1. Overview

Office Pool Golf ("OPG," "we," "us," or "our") operates officepoolgolf.com (the "Service"). OPG is an entertainment platform for organizing golf tournament prediction pools. We do not collect, hold, or distribute money. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using the Service you agree to the practices described here.

2. Information We Collect

3. How We Use Your Information

We use collected information to:

• Create and maintain your account
• Operate pool creation, entry submission, and leaderboard features
• Send email notifications (pool status changes, entry confirmations, roster alerts, round recaps, and other categories described in Section 9)
• Detect and prevent fraud, abuse, or violations of our Terms of Service
• Improve and debug the Service
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

4. Legal Name vs. Public Username

Your legal name (if provided) is stored privately and is never displayed publicly. Other users see only your chosen username. On guest-accessible pages (viewable without an account), even usernames are redacted.

5. Third-Party Services

We use the following third-party services to operate the platform:

• Supabase — Database hosting and authentication infrastructure. Your account data and pool data are stored in Supabase's PostgreSQL database.
• Vercel — Application hosting and deployment.
• Cloudflare — DNS management and email routing.
• Google — OAuth authentication provider. When you sign in with Google, Google's privacy policy governs the information Google collects and shares with us. We receive only what is necessary to authenticate your account (email, and optionally name and profile photo). We do not receive your Google password.
• Gmail SMTP — Email delivery. All emails are sent from [email protected].

We also use publicly available golf data from sources such as ESPN, PGA Tour, and the Official World Golf Ranking (OWGR) to provide tournament scores, player rankings, and leaderboard data. No user data is sent to these services. These services are used solely to retrieve publicly available golf tournament information.

Each third-party provider processes data under their own privacy and security commitments.

6. Data Sharing

We share your information only in these limited circumstances:

• Service providers — The third-party services listed in Section 5 process data on our behalf to operate the platform.
• Other users — Your username is visible to other pool participants. Your email may be visible to pool commissioners for pools you have joined (for payment coordination purposes). Your legal name is never shared.
• Legal requirements — We may disclose information if required by law, subpoena, or to protect the rights and safety of users or the public.
• Business transfer — If Office Pool Golf is acquired or merges with another entity, your data may be transferred as part of that transaction.

7. Data Retention

User profiles are retained for as long as your account is active. You may request deletion at any time (see Section 12).

Pool data retention depends on the pool's tier level:

• Par tier pools are archived after 30 days
• Birdie tier pools are archived after 365 days
• Eagle and Albatross tier pools are retained indefinitely

Archived pools are removed from active views but are not permanently deleted. We may retain certain records longer if required by law or for legitimate business purposes such as resolving disputes.

8. Security

We implement security measures to protect your data, including:

• HTTPS encryption for all connections
• Security headers: Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy
• Row-Level Security (RLS) policies on all database tables, ensuring users can only access data they are authorized to see
• Rate limiting on all write API endpoints to prevent abuse
• Content filtering to prevent inappropriate language in user-generated content

OPG does not store user passwords. Authentication is handled entirely by Supabase (via Google OAuth or magic link). Pool passwords (used to restrict pool access) are hashed using bcrypt and are never stored in plaintext.

No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Notifications (Email, Push, In-App)

Emails are sent from [email protected]. We send notifications across the following categories:

• Entry confirmations (transactional — always sent)
• Pool status changes (locked, completed, etc.)
• Pool setting edits
• Roster alerts (player withdrawals)
• Tournament field changes
• Tournament updates
• Round recaps (Birdie+ tiers)
• Season kickoff announcements
• Commissioner digests and payment alerts (for pool commissioners)

All non-transactional notifications can be individually disabled in your notification settings. You can also pause all non-transactional notifications with a single toggle, or set opt-in quiet hours (default 10pm–7am local). Every non-transactional email includes an unsubscribe link.

Web push notifications. If you opt in, OPG can send push notifications to your browser or installed app — for example, big-move alerts on the leaderboard (Eagle+ pools) or cut-line alerts at the end of round 2. Push delivery is handled by your browser vendor's push service (e.g., Mozilla, Google, Apple). The notification payload contains only the information needed to render the alert and is encrypted end-to-end using VAPID keys. You can revoke push at any time from your notification settings or from your browser/device permissions.

In-app inbox. Every notification we send you is also written to your in-app inbox at My Clubhouse → Notifications, regardless of whether email or push was actually delivered. The inbox is visible only to you.

10. No Financial Data

OPG does not collect, hold, or distribute money. Entry fees and payouts for pools are arranged directly between pool commissioners and participants. The payment ledger feature (available on Birdie+ tier pools) is a tracking tool only — it records self-reported payment status but does not process any financial transactions.

When joining a pool with an entry fee, participants are required to acknowledge a disclaimer confirming they understand that OPG has no role in financial arrangements.

11. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will delete it promptly.

12. Your Rights and Choices

You have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request that inaccurate data be corrected.
• Deletion — Delete your account at any time from your Account Settings. Doing so permanently scrubs your personal information (username, name, phone, avatar). Your historical pool entries remain visible to other members of past pools you joined, displayed as “Deleted user.” If you need help with deletion or want to request manual deletion, email [email protected].
• Opt out of emails — Manage notification preferences in your account settings or unsubscribe via the link in any non-transactional email.

To exercise any of these rights, contact us at [email protected].

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: