FORMAT

Privacy Policy

Last updated: April 29, 2026

FORMAT ("we", "us", "our") operates the FORMAT mobile application and the website at playformat.app (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

1. Information we collect

We collect only what we need to run the Service:

Account information

  • Email address — used to identify your account, send sign-in verifications, and (rarely) important service notices.
  • Display name — shown to other players in rounds you join.
  • Profile photo URL — only when you sign in with Google or Apple, and only the URL provided by that provider.
  • Authentication provider — whether you signed up with email/password, Google, or Apple (used to route re-authentication).
  • Email verification status — to know when to stop showing the verification reminder.

Usage information

  • Saved formats (favorites) — the list of golf formats you mark as favorites.
  • Rounds you create or join — round code, format chosen, wager amount, player list, side bet selections.
  • Push notification token — a hashed device token used to send you round-related notifications you opt into.

Payment information

  • Web purchases (Stripe): When you upgrade to FORMAT Pro through our website, Stripe processes the payment. We receive and store: a Stripe customer ID, a payment intent ID, and the timestamp of activation. We never see or store your full card number — Stripe handles that directly.
  • iOS purchases (Apple In-App Purchase): Apple processes the payment. We receive and store: a transaction ID, an original transaction ID, and the activation timestamp. We never see your Apple ID billing details — Apple handles that directly.
  • Pro entitlement state — whether your account currently has Pro access, and the source (web or iOS).
  • Refund / revocation events — if a payment is refunded or revoked, we record the date and reason so we can correctly disable Pro access.

Device and analytics information

  • Advertising identifier (IDFA, iOS only): Used by the Meta SDK to attribute app installs and measure ad effectiveness — only after you grant permission through Apple's App Tracking Transparency prompt. If you decline, the IDFA is not used.
  • Approximate IP address: Used by our rate limiter to prevent abuse. IPs are stored ephemerally (≤ 1 minute window) and never retained beyond that.
  • App platform (web, iOS, Android): Recorded with the push token so we can send platform-appropriate notifications.

2. How we use your information

  • Provide the Service: account sign-in, format browsing, round invites, payouts, push notifications you opt into.
  • Process payments: via Stripe (web) or Apple (iOS); grant Pro access; handle refunds correctly.
  • Improve the app: understand which features are used (only via aggregate, non-identifying analytics where applicable).
  • Communicate with you: verify email, send round-related push notifications you opted into, respond to support requests.
  • Prevent abuse: rate-limit auth attempts and API calls to protect your account and our infrastructure.
  • Comply with the law: respond to lawful requests; maintain payment records as required by tax / consumer-protection regulations.

3. Service providers we share data with

We share the minimum necessary information with the following processors:

  • Google Firebase — account authentication, real-time database (Firestore), push notification delivery (FCM). Privacy.
  • Stripe — web payment processing. Privacy.
  • Apple — iOS App Store payments, Sign in with Apple. Privacy.
  • Meta (Facebook) SDK — install attribution and ad measurement on iOS, only with your ATT consent. Privacy.
  • Vercel — web hosting and edge delivery. Privacy.
  • Upstash — rate-limit storage (IP-keyed, ephemeral). Privacy.

We do not sell your personal information to anyone.

4. Data retention

We keep your account data for as long as your account is active. When you delete your account from inside the app (Profile → Delete Account):

  • Your account, profile, email, favorites, and push tokens are permanently deleted within minutes.
  • Your name is removed from rounds you created (replaced with "Deleted user") so co-players still see their game history, but you are no longer identifiable.
  • Your purchase records are deleted.
  • Aggregated, non-identifying logs (e.g. server access logs) may be retained for security and debugging for up to 30 days.
  • Payment processor records (Stripe, Apple) are retained by those companies according to their own policies and applicable tax / consumer-protection law.

5. Your rights

Depending on where you live, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Deletion — delete your account in-app at any time; this immediately removes your personal data.
  • Correction — update your display name and email through the app or by contacting us.
  • Withdraw consent — turn off ATT tracking at any time in iOS Settings → FORMAT → Allow Tracking.
  • Portability — request an export of your data by emailing support@playformat.app.
  • Object / restrict processing — contact us to object to specific processing.
  • Lodge a complaint — if you are in the EEA / UK, you may complain to your national data protection authority. If you are in California, you have the rights described in the CCPA / CPRA.

6. Children

FORMAT is not intended for children under 13 (or under 16 in the EEA/UK). We do not knowingly collect data from children. If you believe a child has created an account, contact support@playformat.app and we will delete it promptly.

7. International transfers

Our processors may store and process data in the United States and elsewhere. Where required, we rely on the European Commission's Standard Contractual Clauses or our processors' equivalent safeguards.

8. Security

We use industry-standard practices: HTTPS for all network traffic; encryption at rest for Firebase and payment processor data; least-privilege access controls; rate limiting on authentication endpoints; secrets rotated on a regular schedule. No system is 100% secure — if we ever experience a breach affecting your data, we will notify you and the relevant authorities as required by law.

9. Artificial intelligence (AI / ML)

FORMAT does not currently use any artificial intelligence, machine learning, or large language model features. Our format randomizer uses a standard pseudo-random number generator (not AI). If we add AI-powered features in the future (for example, smart recommendations), we will:

  • Update this policy with details on what data is sent to AI providers and for what purpose.
  • Give you a choice to opt in or out where required by law.
  • Never use your personal data to train third-party AI models without your explicit consent.
  • Comply with applicable AI regulations (EU AI Act, state-level AI laws).

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be communicated through an in-app notice or email.

11. Contact us

For privacy questions, data requests, or to exercise any of your rights:
support@playformat.app

View Terms of UseBack to home