Legal
Arrive Golf Privacy Policy
Version 2026-07 · Effective July 5, 2026
Document: Privacy Policy Entity: Arrive Golf, LLC, a Connecticut limited liability company · 1 Southbridge, Cromwell, CT 06416 Version: v2026-07 counsel draft Last updated: July 2026 Effective: [ON COUNSEL APPROVAL]
<!-- COUNSEL DRAFT — pre-launch. This Privacy Policy supersedes the 13-section placeholder currently rendered at /privacy (ArriveGolfWebsite/src/app/privacy/page.tsx). It is drafted to the amended Connecticut Data Privacy Act (PA 25-113, effective July 1, 2026) AS IF the no-floor sensitive-data prong applies to Arrive Golf (dietary/allergy/accessibility + passport intake) — scope conclusion at [COUNSEL #12]. It is a distinctly posted notice, separate from the Terms & Conditions, rendered at /privacy with the version and effective-date lines below; a homepage/footer hyperlink containing the word "privacy" is an owner to-do at ship time (ws2 counsel item 11). Bracketed [COUNSEL #n] flags reference the consolidated counsel list in Legal/research/ws0-critic.md; they are review flags, not placeholders, and must be resolved and removed before publication. Fact base: ws2-privacy-terms.md (verified 39/39), ws7-product-mechanics.md (repo-derived; re-diff against origin/main at publication), ws9 §2 & §4. -->
Your trust matters to us as much as your trip. This policy explains, in plain language, what information we collect, why we collect it, who receives it, how long we keep it, and the things we will never do with it. We wrote it the way we run our trips: precisely, and with nothing hidden.
Three commitments up front, because they shape everything below:
- We do not sell your personal data. To anyone, for any purpose.
- We do not use your personal data for targeted advertising, and we run no advertising trackers. Our analytics are cookieless.
- We do not collect, use, or sell your personal data to train large language models or other artificial-intelligence systems. [COUNSEL #12 — CT PA 25-113 requires an LLM-training statement in the notice; confirm this wording remains accurate against the company's internal AI tooling posture and (once §42-521 DPAs are executed) each processor's terms.]
1. Who We Are and What This Policy Covers
Arrive Golf, LLC ("Arrive Golf," "we," "us") is a Connecticut limited liability company located at 1 Southbridge, Cromwell, CT 06416. We plan and coordinate luxury group golf trips to Cap Cana / Punta Cana, Dominican Republic, for guests across the United States. For the personal data described in this policy, Arrive Golf is the data controller: we decide what is collected and why.
This policy covers our website, your Arrive Golf account, trip inquiries and bookings, payments, our concierge communications (email, text, phone, and, when introduced, WhatsApp), trip photo and video albums, and the companion experience for non-golfing guests. It applies to everyone who uses these services; our trips are sold to customers in the United States, and if you visit from elsewhere your information is processed in the United States as described in Section 5.
This policy is a notice, not a contract: it describes what we actually do. It is posted separately from our Terms & Conditions, and you can always reach it from the "Privacy" link on our homepage and in the footer of every page. Questions, at any time: tom@arrivegolf.com (owner option: a dedicated privacy@arrivegolf.com alias is recommended at launch) or Arrive Golf, LLC, 1 Southbridge, Cromwell, CT 06416.
2. The Information We Collect
We collect information from you, not about you: we do not buy data from brokers, and we do not build profiles from other companies' records. Here is the complete inventory.
Identity and contact details. Your name, email address, and phone number, plus your sign-in credentials (managed by our authentication provider; we never see your password).
Golf profile. Your handicap, GHIN number, and an optional profile photo.
Trip preferences and intake answers. Your answers to the short set of per-trip questions we ask to run your trip well: logistics, preferences, and similar details.
Dining, health, and accessibility details — sensitive information. If you choose to share them, we collect allergies, dietary restrictions, and accessibility needs. We treat these as sensitive data. We collect them only with your explicit consent (a required, versioned consent checkbox at the moment you provide them), we use them only to operate your trip — kitchen and menu planning, safety, and physical accommodations — and they are deleted automatically 90 days after your trip ends. You may revoke this consent as easily as you gave it, and we stop processing the data within 15 days of revocation. [COUNSEL #13 — Washington My Health My Data Act: dietary/allergy data of WA guests is plausibly "consumer health data" (RCW 19.373). Decide: standalone, homepage-linked Consumer Health Data Privacy Policy for WA residents, or strictly-necessary-to-provide-the-requested-service framing, plus whether the kitchen-vendor dietary disclosure (Section 4) is "sharing" requiring separate, distinct consent naming recipient categories. NV SB 370 / NY HIPA analogues in the same pass.]
