Gimme

Privacy Policy

Effective Date: March 17, 2026 Last Updated: March 19, 2026

Gimme ("we," "us," or "our") operates the tee time monitoring and booking assistance service at gimmeteetimes.com (the "Service"). This Privacy Policy describes how we collect, use, share, and protect your information when you use the Service.

We are based in California. By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

Information You Provide

  • Account Information: When you create an account using Google OAuth, we receive your name and email address from Google.
  • Golf Course Credentials: If you use the auto-booking feature, you may provide login credentials for third-party golf course booking websites. These credentials are encrypted at rest using AES-256-GCM encryption. See Section 5 for details.
  • Booking Profile Information: To complete tee time bookings, you may also provide additional profile information such as phone number, mailing address, postal code, and country. This information is stored alongside your credentials and transmitted to golf course booking systems when executing a booking on your behalf.
  • Watch Configurations: Courses, dates, times, player counts, and other preferences you set for tee time monitoring.

Information Collected Automatically

  • Server Logs: Our hosting provider (Vercel) automatically collects standard server log data, which may include your IP address, browser type, and the pages you visit. These logs are used for security and debugging purposes.
  • Push Notification Tokens: If you enable push notifications, we collect and store the push subscription endpoint and associated keys provided by your browser or device's push notification service. These are used solely to deliver notifications you have configured.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Monitor tee time availability, send alerts, and execute bookings based on your configurations.
  • Communicate with You: Send transactional notifications including tee time alerts, booking confirmations, and email digests. These are core to the Service and are enabled by default. Push notifications may be delivered through your browser or device's push notification infrastructure (such as Apple Push Notification Service, Google Firebase Cloud Messaging, or Mozilla Push Service) and include payload content necessary to render the alert.
  • Process Payments: If we introduce paid tiers in the future, manage subscriptions and billing through a third-party payment processor.
  • Improve the Service: Analyze anonymized usage patterns to improve features and performance.
  • Maintain Security: Detect, prevent, and respond to fraud, abuse, and security incidents.

3. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We do not share your data with advertisers or data brokers. We do not use your data for profiling or targeted advertising.

We share information with the following categories of service providers who process data on our behalf:

ProviderPurposeData Shared
SupabaseDatabase hostingAccount data, watch configurations, encrypted credentials
VercelApplication hostingServer logs (IP address, browser type, pages visited)
GoogleAuthenticationOAuth tokens (name, email)
ResendTransactional emailEmail address, notification content
StripePayment processing (if paid tiers are introduced)Email address, payment method
SentryError monitoringError traces, request metadata (we minimize personal data but cannot guarantee its complete absence in error context)
UpstashJob scheduling and rate limitingWatch and polling metadata, rate-limit counters keyed by user identifier
MapboxLocation search and geocodingSearch queries (city, ZIP code, or location text) entered when browsing courses
DiscordOperational monitoring (internal)System alerts containing watch identifiers and error codes (no direct personal data under normal operation)

Golf Course Booking Systems

When you enable auto-booking, your golf course login credentials and booking profile information (such as name, email, phone number, and address) are transmitted to the applicable third-party booking system to execute the booking you configured. This transmission is initiated by you through the Service. The specific fields transmitted vary by provider and may include your name, email address, phone number, mailing address, and postal code.

4. Cookies and Tracking Technologies

  • Essential Cookies: We use a session cookie to maintain your authenticated session. This cookie is necessary for the Service to function and cannot be disabled.
  • No Analytics Cookies: We do not currently use analytics tools that set cookies or collect personal information.
  • No Third-Party Tracking: We do not use third-party tracking cookies, advertising pixels, or similar technologies.

If we add analytics tools in the future, we will update this policy accordingly.

5. Credential Security

Because the auto-booking feature requires storing your golf course login credentials, we take additional security measures:

  • Encryption at Rest: Credentials are encrypted using AES-256-GCM with a dedicated encryption key that is separate from other application secrets.
  • Encryption in Transit: All data transmission uses TLS encryption.
  • Limited Access: Credentials are decrypted only during active booking operations and are never stored in decrypted form.
  • No Logging: Credentials are never written to application logs, error reports, or monitoring systems.
  • Deletion on Request: You may delete your stored credentials at any time. Upon account termination, all stored credentials are permanently deleted.

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee the absolute security of your credentials, and you provide them at your own risk.

6. Data Retention

  • Account Data: We retain your account information for as long as your account is active.
  • Credentials: Stored credentials are deleted promptly upon your request or upon account termination. We aim to complete deletion within 24 hours under normal operating conditions.
  • Server Logs: Our hosting and monitoring providers retain server logs for their standard retention periods, typically up to 90 days. We do not independently control third-party log retention schedules.
  • After Account Deletion: Upon account deletion, we will remove your personal data from our active database systems within 30 days. Some data may persist in encrypted backups or third-party provider systems for a limited period as part of standard infrastructure operations. Data may also be retained as required by law.

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your account and personal data by contacting us at privacy@gimmeteetimes.com. Upon request, we will delete your data within 30 days, subject to legal retention requirements.
  • Credential Removal: Delete your stored golf course credentials at any time through the Service.
  • Communication Preferences: While tee time alerts and booking notifications are core to the Service, you can manage your notification preferences in your account settings.

To exercise any of these rights, contact us at privacy@gimmeteetimes.com.

8. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@gimmeteetimes.com.

9. Security

We implement reasonable technical and organizational measures to protect your personal information, including:

  • Encryption at rest and in transit (TLS)
  • Dedicated encryption for stored credentials (AES-256-GCM)
  • Access controls and authentication
  • Security monitoring and logging

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your information.

10. Security Incidents

If we become aware of a security breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law. Notification will be sent to the email address associated with your account. Where a breach involves stored credentials, we will also notify affected users directly with guidance on securing their third-party accounts.

11. California Residents

We are based in California and provide the following disclosures for California residents.

Categories of Information Collected

  • Identifiers (name, email address)
  • Contact and profile information (phone number, mailing address, postal code — if provided for booking)
  • Internet or network activity (server logs)
  • Third-party account credentials (if provided for auto-booking)

Categories Shared with Third Parties

  • Identifiers are shared with service providers listed in Section 3 for the purposes described.
  • Credentials are shared with golf course booking systems only when you initiate a booking.

We do not sell or share personal information as defined under the California Consumer Privacy Act. We do not use personal information for profiling or automated decision-making. If we meet CCPA/CPRA applicability thresholds in the future, we will update this policy to comply with those requirements.

Do Not Track

The Service does not track users across third-party websites. We do not respond to Do Not Track browser signals because we do not engage in the type of cross-site tracking that such signals are designed to prevent.

Right to Know

California residents have the right to know what personal information is collected about them. Contact us at privacy@gimmeteetimes.com to make a request.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days notice via the email address associated with your account. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

We will make prior versions of this Privacy Policy available upon request.

13. Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact us at:

Email: privacy@gimmeteetimes.com