Privacy Policy

Effective date: 20 May 2026

1. Introduction

Pin High Tech Ltd (“we”, “us”, “our”), a company registered in England and Wales, is the data controller for personal data collected through the MyCaddi application (“the App”).

We are committed to protecting your privacy and handling your data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data.

2. Data We Collect

Account information — name, email address, age confirmation (that you are 16 or older), and authentication method (email/password, Apple ID, or Google account).

Profile information — gender, dominant hand, handicap, home course, shot shape, typical miss pattern, and club bag composition (clubs and distances).

Golf data — round scores, shot-by-shot data, club selections, course played, and tee selection.

Location data — GPS coordinates during active rounds, used for distance calculations, course navigation, and AI caddy recommendations. Location is only collected while you are actively playing a round with the App open.

Device and usage data — device type, operating system version, app version, and general usage patterns (e.g. features used, session duration). We do not collect advertising identifiers.

Payment data — we do not collect or store payment card details. All payments are processed by Apple (App Store) or Google (Play Store), and we receive only a confirmation of your subscription status.

3. How We Collect Your Data

Directly from you — when you register, complete onboarding, update your profile, or play rounds.

Automatically — GPS location during active rounds, device information, and app usage analytics.

From third parties — basic profile information from Apple or Google if you choose OAuth sign-in (name and email only).

4. Legal Bases for Processing

We process your data under the following legal bases:

  • Contract — processing necessary to provide the MyCaddi service (account management, AI caddy features, statistics, handicap tracking).
  • Consent — location data collection during rounds, and any optional communications we may send. You can withdraw consent at any time.
  • Legitimate interests — analytics to improve the App, security monitoring, and aggregated benchmarking data. We balance these interests against your rights and freedoms.

5. How We Use Your Data

  • AI caddy recommendations — your golf data, location, and profile are used to generate personalised club selection, strategy, and course management advice.
  • Handicap tracking — round scores are used to calculate and update your handicap.
  • Performance insights — your statistics are analysed to identify trends, strengths, and areas for improvement.
  • Benchmarking — gender and handicap data may be used in anonymised, aggregated form to provide comparative statistics (e.g. distance percentiles). If you select “Prefer not to say” for gender, you receive neutral benchmarks.
  • Social features — challenges, leaderboards, and friend activity (Premium tier). You control what is visible to others.
  • Service improvement — aggregated, anonymised data helps us improve AI accuracy, course data, and app features.

6. On-Device Processing

MyCaddi uses an on-device AI model that runs directly on your phone. When using the Free tier’s on-device caddy, your golf data is processed locally and does not leave your device for AI purposes.

The Premium cloud caddy sends relevant round data to our servers for deeper analysis. This data is processed solely to generate your caddy recommendations and is not used for any other purpose.

7. Third-Party Services

We use the following third-party services to operate the App:

  • Microsoft Azure (UK South region) — cloud hosting and infrastructure.
  • Golfbert and GolfAPI.io — course data (layouts, hole information, coordinates). No personal data is shared with these providers.
  • Mapbox — map rendering. Location data is shared with Mapbox during active rounds to display course maps. See Mapbox’s privacy policy.
  • Apple App Store / Google Play Store — payment processing for Premium subscriptions.
  • Azure Communication Services — transactional emails (account verification, password reset).

We do not sell your personal data to any third party. We do not share your data with advertisers.

8. Data Retention

  • Active accounts — your data is retained for as long as your account is active.
  • Deleted accounts — upon account deletion, your personal data is permanently removed within 30 days. Backup copies may persist for up to 90 days before being purged.
  • Aggregated data — anonymised, aggregated data (e.g. average distances by handicap range) may be retained indefinitely as it cannot be linked back to you.

9. Your Rights

Under UK GDPR, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data. You can also update most information directly in the App.
  • Erasure — request deletion of your data. You can delete your account through the App at any time.
  • Data portability — request your data in a commonly used, machine-readable format.
  • Restrict processing — request that we limit how we use your data.
  • Object — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@pinhightech.co.uk. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

10. International Transfers

Your data is primarily stored and processed in the United Kingdom (Azure UK South region).

Some third-party services may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including:

  • UK adequacy decisions for the receiving country
  • Standard Contractual Clauses (SCCs) approved by the ICO
  • The provider’s participation in recognised certification frameworks

11. Children

MyCaddi is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete that data promptly.

If you believe a child under 16 has provided us with personal data, please contact us at privacy@pinhightech.co.uk.

12. Security

We take reasonable technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest
  • On-device AI processing for the Free tier, minimising data transmission
  • Secure authentication via industry-standard protocols (OAuth 2.0, bcrypt password hashing)
  • Access controls limiting who within our organisation can access personal data

No system is completely secure. If we become aware of a data breach that affects your rights, we will notify you and the ICO in accordance with our legal obligations.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days’ notice via email or an in-app notification.

The “Effective date” at the top of this page indicates when the policy was last updated. We encourage you to review this page periodically.

14. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us:

Pin High Tech Ltd
Email: privacy@pinhightech.co.uk