Privacy Policy

Last updated: May 2026

1. Who We Are

Caddy Scout (“we”, “us”, “our”) is a golf course discovery platform operating at caddy-scout.golf. We help golfers find, compare and plan visits to golf courses across the UK, Ireland and beyond.

2. What Data We Collect

Account data (if you register)

  • Email address and display name
  • Bcrypt-hashed password (we never store plaintext passwords)
  • Handicap index and home country (optional, provided by you)
  • Two-factor authentication secret (encrypted at rest, if enabled)
  • Saved courses, trip plans and round logs you create
  • Last active timestamp (used for inactive account management)

Usage data (anonymous)

  • Pages visited, search queries (no personally identifiable info attached)
  • Browser type, operating system, approximate geographic region (from IP)
  • We do not use third-party advertising trackers

Content you submit

  • Course suggestions or corrections you submit via the suggestion form
  • Your name or email if you provide them in a suggestion

3. How We Use Your Data

  • Providing and personalising the Caddy Scout service (saved courses, trip planner, handicap tracking)
  • Sending transactional emails: account confirmation, password reset, inactivity notices
  • Improving course data accuracy based on user suggestions
  • Detecting and preventing abuse (bot signup prevention, rate limiting)
  • We do not sell your data to third parties
  • We do not use your data for unsolicited marketing without your consent

4. Cookies & Local Storage

We use minimal cookies and browser storage:

  • Session cookie — keeps you logged in (HttpOnly, Secure, SameSite=Lax)
  • Local storage — stores your filter preferences and trip plan locally (no account required)
  • No advertising or analytics cookies from third parties

5. Data Retention & Inactive Accounts

We retain your account data as long as your account is active. Accounts inactive for 24 months will receive an email warning; after a further 30 days of inactivity the account and all associated personal data will be automatically deleted. Course pins, trip plans and round logs will be removed with the account. You may delete your account at any time from your profile settings.

6. Data Security

  • All traffic is encrypted via HTTPS (TLS 1.3)
  • Passwords are hashed using bcrypt (cost factor 12) — never stored in plaintext
  • MFA secrets are stored encrypted at the database level
  • Database access is restricted to application servers only
  • We perform regular security reviews and promptly address reported vulnerabilities

7. Your Rights (UK GDPR)

Under UK GDPR you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and data
  • Portability — receive your data in a machine-readable format
  • Objection — object to specific processing activities

To exercise any right, email us at privacy@caddy-scout.golf. We will respond within 30 days.

8. Third-Party Services

  • Mapbox — map rendering. Subject to Mapbox Privacy Policy
  • Google Fonts — typography. Subject to Google Privacy Policy
  • IP geolocation (ipapi.co) — used once on page load to suggest your local country; no data is stored by us

9. Changes to This Policy

We may update this policy. Material changes will be notified by email to registered users and via a notice on the site. The “Last updated” date at the top indicates when it was last revised.

10. Contact

Questions about this policy? Contact us at privacy@caddy-scout.golf or via the Suggest / Feedback button on the main site.

← Back to MapAbout Caddy Scout