Privacy Policy

Effective date: June 15, 2026 · Version 1

StakeMarker is a golf score tracking app with optional live-sharing features. This policy explains what data is stored, what is shared, and how you can control it.

Information We Store

• Scorecard data you enter (player names, handicaps, scores, game options).
• Email address and display name if you sign in or use account features.
• App preferences (theme, layout/settings, UI options).
• Optional cloud session data when you use Live Sharing.
• Subscription entitlement records if you purchase a paid plan — see the Subscriptions section below.
• Your mobile phone number, if you choose to verify it through the optional phone sign-in flow — see the Phone Number Verification section below.

Where Data Is Stored

• On your device: Local app data is saved in browser/app local storage.
• In cloud sessions (optional): If you enable Live Sharing, session data is stored on encrypted cloud infrastructure we operate.
• Security monitoring: the app loads a small tracking request on each page load that contacts a server function we operate. This is used solely to detect unauthorized rehosting of the app's code on foreign domains. For users accessing the app through stakemarker.com or the iOS/Android apps, no identifying information from this request is retained beyond standard server logs. IP addresses and browser identifiers from requests originating on unrecognized domains may be logged temporarily for security review.

Sign in with Google (Google User Data)

StakeMarker offers "Sign in with Google" as one optional way to create or access an account. It is built on Google's OAuth 2.0 / OpenID Connect sign-in and requests only the basic, non-sensitive profile scopes — openid, email, and profile. StakeMarker does not request access to Gmail, Google Drive, Google Calendar, Contacts, Photos, or any other Google service, and never requests any restricted or sensitive scope.

• Google user data we access: when you sign in with Google, Google shares a basic profile with us — your Google account identifier, your email address, your name (display name), and your profile picture URL. That is the entire extent of the Google user data the App accesses, collects, or interacts with.
• How we use it: solely to authenticate you, to create and identify your StakeMarker account, and to associate your saved rounds and Live Sharing activity with that account. We do not use Google user data for advertising or marketing, and we do not use it — or transfer it — to develop, improve, or train generalized AI or machine-learning models.
• How we store it: your Google account identifier, email address, name, and profile picture URL are stored as part of your account record on our managed cloud platform (Google Firebase Authentication, a Google service). They persist while your account is active and are deleted when you delete your account (see Data Retention and Account Deletion below).
• How we share it: we do not sell your Google user data and do not share it with third parties, except the service providers required to operate the App — primarily Google Firebase, which hosts the App's authentication and backend infrastructure. Each provider processes the data only to provide that service to us, and not for its own independent purposes.
• Limited use: StakeMarker's use of and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.
• How to avoid it: "Sign in with Google" is optional — you can sign in with another available method (such as Sign in with Apple) or continue as a guest instead, in which case none of the Google user data above is accessed.
• Revoking access: you can revoke StakeMarker's access to your Google account at any time from your Google Account's third-party access settings.

Data We Do Not Intentionally Collect

• No payment card numbers, bank details, or other direct payment data — all subscription billing is handled entirely by the platform's app store (see Subscriptions below).

Subscriptions (Optional)

If you choose to purchase a paid plan (Plus, Pro, or Ultra), the actual purchase transaction is handled by your device's app store using its billing system. We never see your payment card number, bank details, or billing address — those live with the app store provider and are governed by its privacy policy.

What we store when you purchase a subscription:

• The product you purchased (e.g. plus_monthly) and the tier it grants you.
• The expiration date so we know when to stop granting paid access if you cancel.
• An app-store-issued transaction ID used to look up the purchase if the store notifies us of a refund, renewal, or cancellation.
• The store-reported status (active, expired, revoked) so refunds and family-share changes propagate accurately.

We receive automatic notifications from your device's app store when a subscription renews, fails to renew, is refunded, or is canceled. These notifications contain only the transaction identifier and the new state — no payment details. We use them to keep your access synchronized with what you've actually paid for.

You can cancel a subscription at any time in your app store account settings — the in-app paywall also surfaces a direct link to the store's subscription management screen. Canceling stops future renewals; you keep access until the end of the period you've already paid for. We honor refunds your app store issues on your behalf.

Notifications

If you enable notifications (for example, birdie/eagle alerts), device push tokens may be processed by your operating system's push notification service to deliver those notifications.

Error Reporting (Diagnostics)

To help identify and fix bugs, the app integrates Sentry, a third-party error-reporting service. When a JavaScript error occurs, Sentry receives the error message, stack trace, and a breadcrumb trail of recent app events for diagnostic context.

