Privacy Policy

Introduction

Software Secrets LLC - PracticeCaddie ("we," "us," "our," or "Company") operates Software Secrets - PracticeCaddie, a web application, mobile application, and website (collectively, the "Service"). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your data.

This policy applies to all users of Software Secrets - PracticeCaddie, regardless of location. We comply with applicable privacy laws in the United States (including California and other state laws), the European Union, the United Kingdom, Canada, Australia, Brazil, and other jurisdictions where our users are located.

Effective Date: April 30, 2026
Last Updated: April 30, 2026

Information We Collect

We collect personal information in the following categories:

Information You Provide Directly

Account and Contact Information: name, email address, and other details you enter when creating an account or contacting our support team
Payment Information: payment details (such as credit card information) provided to process your transactions; this information is processed by a third-party payment processor (Stripe for web purchases; Apple's App Store and Google Play for in-app purchases) and is not retained in full on our servers
Communications: any messages, feedback, or support inquiries you send to us

Information Collected Automatically

Device Information: information about the device you use to access the Service, including device type, operating system, browser type, device identifiers, and device model
Usage Data: information about how you interact with the Service, including pages or features accessed, time spent, actions taken, and interaction patterns
Cookies and Tracking Technologies: data collected through cookies, pixels, and similar tracking technologies (see the "Cookies and Tracking Technologies" section for details)

Information from Third Parties

Third-Party Login Services: if you log in via a third-party service, we receive information from that service in accordance with your privacy settings there
Analytics and Monitoring Tools: information collected by our analytics and monitoring partners to understand Service performance and user behavior

How We Collect Information

We collect information through the following methods:

Forms and Direct Input: when you create an account, make a purchase, contact support, or otherwise provide information directly
Cookies and Browser Storage: persistent and session-based cookies, web storage, and similar technologies on our website and web app
Analytics Tools: Google Analytics, Sentry, and Posthog track user interactions, performance metrics, and usage patterns
Third-Party Authentication: login integration with third-party identity providers
Payment Processing: collection of payment information through our payment processor
Automatic Collection: server logs, IP addresses, and device information collected automatically when you access the Service
Customer Support: information you provide when contacting our support team

How We Use Your Information

We use your personal information for the following purposes:

Providing the Service: creating and maintaining your account, delivering features, processing payments, and fulfilling your requests
Improving the Service: analyzing usage patterns, identifying bugs, and developing new features and improvements
Communication: sending you service updates, security alerts, and responding to your inquiries
Marketing: sending promotional materials, newsletters, and marketing communications (with your consent where required by law)
Analytics and Research: understanding user behavior, measuring Service performance, and conducting aggregate statistical analysis
Security and Fraud Prevention: protecting against unauthorized access, fraud, and other malicious activity
Legal Compliance: complying with applicable laws, regulations, court orders, and lawful government requests
Advertising: delivering personalized advertisements and measuring advertising effectiveness
Billing: maintaining transaction records, managing subscriptions, and processing refunds

Lawful Bases for Processing (GDPR/UK GDPR)

If you are in the European Union, the United Kingdom, or another jurisdiction requiring a lawful basis for processing:

Contractual Necessity: processing required to provide the Service and fulfill your requests
Consent: where you have explicitly agreed to processing (e.g., marketing communications, analytics)
Legal Obligation: processing required by law, regulation, or court order
Legitimate Interests: processing for fraud prevention, security, analytics, and Service improvement, balanced against your rights
Performance of a Public Task: where applicable under law

Information Sharing and Disclosure

Third-Party Service Providers

We do not sell your personal information to third parties for their independent marketing purposes. However, we share information with service providers who perform functions on our behalf, including:

Analytics Providers: Google Analytics, Sentry, and Posthog receive usage and performance data to help us understand how the Service is used
Payment Processors: payment information is shared with Stripe (for web purchases) and with Apple or Google (for App Store and Google Play purchases) to process transactions
Push Notification Service: Firebase receives information necessary to deliver push notifications to your device
AI and Machine Learning Providers: Anthropic receives certain data for processing and analysis purposes

These service providers are contractually required to use your information only as necessary to provide their services and to maintain the confidentiality and security of your data.

Legal Disclosures

We may disclose your information when required by law, in response to legal process (such as a court order or subpoena), or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

If we are acquired, merged, or sold, your information may be transferred as part of that transaction. We will notify you of any such change and provide you with options regarding your personal information if required by law.

