Effective Date: March 24, 2026 — Version 1.0
Stranlabs LLC, a Wisconsin limited liability company doing business as GolfSaltAI (“GolfSalt,” “we,” “us,” or “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use the GolfSaltAI application, our website at golfsalt.ai and app.golfsalt.ai, and all related services (collectively, the “Service”).
By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
Account Information. When you create an account, we collect your name, email address, and password (or authentication credentials if you sign in through Google, Apple, or GitHub).
Profile Information. You may provide additional details such as your handicap, experience level, handedness, height, physical considerations, home course, location, timezone, and coaching preferences (learning style, coaching tone, preferred focus areas).
Golf Performance Data. When you log rounds, we collect hole-by-hole scores, putts, fairways hit, greens in regulation, penalties, scrambling data, course information, playing conditions, and any notes you add.
Practice Data. When you log practice sessions, we collect session type (range, short game, putting, simulator), duration, location, focus areas, individual shot data, and any uploaded videos. If you import data from launch monitors (such as Rapsodo, Garmin, Trackman, FlightScope, SkyTrak, Foresight, or others), we collect the shot metrics contained in those files (ball speed, club speed, carry distance, launch angle, spin rate, and similar measurements).
Equipment Data. You may enter details about your golf clubs (make, model, loft, shaft, lie angle, grip, swing weight), training aids, and ball preferences.
Coaching Conversations. When you interact with the AI coach, we store the content of your messages and the coach’s responses, along with associated metadata, to provide a continuous coaching relationship.
Goals. You may set personal goals (such as target scores, handicap milestones, or enjoyment objectives) that we store to orient your coaching experience.
Payment Information. When you subscribe, payment details (credit or debit card information) are collected and processed directly by our payment processor, Stripe. We do not store your full card number on our servers. We receive and store a limited record from Stripe, including a payment token, card type, last four digits, and transaction history.
Support Requests. If you contact support or submit feedback, we collect the content of your communication.
Usage Analytics. We use Ahoy, a server-side analytics tool, to understand how the Service is used. Ahoy collects visit data including your landing page, referrer, browser type, device type, operating system, and general geographic location (city, region, country). We also track events within the application (such as pages visited and features used) to improve the Service.
Privacy-First Analytics Design. Our analytics system is configured with the following privacy protections:
Error and Performance Monitoring. We use Sentry for error tracking and performance monitoring. When an error occurs, Sentry may receive technical data such as stack traces, browser information, and the error context. Sentry is configured not to collect personally identifiable information (PII is filtered before transmission).
Email Interaction Data. We use Ahoy Email to track whether transactional emails (such as password resets or service notifications) were delivered. Open and click tracking are disabled by default.
Log Data. Our servers automatically record standard log information when you access the Service, including your IP address, request timestamps, and the pages you visit. This data is used for security, debugging, and operational purposes and is retained for a limited period.
Authentication Providers. If you sign in using Google, Apple, or GitHub, we receive basic profile information (such as your name, email address, and a unique identifier) as permitted by that provider’s settings. We do not receive your password from these providers.
Launch Monitor Imports. If you import data from third-party launch monitors or golf technology platforms, we receive only the data contained in the files you upload. We do not have accounts with or connections to these third-party services on your behalf.
We use the information we collect for the following purposes:
Providing the Service. Delivering personalized AI coaching, generating practice plans, analyzing round data, managing your equipment profile, tracking goals, and displaying your dashboard.
Improving Coaching Quality. Using your historical data (rounds, practice, conversations, equipment) to provide increasingly accurate and personalized coaching recommendations over time. The AI coach builds a persistent understanding of your game that improves with each interaction.
Service Operations. Processing payments, sending transactional emails (password resets, billing receipts, service notifications), enforcing our Terms of Service, and maintaining security.
Service Improvement. Analyzing aggregated, anonymized usage patterns to improve features, fix bugs, and develop new capabilities. We may use aggregated, de-identified data for internal research and development.
Communications. Sending you service-related messages that are necessary for the operation of your account. With your opt-in consent, we may also send marketing communications such as product updates or newsletters. You can opt out of marketing communications at any time.
Legal Compliance. Complying with applicable laws, regulations, legal processes, or enforceable governmental requests.
We do not sell your personal information. We do not share your data with advertisers. We do not use your data to train third-party AI models. Your golf data is yours.
We share your information only in the following limited circumstances:
Service Providers. We share data with third-party service providers who perform services on our behalf, subject to contractual obligations to protect your data:
Legal Requirements. We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.
With Your Consent. We may share your information in other circumstances with your explicit consent.
We use a minimal set of cookies, limited to what is necessary for the Service to function:
Essential Cookies. Session cookies and authentication cookies that are strictly necessary for the Service to operate. These cookies enable you to log in, maintain your session, and use core features. They cannot be disabled without breaking the Service.
Analytics. Our analytics system (Ahoy) operates server-side and does not set tracking cookies on your browser. Your IP address is masked, and identification is handled server-side without persistent client-side tracking.
