Privacy Policy

Last Updated: April 27, 2024

1. Introduction

Reel Time Apps Inc. ("Company," "we," "us," or "our") operates Tee Time Apps, a software-as-a-service platform for golf facility management, event coordination, and member engagement (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information from:

  • Subscribing Organizations: Golf clubs, facilities, and event organizers who pay for the Service
  • End Users: Members, customers, and guests of subscribing organizations who use the Service at no charge

We are committed to protecting your privacy and being transparent about our data practices. This Privacy Policy should be read together with our End-User License Agreement and any agreements we execute with subscribing organizations.

2. Data Roles and Responsibilities

Our role in handling personal information depends on who you are and how you interact with the Service:

  • Processor for Subscribing Organizations: When a subscribing organization uploads or generates information about its members, guests, or staff, the organization is the controller (or equivalent term) and we act as its processor. We process that personal information solely on the organization’s instructions and in accordance with our agreements, including our Data Processing Addendum.
  • Controller for Company Operations: We are the controller for personal information that we collect directly for our own purposes, including account administration, billing and invoicing, customer support, product analytics, marketing (with consent where required), and running our websites and apps.

When you submit a privacy request and we act as processor, we may refer you to the applicable subscribing organization to fulfill the request. We will support the organization in responding within required timeframes.

3. Information We Collect

3.1 Information from Subscribing Organizations

When organizations subscribe to our Service, we collect:

  • Account Information: Organization name, contact person, email address, phone number, physical address
  • Billing and Invoicing Information: Billing contact details, billing address, tax identification numbers, invoice history (we invoice through QuickBooks and do not store payment card numbers)
  • Configuration Data: Settings, preferences, and customizations for the Service
  • Administrator Information: Names, email addresses, and roles of staff who manage the Service

3.2 Information from End Users

When end users interact with the Service through a subscribing organization, we collect:

  • Profile Information: Name, email address, phone number, profile photo
  • Membership Information: Membership status, plan details, membership dates
  • Booking Information: Simulator bay reservations, event registrations, booking history
  • Golf Information: Handicap, scores, tournament participation, round history, and integrations authorized by the organization (e.g., GHIN/USGA)
  • Guest Information: Names and contact details of guests registered by members (members are responsible for ensuring they have permission to share guest details)
  • Payment Information: Transaction history for event registrations and purchases (payment card details are processed by third-party payment processors and not stored by us)
  • Facility Access Information: Door access badges, RFID identifiers, and check-in timestamps when organizations enable access control integrations

3.3 Automatically Collected Information

When you use the Service, we automatically collect:

  • Device Information: Device type, operating system, browser type, device identifiers
  • Usage Information: Pages viewed, features used, time spent, click patterns
  • Location Information: General location based on IP address; precise location only with your consent
  • Log Data: IP addresses, access times, error logs, performance data
  • Cookies and Tracking: Session cookies, preference cookies, analytics cookies, and similar technologies (see Section 11)

3.4 Information from Communications

We collect information you provide when you contact support, respond to surveys, participate in promotions, or otherwise communicate with us. Communications may include email, phone, in-app messaging, or SMS (with consent where required).

4. How We Use Your Information

4.1 Providing the Service

  • Process and manage bookings, registrations, reservations, and transactions
  • Facilitate communication between organizations and their members or guests
  • Manage membership plans, access permissions, and user accounts
  • Integrate with third-party services (payment processors, door access systems, accounting software, golf association systems)
  • Provide customer support and respond to inquiries

4.2 Improving and Maintaining the Service

  • Monitor and analyze usage patterns and trends
  • Develop new features and functionality
  • Diagnose and fix technical problems
  • Ensure security and prevent fraud or abuse
  • Conduct research and analytics using aggregated, anonymized data

4.3 Communications

  • Send transactional emails and SMS messages (booking confirmations, reminders, password resets, account notifications)
  • Send administrative updates about the Service
  • Facilitate communications between subscribing organizations and their members
  • Send marketing communications (with your consent, where required by law)

