chippa
Legal

Privacy Policy

Chippa keeps your data the way you would want your scorecard kept: close to you. Here is exactly what the app does, and does not do, with your information.

Last updated: 18 May 2026

1. Who we are

Chippa is a golf scorecard app built and operated by Benji, a company registered in The Netherlands (“Chippa”, “we”, “us”). Benji is the data controller responsible for the personal data described in this policy.

For any privacy question, or to exercise your rights, contact us at maarten.developer@gmail.com.

2. The short version

Chippa is built to need as little of your data as possible. In summary:

  • There are no accounts and no login. You never give us an email, a password, or a profile.
  • Everything you record (players, courses, rounds and scores) is stored on your device, not on our servers.
  • We run no analytics, no advertising, and no third-party trackers.
  • Data only leaves your device when you choose an action that needs it: scanning a scorecard photo, or sharing a round.

The sections below explain each of those in full.

3. Data stored on your device

As you use Chippa, the app saves the following on your phone, in local storage that only the app can read:

  • Names you enter for yourself and the other players you score for.
  • Course names, round names, hole counts and dates.
  • Scores and shot details for each hole and each player.
  • Your app settings and whether this device owns “Chippa Pro”.

This data stays on your device. It is not uploaded to us, it is not backed up to our servers, and we cannot see it. It remains until you delete the round in the app or uninstall Chippa, which removes it permanently. Your device’s own system backup (for example iCloud) may include the app’s data. That backup is governed by the platform provider’s privacy policy, not ours.

4. Scanning a scorecard

Chippa can fill in a hole’s par values from a photo of a printed scorecard. This feature is entirely optional and only runs when you tap to use it. When you do:

  • The app uses your device camera to take one photo. We access the camera only for this. Chippa never opens your photo library.
  • That photo, plus the number of holes you entered, is sent over an encrypted connection to our API at api.chippa.app (hosted on Cloudflare).
  • Our API forwards the image to Anthropic, the provider of the Claude AI model, which reads the par numbers from it.
  • Only the extracted par numbers are returned to your app. We do not store the photo on our servers after processing it.
  • The request also carries a randomly generated device identifier and an app-integrity token (Apple App Attest on iOS). These contain no personal information and exist only to stop automated abuse of the feature.

Because the photo is processed by an AI service, keep the camera on the scorecard and avoid capturing anything you would not want processed this way.

5. Sharing a round

Chippa lets you share a finished round as a link. This is optional and only happens when you tap Share. When you do:

  • A snapshot of that round (player names, course name, hole pars, and each player’s scores) is uploaded to our API and stored by Cloudflare.
  • You get a link containing a random code. Anyone who has that link can open the round and view or import it; there is no password.
  • Treat a share link like the scorecard itself. It includes player names, so only send it to people you would happily show the round to.
  • Shared rounds are stored indefinitely so old links keep working. To have a shared round removed, contact us at maarten.developer@gmail.com.

6. In-app purchases

“Chippa Pro” is sold through your device’s app store (currently Apple’s App Store). Payment is handled entirely by the store provider. Chippa never sees your card details, billing address, or store account. The app only learns whether this device owns Chippa Pro, and stores that yes/no answer locally. Your purchase is governed by the store provider’s own privacy policy and terms.

7. What we do not collect

To be unambiguous, Chippa does not:

  • require or store an account, email address, or password;
  • use any analytics, crash-reporting, or usage-tracking SDK;
  • show advertising or share data with advertisers;
  • use cookies or third-party trackers;
  • access your location, contacts, photo library, microphone, or health data.

8. Why we are allowed to process this data

Under the EU General Data Protection Regulation (GDPR), our legal bases are:

  • Performance of a service you ask for (Art. 6(1)(b)): processing a scorecard photo or publishing a share link happens only because you requested that action.
  • Our legitimate interests (Art. 6(1)(f)): the device identifier and app-integrity token are processed to protect the scan feature from abuse and keep it available to everyone.

We do not process special categories of personal data.

9. Service providers

We share data only with the providers needed to run the features above, and only the data each one needs:

  • Cloudflare, Inc.: hosts our API and stores shared-round snapshots and anti-abuse records.
  • Anthropic, PBC: processes scorecard photos to extract par values, as the operator of the Claude AI model.
  • Apple Inc.: processes in-app purchases.

These providers may process data in the United States. Where they do, the transfer is covered by the European Commission’s Standard Contractual Clauses or an equivalent safeguard.

10. How long we keep data

  • On-device data: kept until you delete it or uninstall the app; we hold no copy.
  • Scorecard photos: not retained by our API after the par values are extracted.
  • Shared rounds: kept indefinitely so links remain valid; removed on request.
  • Anti-abuse records: the device attestation record lasts for the lifetime of the app install; short-term rate-limit counters expire automatically within days.

11. Your rights

If you are in the EU/EEA, the GDPR gives you the right to access, correct, erase, restrict, or object to our processing of your personal data, and the right to data portability. Because most of your data lives only on your device, you already exercise many of these rights directly. Editing or deleting a round in the app changes or erases that data immediately.

For data held by us (shared rounds), email maarten.developer@gmail.com and we will action your request. You also have the right to lodge a complaint with the Dutch data protection authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

12. California residents

If you are a California resident, the CCPA/CPRA gives you the right to know what personal information we collect, to request its deletion, and not to be discriminated against for exercising those rights. The sections above describe everything we collect. We do not sell or share your personal information, and we have not done so in the past 12 months. To make a request, email maarten.developer@gmail.com.

13. Children

Chippa is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data (for example, as a named player in a shared round), contact us and we will remove it.

14. Security

On-device data is protected by your device’s own storage protections. All communication with our API uses encrypted HTTPS connections, and the scan feature is additionally protected by app-integrity attestation (Apple App Attest on iOS). One honest limitation: a shared-round link is protected only by its random code. Anyone you give the link to can open it, so share links thoughtfully.

15. Changes to this policy

If we change this policy we will update the “last updated” date above, and flag any significant change in the app or on this page. Continuing to use Chippa after a change means you accept the updated policy.

16. Contact

Questions, requests, or concerns about privacy? Email us at maarten.developer@gmail.com. This policy is governed by the laws of The Netherlands.