In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores In beta testing currently available early 2026 in app stores

Scoreper

Contact us

PRIVACY POLICY

Effective date: 1st October 2025

1) Overview

1.1 Welcome to our Privacy Policy. This Policy explains how Scoreper (“App” or “Service”) collects, uses, discloses, and protects personal data when you install and use our mobile application. We care about privacy and have designed the App with data minimisation, clear user controls, and no advertising trackers.

1.2 Who should read this. All users of the App, including parents/guardians supervising minors, should review this Policy carefully. If anything is unclear, contact us at support@scoreper.com.

1.3 Legal framework. We process personal data in accordance with Regulation (EU) 2016/679 (the GDPR) and applicable Finnish data-protection law. Certain rights and obligations referenced here arise directly from those laws.

1.4 Relationship to our Terms. This Policy is incorporated by reference into our Terms & Conditions. Capitalised terms used but not defined here have the meanings given in the Terms.

1.5 Changes. We may update this Policy to reflect legal, technical, or operational changes. We will provide in-App notice of material changes and indicate the effective date above. If you do not agree to an update, you should discontinue use and uninstall the App.

2) The Controller & How to Contact Us

2.1 Controller. The controller responsible for your personal data is Scoreper, [registered address, country] (“Developer,” “we,” “us,” “our”).

2.2 Privacy contact. For all privacy matters—including access/erasure requests—email support@scoreper.com We may request reasonable information to verify identity before we act.

2.3 Data Protection Officer / Representative. We have not appointed a DPO. If this changes, we will update this section. Where we rely on processors located outside the EEA, we implement appropriate safeguards (see later “International Transfers”).

3) What This Policy Covers (Scope & Applicability)

3.1 App-only scope. This Policy applies to your use of the Scoreper mobile app on iOS and Android. We do not operate a public website or forum for the App, and we do not run an ad network.

3.2 No direct billing. Purchases are handled exclusively by the Apple App Store and Google Play (each, a “Store”). We receive entitlement status from the Stores; we do not receive your card or bank details.

3.3 Third-party features. The App integrates Supabase (backend hosting/authentication) and Apple/Google Maps (mapping/location). Their terms and privacy notices apply when those features are used; we describe how data flows in the “Sharing & Recipients” section of the full policy.

4) How to Read This Policy & Your Controls

4.1 Plain meaning; legal effect. “Personal data” means information that identifies, or could reasonably identify, a natural person. “Processing” means any operation on personal data (collecting, storing, using, disclosing, etc.).

4.2 Your controls. You can grant or withdraw OS-level permissions (e.g., Location, Motion/Activity, Photos) at any time in your device settings. The App also provides in-App toggles where relevant. Disabling a permission may limit related features.

4.3 Consent vs. contract. Some processing is necessary to perform our contract with you (e.g., account, scores, subscription entitlements). Other processing is optional and based on your consent (e.g., location, photos, activity metrics). You may withdraw consent at any time (without affecting prior lawful processing).

4.4 Children and guardians. Where required by law, users under the digital age of consent (13–16, depending on country) may use the App only with verifiable parental/guardian consent. Guardians manage permissions and can exercise rights on the child’s behalf.

5) Categories of Personal Data We Process

Depending on your use and settings, we process the following:

5.1 Account & Profile. Username, email address; optional profile image; App preferences (e.g., language, notifications).

5.2 Gameplay & Statistics. Hole-by-hole scores, round information (e.g., course selected), computed statistics and aggregates generated by the App.

5.3 User-Generated Content (UGC). Photos you upload (subject to manual moderation before visibility to others), ratings, and other voluntary content.

5.4 Location Data (optional). Device location (if you grant permission) to enable map-related features such as course proximity, hole mapping, or path estimates. We do not publicly broadcast your live location.

5.5 Activity / “Health” Metrics (optional). Estimated steps, distance travelled, elevation derived from device sensors/OS frameworks. These are not medical readings and are used solely to power App features (see Section 8).

