Privacy & Security Policy

Last updated: March 2026

1. Overview

Mr. Golf League (“the Platform”) is committed to protecting the privacy, security, and integrity of all user data. We collect only the information necessary to operate a modern, mobile‑first golf league management system. We do not sell, share, or disclose personal information to technology companies or third parties.

2. Authentication Providers (Google & Apple)

Google Sign‑In Disclosure

The Platform uses Google Sign‑In solely for authentication. By choosing Google as your login method, you authorize Google to share basic account information such as your name, email address, and profile image.

• We do not access your Google password.
• We do not request or store any additional Google account data.
• Google’s use of your information is governed by the Google Privacy Policy.

Apple Sign‑In Disclosure

The Platform supports Sign in with Apple. Apple may provide your name and email address, or a private relay email if you choose to hide your email.

• We do not access your Apple ID password.
• We do not request or store any additional Apple account data.
• Apple’s use of your information is governed by the Apple Privacy Policy.

Local Account Option

Users may alternatively create a local username/password account. Passwords are encrypted and never stored in plain text.

3. Use of the USGA GHIN Handicap System

The Platform integrates with the USGA GHIN Handicap System to allow players and leagues to view or post handicap‑related information.

• GHIN data is used only for the player or league that initiates the request.
• No GHIN data is shared, sold, or disclosed to any third‑party or technology company.
• GHIN credentials (if provided) are stored securely and used exclusively for GHIN functionality.
• We do not aggregate, analyze, or repurpose GHIN data for any external use.

4. Cookies

The Platform uses cookies only for essential authentication and login streamlining. Cookies are not used for advertising, analytics, tracking, or profiling. Their sole purpose is to maintain secure sessions and improve the login experience.

5. Data Usage & Non‑Disclosure Commitment

We maintain a strict policy of non‑distribution and non‑disclosure:

• No personal data is sold or shared with advertisers, analytics companies, or external technology vendors.
• No league data, player data, or GHIN data is shared outside the Platform.
• Data is used only to operate Platform features for the benefit of the user or league.

Your data stays within your league’s environment and is never used for cross‑league profiling or marketing.

6. Security Statement

Microsoft Azure Security

All data is stored and processed using Microsoft Azure, leveraging enterprise‑grade security features:

• Encryption in transit using TLS 1.2+
• Encryption at rest using Azure‑managed keys
• Azure Key Vault for secure storage of secrets, tokens, and credentials
• Role‑based access control (RBAC) to restrict internal access
• Mandatory auditing and logging for all administrative actions
• Network isolation and firewall protections for sensitive services

Account Security

• Passwords are hashed and salted using modern cryptographic standards.
• Session tokens are securely generated and time‑limited.
• Administrative actions require elevated permissions and are fully audited.

Operational Safeguards

• Regular security reviews and patching
• Continuous monitoring for suspicious activity
• Strict internal access controls
• Least‑privilege principles applied across all services

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your personal information. We honor all legally applicable privacy rights and provide transparent mechanisms for managing your data.

8. Contact

For privacy or security inquiries, please contact:
dev@mrgolfleague.com