This page is maintained by the Rift Golf team to answer common questions about how the Rift Series app handles your account, your ball data, and your privacy. It is editable project content — not an independent certification or audit.
Sign-in is handled by our managed backend provider using industry-standard email and password authentication, with optional Google sign-in. Passwords are never stored by the Rift Golf app; they are hashed and managed by the auth provider.
Sessions are stored locally in your browser and can be ended at any time by signing out.
Each Rift ball has a public lookup ID (printed on the ball) and a separate secret claim code (hidden under a sticker). Anyone with the public ID can view a ball's public profile. Only the person holding the secret claim code can claim ownership.
Claim codes are never returned to browsers or third parties through our public APIs. They are accessible only to the secure claim flow and to admins generating new batches.
Round logs, lifetime hits, holes survived, and notes are visible on the public ball profile so you can share your ball's story. Only the ball's owner can add, edit, or delete logs.
Public ball profiles show the ball's nickname, condition, status, round history, and the owner's display name. They do not show your email address, account ID, or any private contact details.
Application data is stored in a managed Postgres database with row-level security enabled. Access rules restrict writes to the data's owner, and sensitive columns such as ball claim codes are revoked from public read access at the database level.
Administrative operations (creating ball batches, assigning roles) are gated by a server-side admin role check, not by client-side flags.
Rift Golf uses only the cookies and local storage required to keep you signed in and to remember your preferences. We do not run third-party advertising trackers in the app.
You can delete individual round logs from your dashboard at any time. To delete your account and associated data, contact us using the address below and we will process the request.
If you believe you've found a security vulnerability in Rift Golf, please report it privately to the team rather than disclosing it publicly. We'll acknowledge your report and work with you on a fix.
Rift Golf is responsible for the security of the application and the data we store. You're responsible for keeping your account credentials safe, keeping your secret claim codes private until you're ready to claim a ball, and signing out on shared devices.