Divot Privacy Policy
Short version
Divot stores your golf practice data locally on your device and syncs it to a secure cloud backend so you can access it across devices. We collect only what's needed to run the app: your Apple ID email (for sign-in), practice data (for sync), subscription status (for premium features), and crash reports (to fix bugs). When you use the AI coaching chat, aggregated practice statistics and your conversation are sent to an AI service to generate responses — conversation history is stored locally on your device but not on our servers. We never see your credit card or payment details — Apple handles all billing. We do not sell your data.
What data Divot stores
On your device
- Drills, routines, and programs you create or view
- Practice sessions you run, including makes, misses, and duration
- AI coaching chat conversations (your questions, AI responses, and any drill or routine suggestions generated during the conversation)
- Your app preferences (active program, auto-advance delay, haptic toggle, theme)
- Your subscription status cache (plan type, entitlement state, trial/renewal dates) for offline access
This data is stored in a local SQLite database and your device's local preferences storage.
In the cloud (Supabase)
- Your practice data (drills, routines, sessions, results) synced for backup and cross-device access
- Your email address (provided by Apple Sign In) for account identification
- Feedback submissions you send through the in-app form (message, email, device info)
- Your subscription status (plan type, entitlement, active/expired state, and timing — e.g., purchased date, expiration date). This is received from RevenueCat when you purchase a subscription; Divot never sees your payment method, credit card number, or billing address.
- AI usage metrics (which AI model was used, token counts, estimated cost per request) for internal cost monitoring. This data does not include any conversation content or personal information beyond your account identifier.
Cloud data is stored on Supabase infrastructure (AWS, US region) and secured with row-level security policies that restrict access to your account only.
Sent to AI for coaching (Ask Divot chat)
When you use the AI coaching chat, Divot sends aggregated practice statistics (pass rates, session counts, category breakdowns, scoring trends), a drill catalog (drill names, categories, and attempt counts from your library), and your conversation messages to the Anthropic API via a secure server-side proxy. The practice data sent is a computed summary — not raw drill results, timestamps, or record identifiers. The drill catalog contains only practice content (no personal information). Your conversation history (questions, AI responses, and any drill or routine suggestions) is stored locally on your device only so you can continue conversations later. Conversation content is sent to the server for processing but is not stored on any server — the Edge Function processes each request and discards it. If the AI generates a drill or routine suggestion and you choose to save it, the content is saved to your local library like any drill or routine you create yourself.
What data Divot does not collect
- No location data
- No contacts, photos, calendar, health, or biometric data
- No advertising IDs or cross-app tracking identifiers
- No usage analytics or behavioral telemetry
- No financial or payment information (subscription billing handled entirely by Apple; Divot stores only subscription status, never payment instruments)
Account and authentication
Divot supports Apple Sign In and Google Sign In. When you sign in with Apple, we receive your Apple ID email address (or Apple's private relay address if you choose "Hide My Email"). When you sign in with Google, we receive your Google account email address and display name. We do not receive or store your Apple ID or Google account password.
Authentication tokens are stored in your device's secure keychain (iOS Keychain), not in plaintext storage.
Crash reporting
Divot uses Sentry to collect crash reports when the app encounters an unexpected error. Crash reports include:
- Error type and stack trace
- Device model and OS version
- App version
Crash reports do NOT include screenshots, personal data, or practice content. Crash reporting is disabled during development and only active in production builds.
Permissions Divot requests
- Haptics (iOS): used to give you a small vibration on MAKE / MISS taps during a session. No permission prompt is required for haptics.
Divot does not request camera, microphone, location, photos, contacts, health, Bluetooth, or notification permissions.
Third parties
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication, cloud sync, feedback storage, Edge Function proxy | Email, practice data, subscription status, feedback messages |
| Anthropic | AI coaching chat (Ask Divot) | Aggregated practice statistics (pass rates, session counts, category stats), drill catalog (names, categories), conversation messages |
| RevenueCat | Subscription management | Subscription lifecycle events (plan, status, timing). The RevenueCat SDK on your device communicates with RevenueCat servers to verify subscription status; it collects the Vendor Identifier (IDFV) — an Apple-assigned device identifier that cannot track you across other apps. Divot does not send personal data to RevenueCat — RevenueCat receives purchase data directly from Apple. |
| Sentry | Crash reporting | Error details, device model, OS version |
| Sign In (alternative to Apple) | Google account email and display name | |
| Apple | Sign In, App Store distribution, subscription billing | Apple ID (managed by Apple), payment processing (managed entirely by Apple) |
No advertising networks, analytics services, or data brokers receive any data from Divot.
Data deletion
You can delete your account from Settings > Delete Account. This permanently removes:
- Your Supabase account and all synced data
- Your subscription record and all subscription event history
- All feedback submissions associated with your email
- Your local database (reset to factory defaults)
There is no retention period — deletion is immediate and irreversible.
Children's privacy
Divot is intended for a general audience. It does not knowingly collect data from children under 13.
Changes to this policy
If Divot adds external data integrations (e.g., Arccos, Garmin) or any capability that changes this posture, this policy will be updated and the effective date revised. Changes will be noted in the app's release notes.
About this website
This website (divot-golf.app) is a static marketing page for the Divot app. It has no backend, no forms, and no cookies. It does not use third-party analytics, advertising trackers, or any cross-site tracking. Basic server-level access logs may be recorded by the hosting provider (Cloudflare) for operational and security purposes; those logs are not used to build user profiles and are not shared with third parties.
Contact
Questions: chris@divot-golf.app