FESCUE
Request Demo

Last updated: 15 July 2026

Privacy Policy

TeeTrack Ltd, trading as Fescue · Company No. 16610438

This Privacy Policy sets out how TeeTrack Ltd, trading as Fescue processes personal data in connection with the Fescue platform and mobile application. It applies to all users, including individual golfers, golf club administrators, Authorised Users, and junior members.

Privacy Policy in Plain English

Here's what you actually need to know:

What we collect:

  • Your name, email, club membership details, handicap index and golfing preferences
  • Golf activity: scores, scorecards, round history, competition results
  • Booking information and payment references (full card data handled by PCI-compliant partners)
  • Contact details, membership details and EPOS wallet balances
  • Device info and usage analytics to improve the platform
  • Location data when you enable GPS features
  • Junior member data (with parental consent) for safeguarding

What we don't do:

  • Sell your data to third parties (ever)
  • Share your personal info for unrelated marketing
  • Store full card details on our systems
  • Send marketing without your consent

Your rights:

  • Access a copy of all your data
  • Correct anything that's inaccurate
  • Request deletion of your data
  • Receive your data in a portable format
  • Object to processing or complain to the ICO

Got questions? Contact us at hello@fescue.club. We aim to respond within 48 hours.

1. Who We Are

TeeTrack Ltd, trading as Fescue, a company registered in England and Wales (Company No. 16610438) with registered office at Silverstream House, 45 Fitzroy Street, London, England, W1T 6EB. Where we determine the purpose and means of processing your personal data, we act as the data controller.

We process personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018. If you have any concerns, contact us at hello@fescue.club.

2. Information We Collect

CategoryExamplesPurpose
Account & ProfileName, title, email, club membership details, handicap index, CDH number, golfing preferences, date of birth, genderAccount management and personalised experience
Golf ActivityScores, scorecards, round history, competition results, performance statistics, WHS handicap dataPerformance tracking, competition administration, WHS™ data submission
Booking InformationTee time reservations, courses visited, booking preferences, payment referencesBooking facilitation and transaction management
Contact InformationHome, mobile and work telephone numbers, email addresses (primary and alternative), postal addressCommunications and member services
Payment InformationTransaction records, last four card digits, EPOS wallet balances, billing records, direct debit mandates (full card data processed by PCI-compliant payment partners)Payment processing and record-keeping
Membership DetailsMembership category, join date, locker number, storage authorisations (buggy, trolley, club), membership status, leaving dateMember administration and club operations
Location DataGPS coordinates during rounds (when enabled), postcode-derived distance-from-club data, course location dataGPS features, course mapping, member map, distance calculations
Device & UsageDevice type, OS, app version, usage analytics, IP address, log filesPlatform performance, bug fixing, product improvement
CommunicationsSupport queries, feedback and correspondenceCustomer support and service improvement
Junior Member DataDate of birth, parental/guardian contact details (name, email, telephone), parental consent recordsAge verification, safeguarding, and parental communication
Special Category DataHealth-related information where provided (e.g. medical suspension notes)Member administration where disclosed by the club; processed with enhanced security controls

3. Legal Basis for Processing

  • Contractual necessity: To deliver the Fescue Services you have signed up for and fulfil our obligations under these Terms.
  • Legitimate interests: To improve and secure the Platform, prevent fraud, conduct analytics and operate our business effectively. We have balanced our legitimate interests against your rights and freedoms.
  • Consent: For marketing communications and optional features such as location tracking. You may withdraw consent at any time through your Account settings or by contacting us.
  • Legal obligation: To comply with regulatory requirements, payment processing rules and other legal duties.
  • Vital interests / safeguarding: Where processing is necessary to protect the vital interests of a child or vulnerable person.

4. How We Share Your Information

4.1 Golf Clubs and Governing Bodies

Where you use Fescue in connection with golf club membership, competitions or handicap management, we share relevant data (such as your name, handicap index and scores) with the relevant Golf Club, and where applicable, with licensed Governing Body platforms including the WHS™ Clubhouse. This sharing is necessary to provide the Services and, where required, to ensure compliance with Governing Body licensing obligations. The Governing Body's privacy notice will be made available to Users accessing WHS™ data, as required under the applicable licence.

4.2 Payment Processors

We work with PCI-DSS-compliant payment service providers who process transactions securely. Full card data is not stored on Fescue systems.

4.3 Service Providers and Sub-processors

We engage third-party service providers who support our infrastructure under strict data processing agreements. All sub-processors handling personal data outside the UK or EEA are subject to appropriate international transfer safeguards (see Section 11).

ProviderServiceData Processed
Supabase Inc.Cloud database, authentication, and backend infrastructureAll member and platform data
Resend Inc.Transactional and club email deliveryName, email address
Square Inc.Payment processing and EPOS integrationPayment data, transaction records
Retell AI Inc.AI voice concierge services (Wendy)Member name, booking and account data during calls
Mapbox Inc.Mapping and geolocation for member map functionalityPostcode-derived coordinates
OneSignal Inc.Push notification deliveryDevice token, notification content
Median.coMobile application hosting and wrapper servicesApp usage data

4.4 Legal Requirements

We may disclose personal data where required by law, in connection with legal proceedings, or to establish, exercise or defend legal rights.

4.5 Business Transfers

In the event of a merger, acquisition or sale of assets, personal data may be included in the transferred assets. We will notify Users via email or a prominent platform notice in advance.