No Sale or Sharing

We do not sell or share your personal information with third parties for their direct marketing purposes, advertising targeting, or cross-context behavioral advertising without your explicit consent.

Data Retention

We retain your personal information for as long as necessary to provide the Service, fulfill the purposes outlined in this policy, and comply with applicable laws.

Account Information: retained for the duration of your account and for a reasonable period afterward to comply with legal and tax obligations
Payment Information: retained only as long as necessary for transaction processing and dispute resolution; full payment details are not stored on our servers
Usage and Analytics Data: typically retained for a period of time sufficient to analyze Service performance and user behavior, after which it is deleted or anonymized
Communications: retained as necessary for providing support and resolving issues
Legal and Compliance Records: retained as required by applicable law

When you request deletion of your account, we will remove your personal information within the timeframes specified in the "Your Privacy Rights" section, except where retention is required by law.

Your Privacy Rights

The privacy rights available to you depend on your location. Below are the rights that may apply:

European Union / European Economic Area (GDPR)

If you are located in the EU or EEA, you have the following rights under the General Data Protection Regulation:

Right to Access: you may request a copy of the personal information we hold about you
Right to Rectification: you may request correction of inaccurate or incomplete information
Right to Erasure: you may request deletion of your personal information under certain circumstances (the "right to be forgotten")
Right to Restrict Processing: you may request that we limit how we use your information
Right to Data Portability: you may request that we provide your information in a portable, machine-readable format
Right to Object: you may object to processing based on our legitimate interests or for direct marketing
Right to Lodge a Complaint: you may file a complaint with the European Data Protection Board or your local data protection authority

United Kingdom (UK GDPR)

If you are located in the United Kingdom, you have similar rights under UK GDPR:

Right to Access: request a copy of your personal information
Right to Rectification: request correction of inaccurate data
Right to Erasure: request deletion of your information
Right to Restrict Processing: request limitation of how your data is used
Right to Data Portability: request your data in a portable format
Right to Object: object to processing of your information
Right to Lodge a Complaint: file a complaint with the Information Commissioner's Office (ICO)

California (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to Know: you may request what personal information we collect, use, share, and sell
Right to Delete: you may request deletion of personal information we have collected, subject to certain exceptions
Right to Correct: you may request correction of inaccurate personal information
Right to Opt Out: you may opt out of the sale or sharing of your personal information for cross-context behavioral advertising
Right to Non-Discrimination: we will not discriminate against you for exercising your rights
Right to Limit: you may limit our use of sensitive personal information to purposes necessary to provide the Service

Canada (PIPEDA)

If you are located in Canada, you have the following rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

Right to Access: you may request access to your personal information
Right to Request Correction: you may request correction of inaccurate information
Right to Withdraw Consent: you may withdraw consent to the processing of your information
Right to Lodge a Complaint: you may file a complaint with the Office of the Privacy Commissioner of Canada

Australia (Privacy Act)

If you are located in Australia, you have the following rights under the Privacy Act 1988:

Right to Access: you may request access to your personal information
Right to Correction: you may request correction of inaccurate information
Right to Complaint: you may lodge a complaint with the Office of the Australian Information Commissioner

Brazil (LGPD)

If you are located in Brazil, you have the following rights under the Lei Geral de Proteção de Dados (LGPD):

Right to Access: you may request access to your personal information
Right to Correction: you may request correction of inaccurate data
Right to Deletion: you may request deletion of your data under certain circumstances
Right to Data Portability: you may request your information in a portable format
Right to Opt Out: you may opt out of certain processing activities
Right to Lodge a Complaint: you may file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD)

How to Exercise Your Rights

To exercise any of the rights described above, please contact us at support@practicecaddie.com with a clear description of your request and, where applicable, proof of your identity. We will respond to your request within the following timeframes:

EU/EEA and UK: within 30 days of receipt (extendable by two months for complex requests)
California: within 45 days of receipt
Canada: within 30 days of receipt
Australia: within 30 days of receipt
Brazil: within 15 days of receipt

We may request additional information to verify your identity or clarify your request. If we cannot fulfill your request, we will explain why.

Children's Privacy

Software Secrets - PracticeCaddie is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13 without parental consent, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided information to us, please contact us immediately at support@practicecaddie.com.