We do not use advertising cookies, social media tracking pixels, or any third-party tracking cookies.
Your data is stored on servers operated by DigitalOcean, located in the United States (New York City region). Uploaded files (such as videos and launch monitor data) are stored in DigitalOcean Spaces, an S3-compatible object storage service, also in the NYC region.
If you are located outside the United States, your data will be transferred to and processed in the United States. We ensure that international transfers are protected by appropriate safeguards:
We implement appropriate technical and organizational measures to protect your personal information, including:
No method of electronic storage or transmission is 100% secure. While we strive to use commercially reasonable measures to protect your data, we cannot guarantee absolute security.
We retain your personal information for as long as your account is active and as needed to provide the Service. Specific retention practices:
Account Data. Retained for the duration of your account. Upon account deletion, we delete your personal data promptly, subject to the exceptions below.
Coaching Conversations. You may delete individual conversations or your entire conversation history at any time through the Service. Deleted conversations are removed from our active systems.
Golf Data (Rounds, Practice, Equipment). Retained for the duration of your account. You may delete individual records at any time. All data is deleted upon account closure.
Billing Records. We are required to retain certain financial records (transaction history, invoices) for the period mandated by applicable tax and accounting laws, typically up to 7 years after the transaction.
Server Logs. Retained for a limited period (typically 90 days) for security and operational purposes, then automatically purged.
Legal Holds. If we are involved in litigation or a regulatory investigation, we may retain data beyond normal retention periods as required by law.
After applicable retention periods expire, data is permanently deleted or irreversibly anonymized.
Depending on your location, you may have some or all of the following rights regarding your personal information. We honor these rights for all users regardless of jurisdiction, to the extent practicable:
If you are located in the European Economic Area, United Kingdom, or Switzerland, you also have the right to:
Legal Bases for Processing (GDPR). We process your data on the following bases:
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
California “Do Not Track” Disclosure. We do not track users across third-party websites and therefore do not respond to Do Not Track (DNT) signals.
Categories of Personal Information Collected (CCPA). In the preceding 12 months, we have collected the following categories: Identifiers (name, email), Commercial information (subscription and payment records), Internet activity (usage analytics), Geolocation (general location from IP), and Inferences (AI coaching insights derived from your golf data).
If you are a Canadian resident, you have the right to access your personal information, challenge its accuracy, and withdraw consent for non-essential processing. You may file a complaint with the Office of the Privacy Commissioner of Canada.
To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before fulfilling your request. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information promptly.
Users between the ages of 13 and 18 may use the Service only with the consent and supervision of a parent or legal guardian.
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at [email protected] and we will delete it.
Because AI coaching is central to our Service, we want to be especially transparent about how your data interacts with our AI systems:
What is sent to the AI. When you interact with the AI coach, relevant context is sent to Anthropic’s Claude API, including your conversation messages, relevant golf data (recent rounds, equipment, goals, coaching profile), and any information needed to provide accurate coaching. We send only what is necessary for the coaching interaction.
AI provider data practices. As of the effective date of this policy, Anthropic does not use data submitted through its API to train its models. We have selected Anthropic in part because of this commitment. If Anthropic’s data practices change in a way that would affect your data, we will notify you and update this policy.
AI-generated insights. The AI generates coaching analyses, practice plans, and insights based on your data. These AI-generated outputs are stored as part of your account and are subject to the same data protection and deletion rights as your other data.
Conversation deletion. You may delete individual coaching conversations at any time. When you delete a conversation, the message content and associated AI responses are removed from our active systems.
No model training. We do not use your personal data, golf data, or coaching conversations to train, fine-tune, or improve AI models (ours or any third party’s). We may use aggregated, fully anonymized data for internal research and service improvement.
We take the security of your personal information seriously. In the event of a data breach that affects your personal data, we are committed to notifying you and the appropriate regulatory authorities in accordance with applicable law.
We will notify affected users when we become aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data that poses a risk to your rights and freedoms.
We comply with the breach notification requirements of all applicable jurisdictions, including:
We will notify affected users by email to the address associated with your account and, where possible, through an in-app notification. If we are unable to reach you by email (for example, if your email address is no longer valid), we will attempt alternative contact methods or post a prominent notice on our website.
Our breach notification will include, to the extent known at the time of notification:
We may provide notification in stages if complete information is not available at the time of initial notification, and we will update you as we learn more.
We may update this Privacy Policy from time to time. When we make material changes, we will: (a) update the “Effective Date” and version number at the top of this page; (b) notify you via email or in-app notification at least 15 days before the changes take effect; and (c) require you to re-accept the updated policy before continuing to use AI coaching features.
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Stranlabs LLC
d/b/a GolfSaltAI
Email: [email protected]
Website: golfsalt.ai
For data protection inquiries from the European Economic Area, United Kingdom, or Switzerland, you may also contact your local supervisory authority.
For California residents, you may contact the California Attorney General’s office for additional information about your privacy rights.