4.6 No Sale of Data

Your personal data is never sold or shared for unrelated third-party marketing purposes.

5. Data Storage and Security

Fescue's primary systems and data are hosted by Supabase Inc. in the United States. Some supporting services also operate from the United States (see Section 4.3). Where personal data is transferred outside the UK, appropriate safeguards are in place, including the UK International Data Transfer Agreement (IDTA) or equivalent mechanisms (see Section 11).

Payment data is handled by PCI-DSS-compliant partners and is not stored on Fescue's primary systems. We implement technical and organisational security measures appropriate to the risk, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls (RBAC) and Row Level Security (RLS) policies on all database tables
  • Multi-factor authentication for administrative access
  • Regular security assessments and vulnerability reviews
  • Audit logging of access to and modification of personal data
  • Staff training on data protection obligations
  • Incident detection and response procedures

6. Data Retention

We retain personal data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes and enforce our agreements. When data is no longer required, it is securely deleted or anonymised. Users may request deletion at any time (see Section 7).

Indicative retention periods:

Data CategoryRetention Period
Active member recordsDuration of membership plus 2 years following resignation or termination
Financial and transaction records7 years from the transaction date (HMRC / Companies Act 2006 requirement)
Deceased member records2 years from date of death notification
Junior member recordsUntil the member reaches 18, then treated as adult member records
Backup and audit logsUp to 90 days beyond the applicable primary retention period

7. Your Rights Under UK GDPR

RightDescription
Right of AccessRequest a copy of the personal data we hold about you.
Right to RectificationRequest correction of inaccurate or incomplete data.
Right to ErasureRequest deletion of your data where it is no longer necessary, you withdraw consent, or it has been unlawfully processed (subject to legal retention obligations).
Right to Restrict ProcessingRequest that we restrict processing in certain circumstances.
Right to Data PortabilityReceive your data in a structured, machine-readable format and transmit it to another provider.
Right to ObjectObject to processing based on legitimate interests, and to direct marketing at any time.
Right to Withdraw ConsentWithdraw any consent you have provided at any time, without affecting the lawfulness of prior processing.
Right to ComplainLodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/concerns · 0303 123 1113.

To exercise any of the above rights, contact us at hello@fescue.club. We will respond within one calendar month. We may verify your identity before processing a request.

8. Cookies and Analytics

We use the following cookies and equivalent technologies:

CookieDurationPurpose
Essential Service CookiesSession to 1 yearRequired for Platform functionality: authentication, session management and preference storage.
Analytics CookiesUp to 24 monthsUsage analytics — aggregated and anonymised where possible.
Third-Party CookiesVariesSet by payment processors and service partners. Controlled by those third parties — see their respective policies.

You may manage cookies through your browser or device settings. Disabling certain cookies may affect Platform functionality. For further information: www.aboutcookies.org.

9. Marketing Communications

Where required by law, we will only send marketing communications with your consent. You may withdraw consent and opt out at any time by:

  • Using the unsubscribe link in any marketing email
  • Adjusting preferences in your Account settings
  • Contacting hello@fescue.club

Essential service communications (booking confirmations, account alerts, billing notices) are not affected by marketing opt-outs.

10. Children and Junior Members

Fescue supports junior golf club memberships, including members under the age of 13 and those aged 13 to 17. Where junior members are registered through a golf club, the golf club acts as the data controller for those members and is responsible for obtaining appropriate parental or guardian consent.

Where Fescue processes personal data relating to junior members as a data processor on behalf of a golf club, we apply enhanced security controls and access restrictions to that data.

Personal data relating to junior members (including date of birth and parental contact details) is processed solely for the purpose of club membership administration and safeguarding. It is not used for marketing or shared with third parties except as required to provide the Services.

Parents or guardians who believe their child's personal data has been provided without their consent should contact us at hello@fescue.club. We will investigate and delete data promptly where appropriate.

Fescue does not knowingly create accounts directly accessible to children under the age of 13 without parental consent and club authorisation.

11. International Data Transfers

Several of Fescue's sub-processors are based in the United States, which means your personal data may be transferred to and processed in the United States when you use the Platform.

Where such transfers occur, Fescue ensures that appropriate safeguards are in place, including:

  • The UK International Data Transfer Agreement (IDTA) or addendum to the EU Standard Contractual Clauses, as applicable
  • Binding contractual obligations on sub-processors to maintain equivalent data protection standards

A full list of sub-processors and their locations is set out in Section 4.3. Fescue will notify users of any material changes to its sub-processor arrangements.

Fescue shall not transfer personal data to any country or territory without ensuring adequate protection is in place.

12. Changes to This Policy

We may update this Policy to reflect changes in our practices, technology, sub-processors, or legal requirements. Updates will be posted with a revised "Last Updated" date. Where changes are material, we will notify Users by email or through a prominent platform notice. We encourage periodic review of this Policy.

13. Contact Us

For queries, complaints or rights requests relating to this Policy:

  • Company: TeeTrack Ltd, trading as Fescue, a company registered in England and Wales (Company No. 16610438)
  • Email: hello@fescue.club
  • Address: Silverstream House, 45 Fitzroy Street, London, England, W1T 6EB
  • Website: https://fescue.club
  • Response time: We aim to respond within 48 hours; statutory rights requests within one calendar month.
  • ICO registration: TeeTrack Ltd, trading as Fescue is registered with the Information Commissioner's Office as a data controller.