Home · Privacy Policy
Privacy Policy
Last updated: July 18, 2026
This policy explains what personal data Obsessive Co (SMC-Private) Limited ("we", "us") collects when you use Golf Nuggets (the website, web app, and mobile apps — the "Service"), how we use it, and the choices you have. We built Golf Nuggets to need as little of your data as possible: you can search, browse, and play without any account at all.
1. Data we collect
If you use the Service without an account
Your saved nuggets and collections are stored on your own device, not on our servers. Standard technical logs (such as IP address and request data) are processed transiently by our infrastructure providers to serve and protect the Service.
If you create an account
- Account and session data — your email address, a password hash (if you use email sign-in), or your basic profile (name, email) and account identifier from Google or Apple if you sign in with them, plus the authentication-session records needed to keep you signed in. We do not receive your Google or Apple password.
- Library data — the nuggets you save, the collections you create and their order, so they can be backed up and synced across your devices.
- Sync and device metadata — technical records that make reliable sync possible: an identifier for each installation/device you sign in on (with platform, app version, and last-seen time), library revision counters, records used to merge a guest library into your account once, and receipts of sync operations used to prevent duplicates.
- Transactional email records — delivery status of the emails we send you (verification, password reset, receipts, deletion confirmation).
If you report a problem with a nugget
We receive the report itself: the nugget/video and moment it concerns, the category you select, any free-text description you choose to write, and technical context (app version, platform, submission time, and a submission identifier). Reports are used to fix the library and are linked to your account only if you are signed in when reporting.
If you buy a subscription
Payment is handled by our merchant of record, shown at checkout (we will also name them in this policy once live). They process your payment details under their own privacy policy — we never see or store your card number. We receive what we need to operate your subscription: customer and subscription/transaction identifiers, subscription status and product, and refund/receipt records tied to your entitlement.
Usage and diagnostics
The Service currently runs no analytics. Before launch we will add privacy-respecting product metrics (for example: counts of searches, zero-result searches, saves, plays, and upgrades) and crash/diagnostic reporting (error details with device model and OS/app version), and we will update this section with the named processors when they go live. We do not sell personal data, and we do not build advertising profiles of you.
2. How we use data
- To provide the Service: accounts, sync, backup, search, playback.
- To send transactional email you'd expect: verification, password reset, purchase receipts, refund and deletion confirmations. No marketing email unless you separately opt in (there is currently none).
- To operate subscriptions and honor entitlements.
- To keep the Service safe: abuse prevention, rate limiting, debugging.
- To meet legal obligations.
3. Who processes data for us
We use a small set of service providers, each processing data only to provide their service to us:
- Supabase — database and authentication hosting for accounts and library data.
- Cloudflare — website, application, and content delivery.
- Resend — transactional email delivery.
- Google / Apple — optional sign-in providers, if you choose them.
- Our merchant of record — payment processing and receipts, identified at checkout.
4. YouTube playback
Videos play through YouTube's official embedded player. When you play a video, YouTube (Google) processes data about that playback under its own terms and privacy policy, as with any site that embeds YouTube. See the Google Privacy Policy. We don't control YouTube's data practices.
5. Advertising
The Service is currently ad-free and loads no advertising code. In the future, the free tier may show a limited number of ads served by Google (AdSense on the web, AdMob in apps). Before any ads go live we will update this policy, present the consent choices required in your region before personalized ads are shown, and paid subscriptions will remain ad-free. See how Google uses ad data.
6. Legal bases, retention, and international transfers
Where the GDPR or UK GDPR applies, we process personal data on these legal bases: performance of a contract (providing accounts, sync, subscriptions, and support — Art. 6(1)(b)); legitimate interests (securing the Service, preventing abuse, fixing defects, and improving the library from problem reports — Art. 6(1)(f)); legal obligation (accounting and tax records — Art. 6(1)(c)); and consent where we ask for it (for example, any future personalized advertising — Art. 6(1)(a)), which you may withdraw at any time.
Retention: account, library, and sync data — until you delete your account (deletion removes them from our systems); problem reports — until resolved and then in aggregate form only; transactional email logs — up to 12 months; subscription/receipt records — as long as tax and accounting law requires. Transfers: our processors store data in the United States and Europe; transfers from the EU/UK are protected by our processors' safeguards — EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework. You can request details of these safeguards by email.
7. Deleting your account — and your data
You can delete your account from inside the Service at any time (no email required, no retention tricks). Deletion permanently removes your account, saved nuggets, collections, devices, and sync records from our servers, and you receive a confirmation email. On the device where you delete, the account's local copy is cleared too. One honest caveat: if you were signed in on other devices, opening the app there returns it to guest mode, but an inaccessible cached copy of the deleted account's data may remain on that device until you clear the app's storage or uninstall it. Data held by the merchant of record for completed transactions is retained by them as required by tax and accounting law. Guest-mode data on your own device is yours to keep or clear.
8. Your rights
Depending on where you live (for example, under the GDPR in Europe or the CCPA in California), you may have rights to access, correct, export, restrict, or object to processing of your personal data, to delete it, and to complain to a supervisory authority. In the Service directly you can see your library and delete your account entirely. For everything else — including access, export, correction, or restriction requests — email support@golfnugs.com and we will respond within 30 days.
9. Children
The Service is not directed at children under 13, and we do not knowingly collect personal data from them. If you believe a child under 13 has created an account, contact us and we will delete it.
10. Security
Account and library data is protected with industry-standard measures: encrypted transport (HTTPS), encrypted storage at our providers, row-level access controls so each account can only ever read its own data, and least-privilege service credentials. No system is perfectly secure — if we learn of a breach affecting your data, we will notify you as required by law.
11. Changes to this policy
We may update this policy as the Service evolves. Material changes will be announced in the app or by email before they take effect, with the "Last updated" date above revised.
12. Contact
Data controller: Obsessive Co (SMC-Private) Limited
Registered office: House 710, Street 44, E-11/3, Islamabad, Pakistan
Email: support@golfnugs.com