4.4 Legal and Safety

  • Comply with legal obligations and regulations
  • Enforce our terms of service, agreements, and policies
  • Detect, prevent, and address security incidents or fraudulent activity
  • Respond to lawful requests from public authorities

4.5 Legal Bases for Processing (EEA and UK Users)

For individuals located in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases:

  • Performance of a Contract: Providing the Service to subscribing organizations and their end users
  • Legitimate Interests: Operating, improving, and securing the Service, including analytics, troubleshooting, and preventing misuse (we balance these interests against your rights and expectations)
  • Legal Obligations: Meeting recordkeeping, tax, accounting, and compliance requirements
  • Consent: Sending optional marketing communications, collecting precise geolocation data, and enabling cookies that require consent

You may object to processing based on legitimate interests as described in Section 10.

5. Golf Club and Facility-Specific Features

  • Leaderboards and Event Displays: Organizations may display member names, handicaps, scores, tee sheets, and event results on in-venue screens or shareable links. Visibility settings are configurable by the organization. End users may request that their name be hidden where required by law or applicable club policy.
  • Golf Association Integrations: When enabled by an organization, we exchange handicap or scoring data with third parties such as GHIN/USGA under the organization’s instructions and applicable association rules.
  • Facility Access Systems: If integrated, we process badge, RFID, or similar identifiers and access timestamps to manage door or simulator access. We do not currently support biometric authentication.
  • Guest Management: Members are responsible for obtaining consent from guests before providing their information. Guests can contact the originating organization or us at app@teetimeapps.com to request removal or exercise their rights.
  • Messaging and SMS: With consent where required, we send SMS updates (e.g., booking confirmations, event reminders). Message and data rates may apply. You can opt out at any time by replying STOP and obtain help by replying HELP. We maintain consent and opt-out logs as required by law.

6. How We Share Your Information

We do not sell or share personal information for cross-context behavioral advertising as defined by the California Consumer Privacy Act. We may share your information in the following circumstances:

6.1 With Subscribing Organizations

End user data is shared with the subscribing organization you interact with (your golf club, tournament organizer, etc.). They control how your data is used within the Service and may have their own privacy practices.

6.2 Service Providers and Subprocessors

We share data with trusted third-party service providers who assist us in operating the Service, including:

  • Cloud Hosting and Infrastructure: Amazon Web Services, Heroku, or similar providers
  • Payment Processing: Stripe or similar processors when online payments are enabled
  • Billing and Invoicing: QuickBooks or similar accounting platforms
  • Email and SMS Services: SendGrid, Amazon SES, Twilio, or similar providers
  • Analytics and Monitoring: Google Analytics or similar platforms
  • Customer Support: Help desk and communication tools

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

6.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

6.4 Legal Requirements

We may disclose information when we believe it is necessary to:

  • Enforce our terms of service, agreements, or other policies
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or others
  • Detect, prevent, or address fraud, security, or technical issues
  • Comply with court orders, subpoenas, or other lawful requests

7. Data Processing Addendum and Subprocessors

When we act as a processor for subscribing organizations, our Data Processing Addendum (DPA) governs data protection, Standard Contractual Clauses, UK International Data Transfer Addendum (where applicable), security obligations, and subprocessors.

We maintain a current list of subprocessors at /subprocessors. Subscribing organizations may subscribe to email updates or monitor that page for advance notice of material changes.

8. Data Retention and Deletion

We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Active Accounts: Data is retained while your account or your organization's account is active.
  • Closed Accounts: We delete or anonymize active copies within 30 days of account closure or a verified deletion request, unless retaining the data is required for legal obligations.
  • Backups: Residual copies may remain in encrypted backups for up to 90 days and are automatically purged on a rolling basis. Backup data is accessed only for disaster recovery or troubleshooting.
  • Legal Requirements: Some information may be retained longer to comply with legal, accounting, or regulatory requirements.
  • Aggregated Data: Anonymized, aggregated data may be retained indefinitely for analytics and research.

