Privacy Policy
Last updated June 2, 2026
Plain-English Summary
GroundsLedger stores your club's financial records to power your ledger, invoices, budgets, and reporting. We use anonymized, aggregated data to improve AI recommendations and industry benchmarks — data stripped of all identifying information that cannot be traced back to your club or any individual.
We do not sell your data, share identifiable records with third parties for marketing, or allow unauthorized access to your account. You can delete your account and all associated data at any time from your Profile page.
1. Who We Are
GroundsLedger ("we," "us," or "our") is a golf course budget management platform operated by GroundsLedger LLC. Our website is groundsledger.com. Contact us at privacy@groundsledger.com.
2. What We Collect
Account information: name, email address, job title, and password (stored as a salted hash by Supabase Auth).
Course financial data: invoices, budget allocations, GL codes, vendor records, equipment assets, capital projects, and historical actuals that you upload or enter.
Invoice files: PDF and image files you upload are stored in encrypted, access-controlled cloud storage. Only members of your course can read them.
Usage data: pages visited, session duration, and feature interactions — collected via Plausible Analytics (a privacy-first analytics tool that does not use cookies or track individuals).
Weather data: if you configure weather tracking, we store temperature, rainfall, and agronomic data for your course location using the Open-Meteo API. No personal information is involved.
3. How We Use Your Data
- Provide, operate, and improve the GroundsLedger platform.
- Generate AI-powered budget suggestions, GL code recommendations, and board reports using your course's own data via the Anthropic API.
- Send transactional emails (password resets, invoice notifications, trial reminders) via Resend.
- Generate anonymized, aggregated industry benchmarks that cannot identify any individual course.
- Detect and prevent fraud, abuse, and security incidents.
- Comply with legal obligations.
We do not use your identifiable financial data to train AI models for third parties or sell it to any party.
4. Third-Party Services
We use the following sub-processors. Each operates under its own privacy policy.
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All course and account data (encrypted at rest, us-east-1) |
| Vercel | Hosting and edge functions | Request logs (IP, path, headers) — retained 30 days |
| Anthropic | AI invoice parsing, GL suggestions, board reports | Invoice text, budget data — not used to train models (API use) |
| Resend | Transactional email | Email address, name |
| Plausible | Privacy-first analytics | Page URL, referrer — no cookies, no cross-site tracking |
| Stripe | Payment processing (when billing is active) | Name, email, payment method — GroundsLedger never sees card numbers |
| Open-Meteo | Weather data | Course latitude/longitude — no personal data |
5. Data Retention
We retain your data for as long as your account is active. If you delete your account, all course data — invoices, budgets, vendors, equipment records, and uploaded files — is permanently deleted within 30 days.
Anonymized, aggregated benchmark data derived from your records (with no identifying information) may be retained indefinitely as part of industry statistics.
6. Your Rights
Depending on your location, you may have the following rights:
- Access: request a copy of the personal data we hold about you.
- Rectification: correct inaccurate personal data.
- Erasure: delete your account and all associated data at any time from your Profile → Danger Zone section, or by emailing privacy@groundsledger.com.
- Portability: export your data using the export tools available in the app (Budget export, Invoice export).
- Objection: object to certain processing by contacting us.
We will respond to verified requests within 30 days.
7. Cookies & Tracking
GroundsLedger uses session cookies required for authentication (Supabase Auth). We do not use advertising cookies, third-party tracking pixels, or behavioral profiling. Our analytics provider (Plausible) is cookieless and does not track individuals across websites.
8. Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256 via Supabase). Invoice files are stored in a private bucket with row-level security — only members of your course can access your files. Access tokens are short-lived and rotated automatically. We conduct regular security reviews and have no record of unauthorized access.
9. Children's Privacy
GroundsLedger is a professional B2B tool intended for use by adults in a business context. We do not knowingly collect data from anyone under the age of 18.
10. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will notify account holders by email at least 14 days before the change takes effect. Continued use of the platform after that date constitutes acceptance of the updated policy.
11. Contact
Questions about this policy or a data request? Email privacy@groundsledger.com.
