Privacy policy

Effective Date: 28 November 2025

This Privacy Policy explains how POTENTIALLY GOLF LTD (referred to as “Potentially,” “we,” “us,” or “our”) collects, uses, and protects user data in connection with the Potentially App and related services.

We are committed to protecting your privacy and handling your data in an open and transparent manner, consistent with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR).

1. Information We Collect

We collect different types of information depending on how you use our services:

A. Information You Provide Directly

  • Account Information: When you create an account, we collect personal identifiers such as your name, email address, and authentication credentials.

  • Voluntary Information: Any other information you voluntarily provide, such as feedback, support inquiries, or information supplied for marketing campaigns (e.g., additional contact details or preferences).

B. Service Data

  • Usage and Performance Data: Data generated through your interaction with the app, including actions taken, app settings, performance metrics (e.g., statistical outputs from the Round Data Agent), goals set, and progress tracking information.

  • Technical Identifiers: User IDs generated by our underlying authentication and database platforms for tracking and service delivery.

C. Information Collected from Third-Party Tools

We use professional third-party services and platforms to run our back-end infrastructure and marketing operations. These platforms may collect and process information on our behalf:

  • Authentication and Database Services (e.g., Firebase): This includes data related to your user sessions, secure authentication tokens, and all structured Service Data stored in our database. This information is processed on enterprise-grade cloud infrastructure.

  • Marketing and Communications Platforms (e.g., Squarespace): This includes names and email addresses used to send newsletters, promotional materials, and product updates based on your consent or legitimate interest.

2. How We Use Your Information

We use the information we collect for the following purposes:

  1. To Provide and Improve the Service (Core Functionality): To manage user accounts, deliver the core functionality of the Potentially App (including running the multi-agent system, calculating performance metrics, and delivering personalised coaching plans). This includes processing your Service Data and sending it to secure external application programming interfaces (APIs) or AI models to generate the required analytic, strategic, and narrative feedback which forms your personalised coaching. We continuously analyse this data to enhance the app's efficiency, accuracy, and effectiveness.

  2. Security and Operations: To maintain the security, stability, and reliability of our back-end infrastructure, diagnose technical issues, and prevent fraud.

  3. Communication and Marketing: To respond to your requests, inform you about changes to our terms or policies, and send you marketing communications about new features or offerings, provided you have opted in or we have a lawful basis to do so.

3. Sharing Your Information

We do not sell your personal data. We only share your information with third parties in the following limited circumstances:

  • Service Providers: We share data with third-party service providers (like our cloud infrastructure, external AI models, email marketing platform, and analytics tools) who process data strictly on our behalf to help us operate the business. These providers are obligated to protect your data.

  • Legal Compliance: If required to do so by law, court order, or governmental authority, we may disclose your information.

  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. International Data Transfers

The data we collect may be processed and stored on servers located outside of the UK or European Economic Area (EEA), such as those used by our enterprise-grade cloud service providers (e.g., Google/Firebase, Squarespace).

When transferring your data internationally, we take appropriate steps to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws. This often includes implementing standard contractual clauses (SCCs) or relying on other legally approved transfer mechanisms.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, misuse, or alteration. We rely on the security protocols provided by our enterprise-grade infrastructure partners (such as Firebase) to ensure robust protection of your data.

6. Your Data Protection Rights (UK/EU)

Under UK GDPR and EU data protection laws, you have specific rights regarding your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.

  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.

  • Right to Erasure ('Right to be Forgotten'): You have the right to request the deletion of your personal data under certain conditions.

  • Right to Restriction of Processing: You have the right to request that we limit the way we use your personal data.

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

  • Right to Object: You have the right to object to the processing of your personal data in certain situations, particularly where we rely on legitimate interests.

To exercise any of these rights, please contact us using the details below.

7. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection representative:

POTENTIALLY GOLF LTD Email: clubhouse@potentiallygolf.com

Address: 19 South Grove, Sale, Manchester M33 3AT

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO), if you believe your data protection rights have been violated.