Back to home

Privacy Policy

Last updated: March 11, 2026

1. Scope

This privacy policy applies to the use of the PeakGolf web application at peakgolf.app and all related services. It explains what personal data we collect, how we process it, and what rights you have.

2. Controller

The data controller within the meaning of the GDPR is:

Ismail Serin
PeakGolf (Sole Proprietorship / Einzelunternehmen)
[Street and House Number]
[Postal Code] Berlin
Germany

Email for data protection inquiries: privacy@peakgolf.ai

3. Data We Process

We process the following categories of data:

  • Account data: Name, email address, hashed password, profile picture
  • Profile data: Username, handicap, strengths and weaknesses, training goals, preferred units
  • Performance data: Training sessions, launch monitor metrics (ball speed, spin rate, carry distance, etc.), round statistics, assessments
  • AI analysis data: Session analyses, coach chat history, training plans, performance assessments
  • Media: Swing videos (stored in Supabase Storage)
  • Community data: Posts, comments, likes
  • Payment data: Subscription status, payment history (credit card details are processed exclusively by Stripe and never stored on our servers)
  • Technical data: IP address, browser type, device information

4. Cookies and Tracking Technologies

We use only technically necessary cookies. No analytics, tracking, or marketing cookies are used.

  • sb-*-auth-token: Authentication session (Supabase) — expires after 1 week or on logout
  • NEXT_LOCALE: Language preference — expires after 1 year
  • dashboard_welcome_dismissed: UI state — expires after 7 days

For more details, see our Cookie Policy.

5. Purposes and Legal Bases

  • Contract performance (Art. 6(1)(b) GDPR): Providing the platform, training plans, session analyses, coach chat, subscription management
  • Legitimate interests (Art. 6(1)(f) GDPR): Security, bug fixing, product improvement, abuse prevention
  • Consent (Art. 6(1)(a) GDPR): Optional features requiring explicit consent (e.g., community posts)
  • Legal obligations (Art. 6(1)(c) GDPR): Statutory retention of payment data for tax purposes

6. Processors & Third Parties

We use the following service providers:

  • Supabase Inc. (USA/EU) — Hosting, database, authentication, file storage
  • Anthropic PBC (USA) — AI-powered analysis and coach chat (Claude API)
  • Stripe Inc. (USA/EU) — Payment processing
  • Vercel Inc. (USA) — Web hosting and deployment

Data processing agreements pursuant to Art. 28 GDPR are in place with all processors.

7. International Data Transfers

Some of our processors are located in the United States. Transfers are carried out on the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR) and/or the EU-US Data Privacy Framework. For details, contact privacy@peakgolf.ai.

8. AI-Powered Processing

PeakGolf uses artificial intelligence (Anthropic Claude) to analyse your training data, generate training plans, and power the coach chat. These analyses are based on the performance data you provide. Your inputs are sanitized before being sent to the AI interface.

No automated decision-making within the meaning of Art. 22 GDPR takes place — all AI outputs are recommendations, not binding decisions.

9. Data Retention

  • Account data: Until account deletion
  • Performance and training data: Until account deletion
  • Coach chat history: Until account deletion
  • Community content: Until deleted by the user or account deletion
  • Payment data: 10 years after contract end (§ 147 AO, § 257 HGB)
  • Technical log data: 90 days

10. Security Measures

We implement technical and organisational measures to protect your data, including:

  • TLS encryption for all data in transit
  • Row-Level Security (RLS) on all database tables — each user can only access their own data
  • Passwords are stored hashed, never in plaintext
  • User inputs are sanitized before being sent to third-party APIs
  • Regular security reviews

11. Your Rights

Under the GDPR you have the right to:

  • Access your stored data (Art. 15)
  • Rectification of inaccurate data (Art. 16)
  • Erasure of your data (Art. 17) — via account settings or by email
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw your consent (Art. 7(3)) — at any time with effect for the future, without affecting the lawfulness of processing carried out before the withdrawal

To exercise your rights, contact privacy@peakgolf.ai.

12. Minors

Our service is intended for persons aged 16 and over. We do not knowingly collect personal data from persons under 16 (Art. 8 GDPR). If we become aware that data of a minor under 16 has been collected, we will delete it without delay.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time. For material changes, we will notify you by email. The date of the last update can be found at the top of this page. Continued use of the service after a change constitutes acceptance of the updated privacy policy.

14. Right to Complain

You have the right to lodge a complaint with a supervisory authority. The competent authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit), Friedrichstr. 219, 10969 Berlin, Germany.

Website: www.datenschutz-berlin.de