse – rate limiting protects public endpoints from automated misuse
• Improve the product – anonymous page view analytics help us understand which features are used

We do not sell, rent, or share your personal information with advertisers or data brokers. We do not send marketing emails. Every email we send is a direct response to an action you took on the site.

We rely on trusted third-party services to operate Ready Golf Pools. Each handles a specific function and has its own privacy policy:

• Clerk – Authentication for pool admins. Handles sign-in, session management, and email verification. Clerk Privacy Policy
• Stripe – Payment processing for pool upgrades. Stripe handles all payment data directly; we never see or store card numbers. Stripe Privacy Policy
• Resend – Transactional email delivery (pool creation confirmations, pick submission confirmations). Resend Privacy Policy
• Vercel – Website hosting and anonymous page view analytics (no personal data collected). Vercel Privacy Policy
• Supabase – Database hosting (PostgreSQL). Stores pool data, entries, and scores. Supabase Privacy Policy
• Upstash – Rate limiting via Redis. Stores hashed IP addresses temporarily (expires within 60 – 300 seconds). Upstash Privacy Policy
• ESPN – We fetch publicly available golf scores and tournament data from ESPN. No user data is sent to ESPN.
• The Odds API – We fetch golf tournament odds for tier assignments. No user data is sent to this service.
• Cloudflare – DNS and SSL proxy. All traffic to our site routes through Cloudflare before reaching our servers. See Cloudflare’s Privacy Policy.

Your data is stored in a PostgreSQL database hosted by Supabase, with connections secured via SSL. Our application is hosted on Vercel with HTTPS enforced on all connections.

We protect your information through:

• HTTPS encryption on all connections between your browser and our servers
• Secure, encrypted database connections via connection pooling
• HTTP security headers including HSTS (HTTP Strict Transport Security) and Content Security Policy
• Rate limiting on public endpoints to prevent automated attacks
• Edit tokens are random UUIDs – they cannot be guessed and are only known to the participant who created the entry
• Admin routes are protected by Clerk authentication – only the pool creator can manage a pool

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to following industry best practices.

We use a minimal set of cookies and browser storage, limited to what’s necessary to make the site work:

• Clerk session cookies – Used to keep pool admins signed in. These are essential authentication cookies set by Clerk and are required for admin functionality.
• localStorage – We store a small amount of data in your browser’s local storage to help you find your pools later (pool references and edit tokens). This data never leaves your device unless you use it to look up a pool.

We do not use advertising cookies, marketing pixels, or cross-site tracking cookies of any kind.

• Pool and entry data – Retained indefinitely so participants can revisit historical leaderboards and results from past tournaments.
• Admin account data – Retained as long as your Clerk account exists. You can delete your account at any time (see “Your Rights” below).
• Rate limiting data – Hashed IP addresses expire automatically within 60 – 300 seconds and are not stored permanently.
• Transactional email records – Email delivery logs are maintained by Resend according to their retention policy.

You have the right to:

• Access your data – Request a copy of the personal information we hold about you.
• Correct your data – Pool admins can update entry emails from the admin dashboard. Participants can edit their name and picks before the deadline using their edit link.
• Delete your data – Request that we delete your personal information. Pool admins can delete individual entries from their dashboard. For full account or data deletion, contact us using the details below.
• Data portability – Request your data in a portable format.

To exercise any of these rights, email us at privacy@readygolfpools.com. We will respond to all requests within 30 days.

If you are a resident of the European Economic Area (EEA), the United Kingdom, or California, you may have additional rights under applicable data protection laws (GDPR, UK GDPR, or CCPA). We will honor those rights upon request. We do not sell personal information as defined under the CCPA.

Ready Golf Pools is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.

Pool admins who make payments through Stripe must be at least 18 years old (or the age of majority in their jurisdiction).

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page. For significant changes, we may also post a notice on the homepage.

We encourage you to review this policy periodically. Your continued use of Ready Golf Pools after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

privacy@readygolfpools.com

You can also reach us through the feedback form for general questions about the service.