1. Introduction
AutoTee (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tee time automation service at autotee.io (the “Service”). Please read this Privacy Policy carefully. By using the Service, you consent to the data practices described in this policy.2. Information We Collect
2.1 Information You Provide
Account Information:- Email address (required)
- Phone number (optional, for SMS notifications)
- Name (optional)
- Usernames and passwords for golf course booking platforms
- These credentials are encrypted using industry-standard AES-256 encryption
- We only use these credentials to book tee times on your behalf
- Payment details are processed and stored securely by Stripe
- We do not store full credit card numbers on our servers
- We retain Stripe customer IDs to process future payments
- Course selections and preferences
- Desired dates, times, and player counts
- Notification preferences
2.2 Information Collected Automatically
When you access our Service, we automatically collect certain information: Device Information:- IP address
- Browser type and version
- Device type and operating system
- Time zone setting
- Unique device identifiers
- Pages and features accessed
- Time spent on pages
- Click patterns and navigation paths
- Search queries within the Service
- Error logs and performance data
- Authentication cookies (to keep you logged in)
- Session cookies (for functionality)
- We do NOT use third-party advertising or tracking cookies
2.3 Information from Third Parties
We may receive information from:- Golf course booking platforms (booking confirmations, tee time availability)
- Stripe (payment status and transaction information)
- Analytics services (aggregated usage data)
3. How We Use Your Information
We use the information we collect to:- Provide the Service: Create and manage your account, monitor for tee times, make bookings on your behalf
- Process Payments: Charge for successful bookings, manage credits, issue refunds
- Communicate: Send booking confirmations, notifications, and service updates
- Improve the Service: Analyze usage patterns, fix bugs, develop new features
- Prevent Fraud: Detect and prevent fraudulent activity, abuse, and security threats
- Legal Compliance: Comply with applicable laws, regulations, and legal requests
- Customer Support: Respond to inquiries and resolve issues
4. Data Security
4.1 Encryption
- Golf course passwords are encrypted at rest using Fernet/AES-256 symmetric encryption
- Encryption keys are stored in AWS Secrets Manager, separate from the encrypted data
- All data in transit is protected using TLS 1.2+ (HTTPS)
4.2 Access Controls
- Access to user data is strictly limited to authorized personnel
- We use AWS IAM for infrastructure access control with least-privilege principles
- All access is logged and monitored
4.3 Infrastructure Security
- Data is stored in AWS (Amazon Web Services) data centers in the United States
- We use DynamoDB for database storage with encryption at rest
- Regular security updates, vulnerability scanning, and monitoring
- No data is stored on local devices or portable media
4.4 Incident Response
In the event of a data breach, we will:- Notify affected users within 72 hours
- Report to relevant authorities as required by law
- Take immediate steps to contain and remediate the breach
5. Data Sharing and Disclosure
We do NOT sell your personal information. We share data only in the following circumstances:5.1 Service Providers
We use trusted third-party services to operate the Service:| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Name, email, payment info |
| AWS | Cloud infrastructure | All data (encrypted) |
| Twilio | SMS notifications | Phone number, message content |
5.2 Golf Course Platforms
When you add credentials, we authenticate with those platforms on your behalf to:- View available tee times
- Make reservations
- Receive booking confirmations
5.3 Legal Requirements
We may disclose information if required to:- Comply with applicable laws or regulations
- Respond to valid legal process (subpoenas, court orders)
- Protect the rights, property, or safety of AutoTee, our users, or others
- Enforce our Terms & Conditions
5.4 Business Transfers
If AutoTee is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | While account is active |
| Booking history | 2 years (for support purposes) |
| Golf course credentials | Until you remove the account |
| Payment records | As required for tax/legal purposes (typically 7 years) |
| Server logs | 90 days |
7. Your Rights and Choices
7.1 All Users
You have the right to:- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your account and data
- Export: Download your data in a portable format
- Opt-out: Unsubscribe from marketing communications
7.2 California Residents (CCPA)
If you are a California resident, you have additional rights:- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
7.3 European Users (GDPR)
If you are located in the European Economic Area (EEA), you have additional rights:- Right to Access: Obtain confirmation of data processing and access to your data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data (“right to be forgotten”)
- Right to Restriction: Request limitation of data processing
- Right to Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
- Contract: To provide the Service you requested
- Legitimate Interests: To improve our Service and prevent fraud
- Consent: For optional features like marketing communications
8. Cookies and Tracking
8.1 Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Authentication | Keep you logged in | Session |
| Preferences | Remember your settings | 1 year |
8.2 Managing Cookies
You can control cookies through your browser settings: Note: Disabling cookies may affect the functionality of the Service.8.3 Do Not Track
We do not currently respond to “Do Not Track” browser signals. However, we do not engage in cross-site tracking.9. Third-Party Links
Our Service may contain links to third-party websites (golf courses, Stripe, etc.). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.10. Children’s Privacy
AutoTee is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that we have collected data from a child under 18, we will delete it promptly.11. International Data Transfers
AutoTee is operated in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. For EEA users, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection for international data transfers.12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:- Posting the updated policy on our website
- Sending an email notification
- Displaying a notice in the Service
13. Contact Us
For privacy-related questions, requests, or concerns:- Email: [email protected]
- Response Time: Within 48 hours
- Your account email address
- Description of your request
- Any relevant details to help us locate your information
By using AutoTee, you acknowledge that you have read and understood this Privacy Policy.