5.6 Technical & Device Data. Device model, OS version, App version, IP address at time of connection, crash/diagnostic logs, performance telemetry—used for reliability, security, and support.

5.7 Store Entitlements. Subscription status and renewal window received from the Stores to grant premium access. We do not receive full payment-method data.

We do not collect government IDs, precise biometric identifiers, or advertising identifiers for targeted ads.

6) Sources of Personal Data

6.1 You. Information you submit directly (account details, scores, photos, ratings, settings).

6.2 Your device/OS. Location and motion/activity data only if you enable permissions; you can disable them in OS settings at any time.

6.3 Stores. We receive subscription/entitlement metadata from the Apple App Store or Google Play to determine access to premium features.

6.4 App operations. Technical logs and diagnostics created by your use of the App to maintain performance and security.

6.5 What we don’t do. We do not obtain data from data brokers or ad tech intermediaries.

7) Why We Use Data (Purposes) & Our Legal Bases (GDPR)

We process personal data only where we have a lawful basis and for specific purposes:

7.1 Provide the Service & core features (create/manage accounts; authenticate via Supabase; record scores; compute statistics; verify entitlements).

  • Legal basis: Contract (GDPR Art. 6(1)(b)).

7.2 Operate optional features (Location; Photos; Activity/“Health” metrics).

  • Legal basis: Consent (GDPR Art. 6(1)(a)); for activity/“health” metrics that could qualify as special category, explicit consent (GDPR Art. 9(2)(a)).

7.3 Safety, moderation, and integrity (manual review of photos; prevention of abuse or unlawful content).

  • Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) in maintaining a safe and trustworthy service; balanced against user rights via targeted, proportionate review.

7.4 Security & reliability (protect accounts; detect anomalies; diagnose crashes; prevent fraud/entitlement tampering).

  • Legal basis: Legitimate interests (Art. 6(1)(f)) and, where applicable, Legal obligation (Art. 6(1)(c)).

7.5 Legal compliance (responding to lawful requests; meeting regulatory duties; honoring data-subject rights).

  • Legal basis: Legal obligation (Art. 6(1)(c)).

7.6 Service improvement (non-identifying diagnostics; performance tuning).

  • Legal basis: Legitimate interests (Art. 6(1)(f)), using minimal data necessary and, where feasible, aggregation/anonymisation.

No advertising: we do not process data for targeted advertising or sell personal data.

8) Special Category Data — Activity/“Health” Metrics

8.1 What this covers. “Activity/health metrics” in the App are step counts, distance travelled, and elevation estimates derived from your device’s sensors/OS frameworks. These are used to enhance your gameplay statistics and experience.

8.2 Why we’re cautious. Although these metrics are not medical data and are estimates, they may, in some contexts, be considered “special category data.” We therefore process them only with your explicit consent (GDPR Art. 9(2)(a)).

8.3 Granting/withdrawing consent. You grant consent by enabling the relevant OS permissions and any in-App toggle presented. You can withdraw consent at any time by disabling the permission in OS settings (and the in-App toggle, if shown). Feature functionality may be reduced if consent is withdrawn.

8.4 No secondary use. We do not use activity/health metrics for medical, insurance, employment, or advertising purposes, and we do not share them with third parties for such purposes.

9) Children & Young Users

9.1 All-ages app with safeguards. The App is suitable for a broad age range. However, under EU law, users below the digital age of consent (13–16, depending on country) may use the App only with verifiable parental/guardian consent.

9.2 Role of guardians. The guardian must (i) accept our Terms and this Policy on the minor’s behalf; (ii) supervise the minor’s use; (iii) manage OS permissions and in-App settings (e.g., location, photos); and (iv) exercise data rights for the minor where appropriate.

9.3 Verification. We may, where required, take reasonable steps to verify age and/or guardian consent. Accounts may be restricted, suspended, or removed if we cannot confirm required consent or if age is misrepresented.

