Legal

Privacy Policy

Last updated: April 11, 2026

Effective date: April 11, 2026 (applies from this date forward unless we notify you otherwise).

Who we are

SCORD LLC (“SCORD,” “we,” “us”) provides an AI-powered platform that helps golf courses build and run their digital presence (websites, booking workflows, content, reputation insights, and reporting). Our site is https://scord.golf.

Mailing address: SCORD LLC, PO Box 233, Draper, UT 84020.

Privacy contact: privacy@scord.golf

Roles of the parties

When a golf course subscribes to SCORD, the course is the data controller for golfer personal data collected through its SCORD-hosted site (bookings, inquiries, contact forms). SCORD acts as a data processor and will only process such personal data on documented instructions from the controller (the course), unless required to do so by applicable law, in which case SCORD will inform the controller of that legal requirement before processing (unless the law prohibits such notice).

For data that SCORD collects independently (analytics on scord.golf, prospect and lead information, account data for the customer portal), SCORD is the data controller.

Where applicable, SCORD will enter into a Data Processing Addendum (DPA) with customers upon request. Contact privacy@scord.golf to request a DPA.

Information we collect

From golf courses (our customers)

From golfers (end users of course websites we host or power)

Automatically

Legal bases for processing

Where applicable (including under the GDPR), we rely on the following legal bases:

How we use information

We use personal and business information to:

AI processing

We use third-party artificial intelligence services to generate and refine website copy, analyze reviews or public signals, and produce reports or summaries for courses. Course and operational data you provide may be sent to AI APIs for processing so we can deliver these features. We configure our use consistent with provider terms and our agreements.

Data boundaries. Course operational data may be included in AI processing. Golfer personal data (names, emails, phone numbers, payment details) is not sent to AI APIs unless specifically required for a feature you have enabled, and only the minimum data necessary is included.

No training. We do not use golfer personal data to train third-party AI models, and we do not permit our AI providers to use data sent through our API calls for model training purposes.

Retention by AI providers.Retention of prompts or outputs on vendor systems is governed by the AI provider’s policies and our configuration choices. We select API configurations that minimize or eliminate provider-side data retention where available.

Opt-out. If you prefer that your course data not be processed by AI tools, contact privacy@scord.golf. Opting out may limit certain features (such as automated content generation and review analysis).

How we share information

We share data with service providers (subprocessors) who help us run SCORD, including:

Each subprocessor is bound by contractual obligations to process data only as necessary to provide their services to us, to maintain appropriate security measures, and not to use the data for their own independent purposes. We maintain a current list of subprocessors and will provide customers with at least 30 days’ advance notice before adding or replacing a subprocessor that processes personal data. If you object to a new subprocessor on reasonable data protection grounds, you may notify us within that notice period; we will work in good faith to address the concern, which may include offering an alternative configuration or, if no resolution is feasible, allowing you to terminate the affected services without penalty.

We do not sell personal information and we do not share golfer data across courses for their independent marketing.

We may disclose information if required by law, legal process, or to protect the rights, safety, and security of SCORD, our customers, or the public.

Data retention

Active accounts: We retain customer and golfer data for as long as needed to provide the services and for legitimate business purposes such as billing, security, and compliance.

Cancelled accounts: After your service period ends, portal access becomes read-only for data export purposes. Your hosted site is taken offline 7 days after service ends. Self-service data export remains available for 30 days after termination; after that, export requests are honored on a reasonable-effort basis by contacting us. We generally delete or de-identify customer data within 90 days after service ends, subject to legal retention requirements and reasonable operational delays. Billing, cancellation, offboarding, and refunds follow our Terms of Service.

Your privacy rights (including golfers)

Depending on where you live, you may have rights to access, correct, delete, or restrict certain processing of personal data, to data portability, and to lodge a complaint with a supervisory authority.

Golfers may contact the golf course directly (as the data controller), or email privacy@scord.golf to request access, correction, or deletion of personal data processed on a course’s behalf, including booking history where applicable. We will coordinate with the course to honor verified requests consistent with law.

Courses (customers) may request exports or deletion through the same contact or your account team.

We respond to verified privacy rights requests within 30 days (or sooner where required by law). If we need additional time, we will notify you of the extension and the reason.

Security

We use encryption in transit (TLS), access controls, database protections (including row-level security where applicable), and careful handling of secrets. We monitor errors and reliability through tools such as Sentry. No method of transmission or storage is perfectly secure; we work to follow reasonable industry practices.

Breach notification

In the event of a security breach involving personal data, SCORD will:

Cookies

We use cookies and similar technologies that are necessary to operate authenticated areas (for example the customer portal). We do not use advertising cookies for cross-site tracking on SCORD-controlled experiences as described here.

Do Not Track

Some browsers transmit “Do Not Track” (DNT) signals. There is no industry-standard interpretation of DNT signals at this time. We do not currently respond to DNT signals, but we do not engage in cross-site tracking of individual users on SCORD-controlled properties.

Children

SCORD is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

California residents (CCPA / CPRA)

California residents may have the right to know what personal information we collect, to request deletion, and to opt out of the “sale” or “sharing” of personal information as defined by California law. We do not sell personal information. To exercise rights, email privacy@scord.golf. We will verify requests as required by law.

International visitors

SCORD is based in the United States. If you access our services from outside the United States, you understand that your information may be processed in the United States and other locations where we or our subprocessors operate. Where required by law, we rely on appropriate safeguards (such as standard contractual clauses) for international data transfers.

Changes to this policy

We may update this policy from time to time. If we make a material change, we will provide at least 30 days’ notice by email to active customers (where we have an address) and/or a prominent notice on our website before the change takes effect. The Last updated date at the top reflects the latest revision.

Related terms

Use of the SCORD platform is also governed by our Terms of Service.

Contact

Questions about privacy or data rights: privacy@scord.golf

SCORD LLC
PO Box 233
Draper, UT 84020