• What is sent: error messages, stack traces, breadcrumbs (the category and message of recent app events), and a small sample of milestone events such as whether a Live Sharing sync succeeded or failed. We do not send your name, email address, player names, course names, or any other personal content — only your Firebase account identifier (an opaque ID, not linked to your name or email) and technical context.
• What is not sent: audio, images, scorecard content, or any text you have typed into the app. A scrubbing pass removes fields we consider personal before any data leaves your device.
• Sentry may process this data in the United States. See Sentry's privacy policy for details on retention and handling.

Scorecard Photo Scan (Optional Feature)

If you use Scan Scorecard to import scores from a photo, the captured image is sent over an encrypted connection to a server function we operate, which in turn submits the image to a managed third-party AI service for optical character recognition. The service reads the printed and handwritten content on the card and returns structured scores back to your device.

This feature requires you to be signed in with a registered account. Guest/anonymous use is not permitted for the scan feature, both to attribute usage to an account for abuse prevention and to help us responsibly manage the cost of the underlying service.

• What is sent: the scorecard photo you capture, your authenticated user identifier, and a device attestation token that confirms the request came from the legitimate app.
• What is returned: the parsed player names, hole pars, and per-hole scores that you then review and confirm before they are written into your scorecard.
• Retention: we do not store the scanned image or the OCR result on our servers. The image is held in memory only for the duration of the request. The reviewed scores you save become part of your regular scorecard data, governed by the sections above.
• Use by the AI provider: per the AI provider's service terms, customer content sent through paid endpoints is not used to train its foundation models. The provider may retain transient logs for abuse detection and service reliability in accordance with its terms.
• Processing region: requests are processed in the AI provider's primary cloud region.
• Be mindful of what is visible on the card before scanning — anything legible in the photo (names, handwriting, other annotations) is included in what gets sent.
• How to avoid it: if you prefer not to use cloud processing, simply enter scores manually instead of using the scan feature. The rest of the app works fully without ever uploading an image.

Voice Input (Optional Feature)

If you use Voice Input to enter scores or game actions by speaking, the speech-to-text conversion is handled by your device's own built-in speech recognizer — the operating system's recognizer in the iOS and Android apps, or the browser's built-in Web Speech service on desktop.

Your platform's speech service — Apple on iOS, Google on Android, or your browser's vendor on desktop — processes the audio to produce the transcript. Depending on your device, settings, language, and network connection, that service may transmit your audio to the platform provider to perform the recognition, under that provider's own privacy policy. In every case, StakeMarker itself never receives your audio — only the resulting text.

Once the recognizer produces a text transcript (e.g. "hole 5, Daniel had a 4"), that text-only transcript is sent over an encrypted connection to a server function we operate, which forwards it to a managed third-party AI service for parsing into structured score updates.

• What is sent to our server: the text transcript, the names of players currently on your scorecard (so the model can match names you say), and a list of active games (so it knows which rules apply). No audio, no microphone recordings, no waveforms.
• What is returned: a list of typed operations (e.g. set Daniel's hole 5 score to 4) that you confirm in a review sheet before the app applies them.
• Retention: we do not store the transcript or the parsed operations on our servers. The text is held in memory only for the duration of the request. The applied changes become part of your scorecard data, governed by the sections above.
• Use by the AI provider: per the AI provider's service terms, customer content sent through paid endpoints is not used to train its foundation models. The provider may retain transient logs for abuse detection and service reliability in accordance with its terms.
• Microphone permission: required by the speech recognizer. The first time you tap the voice button, the operating system will ask for microphone access. You can revoke it at any time in your device's Settings.
• How to avoid it: if you prefer not to use voice input, simply don't tap the microphone button — the entire app works fine without it. Voice input is an optional convenience for higher-tier plans only.

Phone Number Verification (Optional Feature)

StakeMarker may offer an optional sign-in flow that verifies you own a phone number using silent network authentication: after you enter your number and give explicit consent, your device contacts your mobile carrier over your cellular data connection, and the carrier confirms the number associated with your SIM. No code-typing is needed when the check succeeds; an SMS code may be used as a fallback.

This additional check runs only if you choose the optional phone sign-in — if you sign in with another method, or skip phone verification entirely, it never runs. When you do use phone sign-in, and only after your explicit consent, the flow may also run an additional carrier-backed check to help confirm the number is really yours and to protect against account takeover and fraud: a SIM-change (SIM-swap) check, which looks at whether the SIM behind your number was replaced recently.

• Consent first: none of these checks run without your explicit consent on the sign-in page. By consenting, you acknowledge that your carrier will confirm — and thereby share — your phone number and the related SIM-change history described above.
• What is shared: the phone number you enter is sent over an encrypted connection to a server function we operate on our managed cloud platform, which submits it to the carrier-verification service that performs the checks on our behalf; your carrier confirms it over your cellular connection.
• Why we run them: these checks are used solely to confirm the number tied to your account and to detect a recent SIM swap — that is, for security and fraud prevention. They are never used for marketing or advertising.
• Sign-in required: phone verification requires signing in first.
• Storage and retention: if your number is shared and verified, we store it with your account records to identify your account. We keep no more of the SIM-swap result than is needed to operate the feature.
• Deletion on request: contact support@stakemarker.com at any time and we will delete your stored phone number and any related verification signals we hold; deleting your account also removes them.
• No third-party sharing: we do not sell your phone number, or share it with third parties, except the service providers required to operate the App — the managed cloud platform (Firebase) that hosts the App's backend, and the carrier-verification service that performs the phone and SIM-swap checks. Each processes your information solely to provide that service. It is never used for marketing.
• How to avoid it: use one of the other sign-in methods — phone verification is optional.

Third-Party Services and Data Sources

• A managed cloud platform (Google Firebase) provides our authentication — including the optional "Sign in with Google" — real-time database, and push messaging infrastructure for account and optional Live Sharing features. See the Sign in with Google section above for the Google user data involved.
• A managed third-party AI service powers the optional Scan Scorecard and Voice Input features only.
• An error-reporting service (Sentry) receives diagnostic crash and event data to help us identify and fix bugs — see the Error Reporting section above.
• Your device's app store handles subscription billing only; we never receive your payment details.
• A carrier-verification service performs the optional phone number verification and SIM-swap checks only — see the Phone Number Verification section above.
• A third-party golf-course dataset provided the historical course catalog and is being phased out in favor of our own self-hosted course data.

We do not sell your email address or use it for marketing. If you sign in, your email may be used to identify your account and associate saved rounds or live-sharing activity with you.

Your Choices

• You can use the app locally without Live Sharing — when Live Sharing is off, scorecard data is stored only on your device.
• You can choose not to use Scan Scorecard — manual score entry never uploads any image.
• You can choose not to use Voice Input — without it, no audio capture happens. (When you do use it, StakeMarker only ever receives the transcribed text, never your audio; the audio is handled by your platform's speech service. See the Voice Input section above.)
• You can clear locally stored app data from within the app (reset/clear actions) or by clearing app/browser data on your device.
• You can disable notifications in iOS Settings at any time.
• You can skip phone number verification entirely by using another sign-in method; if you have verified a number, you can have it deleted on request (see below).

Data Retention and Account Deletion

We keep your data only while your account is active or as needed to provide the app. Rounds and scores stored for Live Sharing remain until you (or the round's creator) delete them; data stored locally stays on your device until you clear it.

You can permanently delete your account and the data tied to it at any time:

• In the app: open the account menu and choose Delete account.
• From the web, without installing the app: visit stakemarker.com/delete-account.html and sign in to the account you want to remove.

You can also request deletion of just your stored phone number and any related verification signals — without deleting your account — by emailing support@stakemarker.com.

Deleting your account permanently removes your sign-in login, any stored phone number, every round your account created (including its scores and shareable join codes), and your association with shared rounds created by other people — you are removed from those rounds, while the round itself remains for its creator. This cannot be undone. Data cached on your device is cleared when you sign out or clear app/browser data.

Some records may persist briefly in routine encrypted backups, or be retained where required by law — for example, subscription and billing records held by Apple or Google. Anonymized or aggregated data that cannot identify you may be kept.

Children's Privacy

The app is not directed to children under 18, or the age of majority in your jurisdiction, whichever is higher. If you believe a child provided personal data, contact us and we will work to remove it.

Changes to This Policy

We may update this policy periodically. Updates will be posted on this page with a revised effective date.

Governing Language

This Privacy Policy was drafted in English, and English is the governing language. Translations may be provided for convenience only; if there is any conflict between the English version and a translated version, the English version controls.

Contact

For privacy questions, contact: support@stakemarker.com