Last updated: 15 July 2026
Privacy Policy
TeeTrack Ltd, trading as Fescue · Company No. 16610438
This Privacy Policy sets out how TeeTrack Ltd, trading as Fescue processes personal data in connection with the Fescue platform and mobile application. It applies to all users, including individual golfers, golf club administrators, Authorised Users, and junior members.
Privacy Policy in Plain English
Here's what you actually need to know:
What we collect:
- Your name, email, club membership details, handicap index and golfing preferences
- Golf activity: scores, scorecards, round history, competition results
- Booking information and payment references (full card data handled by PCI-compliant partners)
- Contact details, membership details and EPOS wallet balances
- Device info and usage analytics to improve the platform
- Location data when you enable GPS features
- Junior member data (with parental consent) for safeguarding
What we don't do:
- Sell your data to third parties (ever)
- Share your personal info for unrelated marketing
- Store full card details on our systems
- Send marketing without your consent
Your rights:
- Access a copy of all your data
- Correct anything that's inaccurate
- Request deletion of your data
- Receive your data in a portable format
- Object to processing or complain to the ICO
Got questions? Contact us at hello@fescue.club. We aim to respond within 48 hours.
1. Who We Are
TeeTrack Ltd, trading as Fescue, a company registered in England and Wales (Company No. 16610438) with registered office at Silverstream House, 45 Fitzroy Street, London, England, W1T 6EB. Where we determine the purpose and means of processing your personal data, we act as the data controller.
We process personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018. If you have any concerns, contact us at hello@fescue.club.
2. Information We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account & Profile | Name, title, email, club membership details, handicap index, CDH number, golfing preferences, date of birth, gender | Account management and personalised experience |
| Golf Activity | Scores, scorecards, round history, competition results, performance statistics, WHS handicap data | Performance tracking, competition administration, WHS™ data submission |
| Booking Information | Tee time reservations, courses visited, booking preferences, payment references | Booking facilitation and transaction management |
| Contact Information | Home, mobile and work telephone numbers, email addresses (primary and alternative), postal address | Communications and member services |
| Payment Information | Transaction records, last four card digits, EPOS wallet balances, billing records, direct debit mandates (full card data processed by PCI-compliant payment partners) | Payment processing and record-keeping |
| Membership Details | Membership category, join date, locker number, storage authorisations (buggy, trolley, club), membership status, leaving date | Member administration and club operations |
| Location Data | GPS coordinates during rounds (when enabled), postcode-derived distance-from-club data, course location data | GPS features, course mapping, member map, distance calculations |
| Device & Usage | Device type, OS, app version, usage analytics, IP address, log files | Platform performance, bug fixing, product improvement |
| Communications | Support queries, feedback and correspondence | Customer support and service improvement |
| Junior Member Data | Date of birth, parental/guardian contact details (name, email, telephone), parental consent records | Age verification, safeguarding, and parental communication |
| Special Category Data | Health-related information where provided (e.g. medical suspension notes) | Member administration where disclosed by the club; processed with enhanced security controls |
3. Legal Basis for Processing
- Contractual necessity: To deliver the Fescue Services you have signed up for and fulfil our obligations under these Terms.
- Legitimate interests: To improve and secure the Platform, prevent fraud, conduct analytics and operate our business effectively. We have balanced our legitimate interests against your rights and freedoms.
- Consent: For marketing communications and optional features such as location tracking. You may withdraw consent at any time through your Account settings or by contacting us.
- Legal obligation: To comply with regulatory requirements, payment processing rules and other legal duties.
- Vital interests / safeguarding: Where processing is necessary to protect the vital interests of a child or vulnerable person.
4. How We Share Your Information
4.1 Golf Clubs and Governing Bodies
Where you use Fescue in connection with golf club membership, competitions or handicap management, we share relevant data (such as your name, handicap index and scores) with the relevant Golf Club, and where applicable, with licensed Governing Body platforms including the WHS™ Clubhouse. This sharing is necessary to provide the Services and, where required, to ensure compliance with Governing Body licensing obligations. The Governing Body's privacy notice will be made available to Users accessing WHS™ data, as required under the applicable licence.
4.2 Payment Processors
We work with PCI-DSS-compliant payment service providers who process transactions securely. Full card data is not stored on Fescue systems.
4.3 Service Providers and Sub-processors
We engage third-party service providers who support our infrastructure under strict data processing agreements. All sub-processors handling personal data outside the UK or EEA are subject to appropriate international transfer safeguards (see Section 11).
| Provider | Service | Data Processed |
|---|---|---|
| Supabase Inc. | Cloud database, authentication, and backend infrastructure | All member and platform data |
| Resend Inc. | Transactional and club email delivery | Name, email address |
| Square Inc. | Payment processing and EPOS integration | Payment data, transaction records |
| Retell AI Inc. | AI voice concierge services (Wendy) | Member name, booking and account data during calls |
| Mapbox Inc. | Mapping and geolocation for member map functionality | Postcode-derived coordinates |
| OneSignal Inc. | Push notification delivery | Device token, notification content |
| Median.co | Mobile application hosting and wrapper services | App usage data |
4.4 Legal Requirements
We may disclose personal data where required by law, in connection with legal proceedings, or to establish, exercise or defend legal rights.
4.5 Business Transfers
In the event of a merger, acquisition or sale of assets, personal data may be included in the transferred assets. We will notify Users via email or a prominent platform notice in advance.
4.6 No Sale of Data
Your personal data is never sold or shared for unrelated third-party marketing purposes.
