Privacy Policy

Last updated June 2, 2026

Plain-English Summary

GroundsLedger stores your club's financial records to power your ledger, invoices, budgets, and reporting. We use anonymized, aggregated data to improve AI recommendations and industry benchmarks — data stripped of all identifying information that cannot be traced back to your club or any individual.

We do not sell your data, share identifiable records with third parties for marketing, or allow unauthorized access to your account. You can delete your account and all associated data at any time from your Profile page.

1. Who We Are

GroundsLedger ("we," "us," or "our") is a golf course budget management platform operated by GroundsLedger LLC. Our website is groundsledger.com. Contact us at privacy@groundsledger.com.

2. What We Collect

Account information: name, email address, job title, and password (stored as a salted hash by Supabase Auth).

Course financial data: invoices, budget allocations, GL codes, vendor records, equipment assets, capital projects, and historical actuals that you upload or enter.

Invoice files: PDF and image files you upload are stored in encrypted, access-controlled cloud storage. Only members of your course can read them.

Usage data: pages visited, session duration, and feature interactions — collected via Plausible Analytics (a privacy-first analytics tool that does not use cookies or track individuals).

Weather data: if you configure weather tracking, we store temperature, rainfall, and agronomic data for your course location using the Open-Meteo API. No personal information is involved.

3. How We Use Your Data

  • Provide, operate, and improve the GroundsLedger platform.
  • Generate AI-powered budget suggestions, GL code recommendations, and board reports using your course's own data via the Anthropic API.
  • Send transactional emails (password resets, invoice notifications, trial reminders) via Resend.
  • Generate anonymized, aggregated industry benchmarks that cannot identify any individual course.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not use your identifiable financial data to train AI models for third parties or sell it to any party.

4. Third-Party Services

We use the following sub-processors. Each operates under its own privacy policy.

ServicePurposeData shared
SupabaseDatabase, authentication, file storageAll course and account data (encrypted at rest, us-east-1)
VercelHosting and edge functionsRequest logs (IP, path, headers) — retained 30 days
AnthropicAI invoice parsing, GL suggestions, board reportsInvoice text, budget data — not used to train models (API use)
ResendTransactional emailEmail address, name
PlausiblePrivacy-first analyticsPage URL, referrer — no cookies, no cross-site tracking
StripePayment processing (when billing is active)Name, email, payment method — GroundsLedger never sees card numbers
Open-MeteoWeather dataCourse latitude/longitude — no personal data

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, all course data — invoices, budgets, vendors, equipment records, and uploaded files — is permanently deleted within 30 days.

Anonymized, aggregated benchmark data derived from your records (with no identifying information) may be retained indefinitely as part of industry statistics.

6. Your Rights

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: correct inaccurate personal data.
  • Erasure: delete your account and all associated data at any time from your Profile → Danger Zone section, or by emailing privacy@groundsledger.com.
  • Portability: export your data using the export tools available in the app (Budget export, Invoice export).
  • Objection: object to certain processing by contacting us.

We will respond to verified requests within 30 days.

7. Cookies & Tracking

GroundsLedger uses session cookies required for authentication (Supabase Auth). We do not use advertising cookies, third-party tracking pixels, or behavioral profiling. Our analytics provider (Plausible) is cookieless and does not track individuals across websites.

8. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256 via Supabase). Invoice files are stored in a private bucket with row-level security — only members of your course can access your files. Access tokens are short-lived and rotated automatically. We conduct regular security reviews and have no record of unauthorized access.

9. Children's Privacy

GroundsLedger is a professional B2B tool intended for use by adults in a business context. We do not knowingly collect data from anyone under the age of 18.

10. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify account holders by email at least 14 days before the change takes effect. Continued use of the platform after that date constitutes acceptance of the updated policy.

11. Contact

Questions about this policy or a data request? Email privacy@groundsledger.com.

Want to see if GroundsLedger fits your course?

We're onboarding a limited group of founding courses.

Request Early Access