9.4 Rights on behalf of minors. Guardians may exercise the minor’s data-subject rights (access, erasure, etc.) via support@scoreper.com. We may request reasonable information to verify authority.

10) User-Generated Content (UGC) & Moderation

10.1 What you can submit. You may submit photos, ratings, and other content. All photos are manually reviewed before they can be viewed by other users to help keep the App safe and appropriate.

10.2 Your responsibility. You must have the rights to any content you submit. Do not upload unlawful, infringing, invasive, or inappropriate content. If your photos include identifiable individuals, you are responsible for ensuring you have a lawful basis (e.g., consent where required) to capture and share those images.

10.3 How we process UGC. We process UGC to provide the Service (contract), to moderate and keep the App safe (legitimate interests), and—where the UGC includes optional elements such as photos—based on your consent. We retain UGC consistent with our retention practices (described in the full policy), and remove or restrict UGC that breaches our rules.

10.4 Visibility & sharing. UGC is visible within the App consistent with your actions (e.g., posting a photo). We do not publish your UGC on public websites. If you delete UGC, visibility ceases subject to reasonable technical latency and backup retention.

10.5 Reports & takedowns. You can report content via available in-App mechanisms or support@scoreper.com. We may preserve and disclose UGC where required by law or necessary to protect users, the public, or our rights.

11) Location Data 

11.1 Optional Feature. The App may request permission to access your device’s Location to enable features such as course proximity, hole mapping, and path estimates. You control this in your OS settings and can change it at any time.

11.2 Modes & Precision. Depending on your OS and device, you may be able to grant approximate or precise location and allow access while using the App (recommended) or always (not required). If you choose not to grant location, certain features will be limited or unavailable.

11.3 How We Use Location. When enabled, location is used only to deliver in-App features you engage (e.g., showing nearby courses, calculating distances). We do not broadcast your live location publicly, track you across other apps, or use location for advertising.

11.4 Storage & Retention. Location readings are generally processed in real time to power the requested feature. Where location is stored (e.g., linked to a specific round), it is retained together with your gameplay data and follows the retention rules in Section 15.

11.5 Sharing. We do not share your location data with advertisers. Location may be processed by Apple/Google Maps solely to provide map tiles/geocoding when you use mapping features (see Section 13).

11.6 Your Controls. You can revoke location permission in your device settings at any time. Doing so will stop location collection going forward but does not automatically delete location already linked to saved rounds—use in-App deletion tools or submit a request (Section 18).

12) Subscriptions, App Stores & Payments

12.1 Independent Billing Controllers. Apple App Store and Google Play handle all purchases, renewals, and refunds. We receive entitlement metadata (e.g., whether a subscription is active) and do not receive your full payment method details.

12.2 What We Receive. From the Store we receive: subscription status, product tier, renewal window, and related identifiers needed to validate access to premium features. This is processed on the basis of contract (Art. 6(1)(b)).

12.3 Refunds & Disputes. Refunds and billing disputes are handled by the Store under its policies. We will reasonably cooperate with the Store if it requests information to resolve a dispute.

12.4 Your Choices. Manage, change, or cancel your subscription in your Store account settings. If you cancel, access to premium features continues until the current paid term ends.

13) Sharing & Recipients (Who Sees Your Data)

13.1 Processors (acting on our behalf).

  • Supabase – managed hosting, database, and authentication services required to operate the App.
  • Operational vendors (if any) – strictly necessary providers (e.g., crash/performance telemetry, email delivery for support) engaged under data-processing agreements with confidentiality and security obligations.

13.2 Independent Controllers.

  • Apple App Store / Google Play – purchase processing and subscription entitlements.
  • Apple/Google Maps – mapping functions you invoke in the App (map tiles, geocoding, routing). Using these features means your device communicates with those providers under their own terms and privacy policies.

13.3 Legal Disclosures. We may disclose limited data where we believe it is necessary to: (i) comply with lawful requests, court orders, or legal process; (ii) enforce our Terms; (iii) protect our rights, property, users, or the public.