5. Data Storage and Security
Fescue's primary systems and data are hosted by Supabase Inc. in the United States. Some supporting services also operate from the United States (see Section 4.3). Where personal data is transferred outside the UK, appropriate safeguards are in place, including the UK International Data Transfer Agreement (IDTA) or equivalent mechanisms (see Section 11).
Payment data is handled by PCI-DSS-compliant partners and is not stored on Fescue's primary systems. We implement technical and organisational security measures appropriate to the risk, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Role-based access controls (RBAC) and Row Level Security (RLS) policies on all database tables
- Multi-factor authentication for administrative access
- Regular security assessments and vulnerability reviews
- Audit logging of access to and modification of personal data
- Staff training on data protection obligations
- Incident detection and response procedures
6. Data Retention
We retain personal data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes and enforce our agreements. When data is no longer required, it is securely deleted or anonymised. Users may request deletion at any time (see Section 7).
Indicative retention periods:
| Data Category | Retention Period |
|---|---|
| Active member records | Duration of membership plus 2 years following resignation or termination |
| Financial and transaction records | 7 years from the transaction date (HMRC / Companies Act 2006 requirement) |
| Deceased member records | 2 years from date of death notification |
| Junior member records | Until the member reaches 18, then treated as adult member records |
| Backup and audit logs | Up to 90 days beyond the applicable primary retention period |
7. Your Rights Under UK GDPR
| Right | Description |
|---|---|
| Right of Access | Request a copy of the personal data we hold about you. |
| Right to Rectification | Request correction of inaccurate or incomplete data. |
| Right to Erasure | Request deletion of your data where it is no longer necessary, you withdraw consent, or it has been unlawfully processed (subject to legal retention obligations). |
| Right to Restrict Processing | Request that we restrict processing in certain circumstances. |
| Right to Data Portability | Receive your data in a structured, machine-readable format and transmit it to another provider. |
| Right to Object | Object to processing based on legitimate interests, and to direct marketing at any time. |
| Right to Withdraw Consent | Withdraw any consent you have provided at any time, without affecting the lawfulness of prior processing. |
| Right to Complain | Lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/concerns · 0303 123 1113. |
To exercise any of the above rights, contact us at hello@fescue.club. We will respond within one calendar month. We may verify your identity before processing a request.
8. Cookies and Analytics
We use the following cookies and equivalent technologies:
| Cookie | Duration | Purpose |
|---|---|---|
| Essential Service Cookies | Session to 1 year | Required for Platform functionality: authentication, session management and preference storage. |
| Analytics Cookies | Up to 24 months | Usage analytics — aggregated and anonymised where possible. |
| Third-Party Cookies | Varies | Set by payment processors and service partners. Controlled by those third parties — see their respective policies. |
You may manage cookies through your browser or device settings. Disabling certain cookies may affect Platform functionality. For further information: www.aboutcookies.org.
9. Marketing Communications
Where required by law, we will only send marketing communications with your consent. You may withdraw consent and opt out at any time by:
- Using the unsubscribe link in any marketing email
- Adjusting preferences in your Account settings
- Contacting hello@fescue.club
Essential service communications (booking confirmations, account alerts, billing notices) are not affected by marketing opt-outs.
10. Children and Junior Members
Fescue supports junior golf club memberships, including members under the age of 13 and those aged 13 to 17. Where junior members are registered through a golf club, the golf club acts as the data controller for those members and is responsible for obtaining appropriate parental or guardian consent.
Where Fescue processes personal data relating to junior members as a data processor on behalf of a golf club, we apply enhanced security controls and access restrictions to that data.
Personal data relating to junior members (including date of birth and parental contact details) is processed solely for the purpose of club membership administration and safeguarding. It is not used for marketing or shared with third parties except as required to provide the Services.
Parents or guardians who believe their child's personal data has been provided without their consent should contact us at hello@fescue.club. We will investigate and delete data promptly where appropriate.
Fescue does not knowingly create accounts directly accessible to children under the age of 13 without parental consent and club authorisation.
11. International Data Transfers
Several of Fescue's sub-processors are based in the United States, which means your personal data may be transferred to and processed in the United States when you use the Platform.
Where such transfers occur, Fescue ensures that appropriate safeguards are in place, including:
- The UK International Data Transfer Agreement (IDTA) or addendum to the EU Standard Contractual Clauses, as applicable
- Binding contractual obligations on sub-processors to maintain equivalent data protection standards
A full list of sub-processors and their locations is set out in Section 4.3. Fescue will notify users of any material changes to its sub-processor arrangements.
Fescue shall not transfer personal data to any country or territory without ensuring adequate protection is in place.
12. Changes to This Policy
We may update this Policy to reflect changes in our practices, technology, sub-processors, or legal requirements. Updates will be posted with a revised "Last Updated" date. Where changes are material, we will notify Users by email or through a prominent platform notice. We encourage periodic review of this Policy.
13. Contact Us
For queries, complaints or rights requests relating to this Policy:
- Company: TeeTrack Ltd, trading as Fescue, a company registered in England and Wales (Company No. 16610438)
- Email: hello@fescue.club
- Address: Silverstream House, 45 Fitzroy Street, London, England, W1T 6EB
- Website: https://fescue.club
- Response time: We aim to respond within 48 hours; statutory rights requests within one calendar month.
- ICO registration: TeeTrack Ltd, trading as Fescue is registered with the Information Commissioner's Office as a data controller.