Travel documents — sensitive information. Where international travel operations require it (resort check-in, transport manifests, golf-course registration), we collect passport details. These receive the same collection treatment — explicit consent, and use for trip operations only. Passport details are kept while your account is active, for your trip operations; they are cleared from your profile when you delete your account or ask us to erase your data (Section 9).
Emergency contacts. The name and phone number of someone to reach if something happens. You confirm you have that person's permission before providing their details. Deleted automatically 90 days after your trip ends.
Companions enter their own details — the trip host never sees them. If you bring a non-golfing companion, we do not ask you for their private information. Your companion receives their own private, expiring invitation link (valid 14 days) and enters their own dining, health, accessibility, and emergency-contact details, with their own consent. The booking host sees only whether the invitation has been completed — never what the companion entered.
Group registration. Group leaders share a private access code; each golfer registers personally and provides their own information. A group leader may give us invitees' names and email addresses so we can send invitations, and nothing more.
Payment information. Payments are handled by Stripe. Your card details are entered directly with Stripe and never touch or reside on Arrive Golf's servers; we keep only limited records such as the amount, status, and a reference to the payment — never your full card number. Section 6 has the details.
Communications. The contents and delivery records of our correspondence with you: emails, text messages and concierge conversations (via Quo, formerly OpenPhone, and Twilio), and records of calls with our concierge team. WhatsApp messaging is planned and will work the same way once introduced (Section 8).
Photos and video — optional, and separable. Trip albums are a keepsake, not a condition. We photograph and film trip moments and host them in private albums only under the optional photo release, which is separate from booking: declining it does not affect your trip in any way. [COUNSEL #19 — finalize the release scope (group albums vs. marketing use split), the prospective-revocation window and group-photo handling (crop/blur/remove the individual), FL §540.08 and other home-state publicity analogues, and confirm no biometric-adjacent processing of albums under amended CTDPA sensitive-data category (C).]
Usage data. Aggregate, anonymous website statistics via Plausible, a cookieless analytics service. It sets no cookies, creates no persistent identifiers, and cannot track you across other sites. Section 7 covers this, and the short list of essential cookies, in full.
3. How and Why We Use Your Information
Every use maps to a purpose you would expect:
| We use your information to | Using |
|---|---|
| Plan and operate your trip: bookings, rooming, tee times, transport, dining, and concierge service | Identity and contact details, golf profile, intake answers |
| Keep you safe and looked after on the ground | Dining, health, and accessibility details; emergency contacts; travel documents — each only with your consent |
| Take and reconcile payments, issue refunds and credits | Payment records (card data stays with Stripe) |
| Send you trip and account messages, and answer your questions | Contact details, communications history |
| Send marketing you asked for — and only that | Contact details, with your prior consent; opt out any time |
| Share trip memories | Album photos and video, only under the optional photo release |
| Keep the platform secure, prevent fraud, and meet our legal obligations | Account activity, payment records, consent and waiver records |
| Understand how the site is used, in aggregate | Cookieless analytics; nothing identifying you |
And the uses we rule out, plainly:
- No sale of personal data. We disclose none of your personal data for money or other consideration, and no categories of personal data are sold to any category of third party.
- No targeted advertising. We do not process personal data for targeted advertising and no advertising pixels or cross-site trackers run on our site. If we ever propose to introduce any, this policy and our consent tooling will be updated first — with notice, opt-outs, and honoring of universal opt-out preference signals — before anything is switched on.
- No AI training. We do not collect, use, or sell your personal data to train large language models or other AI systems.
- No consequential automated decisions. We do not use your personal data for profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
4. Who Receives Your Information
Only who needs it, and only what they need. Two groups touch your data: the infrastructure providers who run the platform, and the on-the-ground partners who deliver your trip.