13.4 No Sale / No Targeted Ads. We do not sell personal data or share it for targeted advertising.

13.5 Anonymised/Aggregated Data. We may create and use anonymised or aggregated statistics (e.g., non-identifying gameplay metrics). Such data is not personal data and may be retained or shared for service improvement.

14) International Transfers (EEA to Third Countries)

14.1 Where Processing Occurs. Our primary operations target Finland/EEA. Some providers may process data in other countries. When personal data is transferred outside the EEA, we implement appropriate safeguards.

14.2 Safeguards Used. We rely on one or more of the following:

  • Adequacy decisions by the European Commission; and/or
  • Standard Contractual Clauses (SCCs) with supplementary measures where required.

14.3 How to Obtain Information. You may request further information on transfer mechanisms (and, where feasible, a copy or summary of SCCs) via support@scoreper.com We may redact commercially sensitive terms.

15) Retention (How Long We Keep Data)

15.1 Principle. We keep personal data only as long as necessary for the purposes described, to comply with legal obligations, or to establish, exercise, or defend legal claims. Afterwards, we delete or anonymise it.

15.2 Indicative Retention Matrix.

  • Account & Profile (username, email, profile image): For the life of the account; deleted upon account deletion (subject to brief backup latency).
  • Gameplay & Statistics (scores, rounds, aggregates): For the life of the account or until you delete specific items; anonymised aggregates may be retained.
  • Photos (UGC): Visible until you delete; rejected/removed photos may remain briefly in moderation logs/backups (typically 30–90 days).
  • Location linked to rounds: Retained with the associated round; deleted when the round is deleted or upon account deletion.
  • Activity/“Health” metrics: Retained only as needed to provide the feature; deleted with the associated round/account or upon revocation where feasible.
  • Technical & Crash Logs: Short, necessity-based periods (typically up to 90 days) unless needed to investigate issues or comply with law.
  • Store Entitlement Records: While subscription is active and for a limited period after expiry (e.g., up to 180 days) to resolve billing queries/fraud.
  • Legal Holds: Where required by law or to protect rights, we may retain specific data beyond the normal schedule.

15.3 Backups. Backups are overwritten on rolling cycles; deletion from backups occurs automatically within the cycle (typically 30–90 days).

16) Security (How We Protect Data)

16.1 Measures. We apply administrative, technical, and organisational measures appropriate to risk, including: encryption in transit, hardened hosting via Supabase, access controls with least-privilege, audit logging for sensitive operations, regular patching, and incident response procedures.

16.2 Your Responsibilities. Keep your device OS and the App updated, use a screen lock, safeguard your credentials, and review your OS permissions. If you suspect unauthorised access, contact support@scoreper.com immediately.

16.3 Third-Party Security. We vet processors for appropriate security and require contractual commitments (confidentiality, security, sub-processor controls, and assistance with data-subject rights and breach obligations).

17) Your Choices & Controls

17.1 Permissions. Manage Location, Motion/Activity, Photos, and Notifications in your device settings. Disabling a permission may limit related features.

17.2 Profile & Content. Update or delete your profile image and UGC in-App where available. You can delete individual rounds/scores and associated location/activity data where those controls exist.

17.3 Consent Withdrawal. You may withdraw consent (e.g., for location or activity metrics) at any time via OS settings and any in-App toggle presented. Withdrawal does not affect the lawfulness of prior processing.

17.4 Account Deletion. You may request account deletion in-App (where available) or via support@scoreper.com. We will guide you through verification and deletion steps (see Section 15 for retention/backup notes).

18) Your Rights (GDPR)

Subject to conditions and exemptions under the GDPR, you have the following rights:

18.1 Access. Obtain confirmation whether we process your personal data and receive a copy.

18.2 Rectification. Correct inaccurate or incomplete personal data.

18.3 Erasure. Request deletion where, for example, data is no longer necessary, consent is withdrawn, or processing is unlawful (subject to legal holds and legitimate interests).