For users located in California and other jurisdictions with child-specific privacy protections, we comply with applicable laws regarding the collection and use of information from minors.

International Data Transfers

Software Secrets - PracticeCaddie operates globally, and your personal information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may not have data protection laws equivalent to those of your home country.

When we transfer personal information internationally, we implement appropriate safeguards, including:

Standard Contractual Clauses (SCCs): for transfers from the EU/EEA and UK, we use Standard Contractual Clauses approved by the European Commission
Binding Corporate Rules (BCRs): where applicable, we rely on binding corporate rules
Your Consent: where permitted by law, we obtain your consent for transfers

By using Software Secrets - PracticeCaddie, you consent to the transfer of your personal information to countries outside your country of residence, which may have different data protection standards than your home country.

Security Measures

We implement technical and organizational measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction, including:

Encryption: sensitive data is encrypted in transit using industry-standard protocols (TLS/SSL)
Access Controls: personal information is restricted to authorized employees and service providers on a need-to-know basis
Secure Authentication: account access is protected through password and multi-factor authentication mechanisms
Regular Security Assessments: we conduct periodic security reviews and vulnerability assessments
Incident Response: we maintain procedures to detect, respond to, and report security incidents
Payment Security: payment information is processed by a PCI-DSS compliant third-party payment processor

However, no security measure is completely impenetrable. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content. This section explains how these technologies work and how you can manage them.

Types of Cookies We Use

Essential Cookies: required for core functionality such as authentication, session management, and security
Analytics Cookies: used by Google Analytics, Sentry, and Posthog to track user behavior, measure performance, and improve the Service
Preference Cookies: remember your settings and preferences
Marketing Cookies: used to deliver targeted advertisements and measure campaign effectiveness

Tracking Technologies

Beyond cookies, we may use:

Pixels and Web Beacons: small tracking images embedded in pages and emails to measure engagement
Local Storage and Session Storage: browser storage mechanisms similar to cookies
Server-Side Tracking: collection of IP addresses and request data in server logs

Managing Your Preferences

You can control cookie and tracking preferences through:

Browser Settings: most browsers allow you to refuse cookies or alert you when a cookie is being set. You can manage these settings in your browser preferences (consult your browser's help documentation for instructions)
Opt-Out Mechanisms: analytics providers offer opt-out tools:
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Posthog: available through in-app settings or by requesting opt-out via support
Do Not Track (DNT): if your browser supports DNT signals, we will honor such signals, though not all third parties may respect them
Mobile Settings: on mobile devices, you can manage app-level tracking through device settings

Please note that disabling cookies may affect the functionality of certain features of the Service.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, applicable law, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where required by law, by providing additional notice (such as via email or a prominent notification within the Service).

Your continued use of Software Secrets - PracticeCaddie following the posting of revised terms means you accept and agree to the changes. We encourage you to review this policy periodically to stay informed about how we protect your information.

Platform Privacy Requirements

Apple iOS App Store

Software Secrets - PracticeCaddie is distributed through the Apple iOS App Store and complies with Apple's App Store Review Guidelines regarding privacy and data protection.

App Privacy Details and Data Collection: This privacy policy aligns with the App Privacy Details (privacy nutrition labels) configured in App Store Connect. We collect and process the following data categories as described in this policy:

Contact Information: name and email address
Payment Information: collected through our payment processor
Device Information: device type, operating system, identifiers, and model
Usage Data: information about how you interact with the Service
Identifiers: unique identifiers assigned to your device and account

Third-Party Data Practices: We integrate third-party code and services that may access or receive personal information:

Google Analytics: receives usage and performance data to analyze user behavior
Sentry: receives error and performance data for monitoring Service stability
Posthog: receives analytics data for understanding user interactions and feature usage
Firebase: receives information necessary to deliver push notifications
Anthropic: receives certain user data for processing and analysis through our AI features

Data shared with these third parties is used for the purposes described in this policy and their respective privacy policies. We do not permit these partners to use your data for their own marketing or advertising purposes unless you have explicitly consented.

Data Linked to User Identity: All personal information collected by Software Secrets - PracticeCaddie is either linked to your user account or device. We do not derive identifiers from device characteristics to track users across apps or websites. Usage data, analytics, and performance metrics may be linked to your account or device to provide a personalized experience and improve the Service.