9. Data Security

We implement technical, administrative, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit (TLS) and encryption of sensitive data at rest
  • Hashing of account passwords using industry-standard algorithms
  • Role-based access controls, least-privilege principles, and access logging
  • Secure key management and segregation of production and test environments
  • Regular vulnerability scanning, dependency management, and patching cadence
  • Employee security and privacy training
  • Documented incident response procedures, including notification to affected parties and regulators without undue delay where legally required
  • Periodic reviews and third-party assessments of our security posture

No method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security. We encourage organizations and end users to protect their passwords and report suspected incidents to us promptly.

10. Your Rights and Choices

10.1 Access and Correction

You can access and update your personal information through your account settings. If you need assistance, contact your organization's administrator or email us at app@teetimeapps.com.

10.2 Data Portability

You may request a copy of your personal information in a structured, commonly used, machine-readable format (such as CSV or JSON). Administrators can export data through the Service dashboard.

10.3 Deletion

You may request deletion of your personal information, subject to legal obligations, legitimate business needs (e.g., completing transactions, detecting fraud), and your organization's retention policies.

10.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing message or by adjusting your communication preferences in your account settings.

10.5 Cookies and Analytics

You can manage cookies as outlined in Section 11. For analytics tools that offer opt-outs, follow the instructions provided by those providers.

10.6 Automated Decision-Making

We do not use personal information for solely automated decision-making that produces legal or similarly significant effects about individuals. If this changes, we will provide required notices and choices.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, understand usage, and enhance experiences. Cookies fall into the following categories:

  • Strictly Necessary: Required for core functionality such as authentication and security.
  • Functional: Remember preferences and customize content.
  • Analytics: Help us understand how the Service is used so we can improve it.

You can manage cookies through your browser settings. For more details, see our Cookie Policy.

12. Children's Privacy

The Service is not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.

If a subscribing organization allows minors (ages 13-17) to use the Service, the organization is responsible for obtaining appropriate parental consent where required by applicable law.

13. International Data Transfers

The Service is operated in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

When we transfer personal data from the EEA, the United Kingdom, or other jurisdictions with data transfer restrictions, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum. We currently do not participate in the EU-U.S. Data Privacy Framework but monitor its status and will update this policy if we join. You may request a copy of the relevant safeguards by emailing app@teetimeapps.com.

14. U.S. State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other states with similar privacy laws, you may have rights to know about, access, correct, delete, or obtain a copy of your personal information, and to opt out of certain processing. We do not sell or share personal information as defined by the California Consumer Privacy Act and its amendments.

To exercise these rights, contact us at app@teetimeapps.com or use available in-product tools. We will verify your identity before processing your request and respond within the timelines required by applicable law. You may also designate an authorized agent to make a request on your behalf.

15. European and United Kingdom Privacy Rights (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have certain rights under the General Data Protection Regulation (GDPR) or UK GDPR, including:

  • Right of Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to certain processing activities
  • Right to Withdraw Consent: Withdraw consent for consent-based processing
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at app@teetimeapps.com. We will respond within one month or explain any need for additional time (up to two further months for complex requests). If you believe we are processing data on behalf of a subscribing organization, contact that organization first so we can support their response. We are evaluating the appointment of an EEA and UK representative and will update this policy if designated.

16. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any information.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the "Last Updated" date at the top of this policy
  • Sending email notification to registered users for significant changes
  • Providing in-application notifications

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Reel Time Apps Inc.
Email: app@teetimeapps.com
Phone: +1 (561) 972-3929
Address: 19980 SE Watergrass Dr, Jupiter, FL 33458 USA

We will respond to your inquiry within one month whenever legally required, or sooner where possible.