18.4 Restriction. Request restriction of processing in certain cases (e.g., contested accuracy, legal claims).

18.5 Portability. Receive personal data you provided to us in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible and lawful.

18.6 Objection. Object to processing based on legitimate interests where we cannot demonstrate compelling legitimate grounds.

18.7 Consent Withdrawal. Where processing relies on consent (including explicit consent for activity/health metrics), you may withdraw it at any time (without affecting prior processing).

18.8 How to Exercise. Email support@scoreper.com from your account email and specify the right you wish to exercise. We may need additional information to verify identity. We aim to respond within one month (extendable by two months for complex requests, with notice).

18.9 On Behalf of Minors. Verified guardians may exercise rights on behalf of minors (see Section 9).

19) Complaints to Authorities

19.1 Contact Us First. We encourage you to contact support@scoreper.com so we can address your concerns promptly.

19.2 Supervisory Authority. You also have the right to lodge a complaint with your local EU/EEA data protection authority. For users in Finland, this is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). You may also complain to the authority where you live or work, or where an alleged infringement occurred.

20) Automated Decision-Making & Profiling

20.1 No Decisions with Legal/Similar Effects. We do not perform automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of GDPR Article 22.

20.2 Limited Automated Signals. The App may use automated signals (e.g., spam/inappropriate-content flags) to assist manual moderation. These do not produce legal or similarly significant effects and are subject to human review.

21) SDKs, Cookies & Tracking

21.1 No Cookies in the App UI. The native mobile App does not use web cookies.

21.2 Minimal SDKs Only. We use SDKs that are strictly necessary for functionality and reliability (e.g., Supabase for auth/storage; OS-native crash/performance telemetry; Apple/Google Maps for mapping). We do not use advertising SDKs.

21.3 Ad Identifiers & Targeting. We do not collect or use advertising identifiers for targeted advertising, and we do not sell or share data for cross-context behavioural advertising.

21.4 Global Privacy Control / Do Not Track. These browser signals are not applicable in the native App context.

22) Disclosures for Legal Requests

22.1 Principles. We evaluate legal requests on a case-by-case basis, applying principles of legality, necessity, and proportionality. We will only disclose what is strictly required.

22.2 Notice to Users. Where legally permissible and practical, we will notify affected users before disclosing their data so they may seek protective remedies. We may delay or withhold notice if notification would be unlawful or risk harm.

22.3 Record-Keeping. We maintain records of disclosures made in response to legal requests in accordance with our retention obligations.

23) Data Breach Notification

23.1 Assessment & Containment. We maintain incident-response procedures. Upon becoming aware of a personal-data breach, we assess likely risks to individuals and take steps to contain and remediate.

23.2 Supervisory Authority Notice. Where required by GDPR Article 33, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours.

23.3 User Notice. Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay pursuant to GDPR Article 34, unless an exemption applies.

24) Third-Party Links & External Services

24.1 Maps & External Terms. When you use mapping features, your device interacts with Apple/Google Maps under their terms and privacy notices. We are not responsible for their handling of data.

24.2 Other Links. If the App references third-party resources (e.g., support articles), those sites are outside our control. Review their privacy notices before providing personal data.

24.3 No Endorsement. Links are provided for convenience and do not imply endorsement. We disclaim responsibility for third-party content, availability, or practices.

25) Changes to This Policy & Contact

25.1 Updates. We may update this Policy from time to time. For material changes, we will provide in-App notice and update the Effective Date at the top. Continued use after the effective date constitutes acceptance of the updated Policy.

25.2 Historic Versions. Upon request, we can provide a summary of material changes or prior versions relevant to your inquiry.

25.3 Contact Us. For questions, concerns, or to exercise your rights, contact:
Controller: Scoreper
Privacy Email: support@scoreper.com

Scoreper

Contact us