User Deletion and Account Controls: You may request deletion of your account and associated personal information at any time by contacting us at support@practicecaddie.com or through the account settings within the app. When you request deletion, we will remove your personal information within 30 days, except where retention is required by law or for fraud prevention. You can also manage your app permissions (such as notifications) through your device's iOS settings.

Permission Rationales:

Push Notifications: We use push notifications to keep you informed of important updates, service announcements, and features relevant to your account. You can disable push notifications at any time through iOS Settings > Notifications > Software Secrets - PracticeCaddie or within the app settings.

Third-Party AI Vendor Disclosure (Guideline 5.1.2(i)):

Software Secrets - PracticeCaddie uses Anthropic, a third-party AI vendor, to process certain user data. Specifically:

Categories of Data Shared: name, email, usage patterns, and interaction data within the Service
Purpose: to provide AI-powered features that enhance your experience, such as personalized recommendations, content analysis, and service improvements
User Consent: Before any personal data is shared with Anthropic, we obtain your explicit consent through an in-app prompt. You can withdraw consent at any time through app settings or by contacting support@practicecaddie.com.

Google Play Store

Software Secrets - PracticeCaddie is distributed through the Google Play Store and complies with Google Play Developer Program Policies regarding privacy and data protection.

App Identity and Policy Accessibility: This privacy policy is publicly accessible on our website at https://practicecaddie.com and within the app. The policy is titled "Privacy Policy," identifies Software Secrets - PracticeCaddie by name and developer (Software Secrets LLC - PracticeCaddie), and provides a contact mechanism for privacy inquiries.

Data Collection, Usage, and Sharing: As described throughout this policy, Software Secrets - PracticeCaddie collects personal and sensitive data including:

Personal Information: name, email address, payment information
Device Information: device type, operating system, identifiers, and unique device identifiers
Usage Data: interactions with features, pages accessed, and time spent in the app
Sensitive Data: payment information processed through our payment processor

This data is used for providing the Service, improving features, processing payments, and delivering analytics and security features as detailed in the "How We Use Your Information" section.

Third-Party Data Sharing: We share personal and sensitive data with the following third parties:

Google Analytics: analytics and usage tracking
Sentry: error monitoring and performance tracking
Posthog: product analytics and user behavior analysis
Firebase: push notification delivery
Anthropic: AI processing and analysis
Payment Processor: payment processing and transaction management

Each third party receives only the data necessary to perform their function and is contractually obligated to maintain data confidentiality and security.

Secure Data Handling: We implement encryption, access controls, secure authentication, regular security assessments, and incident response procedures to protect personal and sensitive data from unauthorized access, disclosure, alteration, and destruction.

Data Retention and Deletion: We retain personal information as described in the "Data Retention" section. Users may request deletion of their account and associated personal data by contacting support@practicecaddie.com or through the in-app account settings. Deletion requests are processed within 30 days, except where retention is required by law.

Account Deletion URL: Users can request account and personal-data deletion at https://practicecaddie.com/account-deletion or by contacting support@practicecaddie.com.

Data Safety Form Alignment: This privacy policy is kept consistent with the app's Data Safety declarations in Google Play Console. All disclosures in this policy match the data types, purposes, and third-party sharing practices declared in the Data Safety form.

Contact Information

Privacy Contact Email: support@practicecaddie.com

Company / Legal Entity: Software Secrets LLC - PracticeCaddie

Service / Product Name: Software Secrets - PracticeCaddie

Website: https://practicecaddie.com

Mailing Address:
155 31st Street
Ogden, UT 84401

Response Time: Privacy requests are answered within the timeframes described in the Your Privacy Rights section.

Supervisory Authority Links: For users in specific jurisdictions, you may contact the following authorities regarding data protection:

European Union / EEA: European Data Protection Board — https://edpb.europa.eu/
United Kingdom: Information Commissioner's Office — https://ico.org.uk/
California: California Privacy Protection Agency — https://cppa.ca.gov/
Canada: Office of the Privacy Commissioner of Canada — https://www.priv.gc.ca/
Brazil: Autoridade Nacional de Proteção de Dados (ANPD) — https://www.gov.br/anpd/
Australia: Office of the Australian Information Commissioner — https://www.oaic.gov.au/