Privacy Policy
SundayPinGolf — A product of Stymi Solution Sdn Bhd
Effective Date: January 2025
This Privacy Policy explains how Stymi Solution Sdn Bhd ("Company", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use our SundayPinGolf mobile application ("App"). We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR), Malaysia's Personal Data Protection Act 2010 (PDPA) as amended in 2024, and other applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
Stymi Solution Sdn Bhd
Registration No: 1662615-K
Email: support@sundaypin.com
Country: Malaysia
2. Personal Data We Collect
2.1 Account Information
When you create an account, we collect:
- Email address (required for account creation and recovery)
- Password (stored in encrypted form only)
- Apple ID identifier (if using Sign in with Apple)
- Account creation timestamp
2.2 Golf Performance Data
When you use the App to track your golf rounds, we collect the data you input:
- Round information (date, course name, tee played)
- Shot data (club used, distances, lie type, shot result)
- Scores and hole-by-hole data
- Notes and tags you add to rounds
2.3 Technical Data
We automatically collect certain technical information:
- Device type and operating system
- App version
- Error logs and crash reports (anonymized)
2.4 Payment Information
We do not directly collect or store payment card details. All payments are processed securely through Apple's App Store. We receive only confirmation of your subscription status.
3. Legal Basis for Processing
- Performance of Contract: Processing necessary to provide you with the golf analytics service you registered for.
- Consent: Where we request your explicit consent, such as for marketing communications.
- Legitimate Interests: To improve our services, ensure security, prevent fraud, and conduct internal analytics using aggregated, anonymized data.
4. How We Use Your Data
We use your personal data to:
- Provide and maintain the SundayPinGolf service
- Calculate your golf statistics and performance analytics
- Authenticate your account and secure your data
- Process your subscription and manage your membership
- Communicate with you about service updates or changes
- Respond to your enquiries and support requests
- Improve our App based on aggregated, anonymized usage patterns
We do not use your data for:
- Selling to third parties
- Targeted advertising from external advertisers
- Profiling for purposes unrelated to golf analytics
5. Data Storage and Security
5.1 Storage Location
Your data is stored securely using Supabase cloud infrastructure. Data may be processed on servers located in Singapore and/or the United States. By using our service, you consent to this transfer.
5.2 Security Measures
- All data transmitted between your device and our servers is encrypted using TLS/SSL
- Passwords are hashed using industry-standard algorithms and never stored in plain text
- Row Level Security (RLS) ensures you can only access your own data
- Golf performance data is stored with pseudonymous identifiers (UUID)
- Regular security reviews and updates
- Access to personal data is restricted to authorised personnel only
6. Data Retention
- Active accounts: Your data is retained for as long as your account remains active.
- Account deletion: Upon account deletion, all personal data and golf performance data are permanently deleted within 30 days.
- Anonymized data: Aggregated, fully anonymized statistics may be retained for service improvement purposes.
7. Your Rights
Under GDPR and PDPA, you have the following rights:
- Right to Access: Request a copy of all personal data we hold about you.
- Right to Rectification: Request correction of inaccurate personal data.
- Right to Erasure: Request deletion of your personal data ("right to be forgotten").
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Restrict Processing: Request limitation of how we process your data.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at support@sundaypin.com. We will respond within 30 days.
8. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and authentication | Account data, golf data |
| Apple App Store | App distribution, payments | Purchase transactions |
| Apple Sign In | Authentication | Apple ID identifier |
We do not sell, rent, or trade your personal data to third parties.
9. International Data Transfers
As our service uses cloud infrastructure, your data may be transferred to and processed in countries outside Malaysia, including Singapore and the United States. We ensure appropriate safeguards are in place for such transfers.
10. Children's Privacy
Our service is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe your child has provided us with personal data, please contact us at support@sundaypin.com.
11. Data Breach Notification
In the event of a personal data breach, we will:
- Notify the relevant supervisory authority within 72 hours
- Notify affected users without undue delay if high risk
- Document the breach and remedial actions taken
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the Effective Date and notify you via email or in-app notification.
13. Contact and Complaints
For privacy enquiries or to exercise your rights, contact us at support@sundaypin.com.
If you are unsatisfied with our response, you may lodge a complaint with:
- Malaysia: Personal Data Protection Department (JPDP) — pdp.gov.my
- European Union: Your local Data Protection Authority