Platform service providers (subprocessors)
| Provider | Role | What it receives | Region |
|---|---|---|---|
| Supabase | Database, authentication, and file storage | The information described in Section 2, stored under access controls and encryption | United States |
| Stripe | Payment processing | The payment details you enter with Stripe directly; billing identity; its own transaction records | United States (global network) |
| Vercel | Website hosting | Request data in transit as you use the site | United States (global edge) |
| Cloudflare | Security, DNS, and content delivery | Traffic metadata (IP address, request data) | Global edge network |
| Resend | Email delivery | Name, email address, and booking context inside message bodies | United States |
| Quo (formerly OpenPhone) | Concierge texts and calls | Phone number, conversation content, call records | United States |
| Twilio | Text-message delivery (group broadcasts) | Phone number, message content | United States |
| WhatsApp Business (Meta) — planned, not yet in use | International messaging, only if you opt in | Phone number, conversation content | United States / global |
| Mux | Trip-album photo and video hosting | Uploaded album media; your IP address and device details when you view an album | United States |
| Plausible | Web analytics | No personal data — cookieless, aggregate-only statistics | European Union |
| Sentry | Error monitoring | Technical request metadata, with personal-data scrubbing configured | United States |
| Inngest | Scheduled workflows (payment reminders, retention sweeps) | Event identifiers and counts only; content stays in our database | United States |
| BetterStack | Uptime monitoring | Nothing personal — it checks our public pages | — |
[COUNSEL #12 — §42-521 controller-processor agreements: DPA status is PLACEHOLDER for every provider above as of this draft (docs/SUBPROCESSORS.md, migration 0262). Execute CTDPA-conformant DPAs (confidentiality, delete-or-return, compliance demonstration, assessment support) with each before launch, and confirm the processing regions shown here against the executed agreements.]
On-the-ground trip partners in the Dominican Republic
We are proud of how this works, so we will describe it exactly. The resort, golf courses, kitchens, drivers, and excursion operators who deliver your trip never receive an export of your data. Each vendor is issued a private, expiring link to a live "day sheet" scoped to its role — arrivals for drivers, rooming lists for the resort, itineraries and extras for operators, and dietary notes for kitchen and food-and-beverage teams only. Vendors see names and the operational details their role requires, and nothing else: never your email address, and never any payment information. Access defaults to the minimum, every scope is enforced dynamically at the moment the sheet is viewed, disclosures are recorded in an append-only log, links expire seven days after your trip ends, and there are no bulk downloads. When the link expires, the access is gone.
Everyone else
We disclose personal information beyond the above only when the law genuinely requires it (for example, a valid subpoena or court order, or to protect the safety and rights of our guests), or if Arrive Golf is ever part of a merger, acquisition, or sale of assets — in which case your information remains protected by this policy's commitments, and we will notify you before any new policy applies to you.
5. International Transfers
Your information is hosted and stored in the United States. Aggregate, non-identifying analytics are processed in the European Union (Plausible). The only personal data that crosses a border for your trip is the operational minimum disclosed to Dominican Republic ground vendors through the scoped, expiring day-sheet links described in Section 4 — names, rooming, arrivals, itinerary, and kitchen-only dietary notes.
Those disclosures are made under contractual safeguards with each vendor: confidentiality, purpose limitation, and deletion obligations. Dominican Republic law (Law 172-13) also governs those vendors' handling of personal data locally. [COUNSEL #20 — DR local-counsel package: confirm Law 172-13 duties for on-ground vendors and finalize the vendor contract terms; pair with the §42-521 term set from item #12.]
6. Payments
Stripe is our payment processor; Arrive Golf is the merchant of record. When you pay, your card details go directly to Stripe over an encrypted connection and are handled under PCI-DSS standards. They are never stored on, and never pass through, Arrive Golf's own systems. We keep limited payment records — amounts, status, and payment references — to run your booking, handle refunds and trip credits, and meet our bookkeeping obligations.
If you choose automatic balance payment at checkout, your card is saved securely with Stripe and your trip balance is charged to it on the schedule you authorize at checkout, without further action from you. That authorization — shown to you before you pay, and preserved with its version, timestamp, and content — spells out the amount or how it is calculated, the date or event that triggers the charge, and how to change your payment method or cancel before the charge. You can update your saved card from your account at any time. Stripe sets two essential fraud-prevention cookies, disclosed in Section 7. [COUNSEL #18 — stored-credential/negative-option cluster: confirm the checkout disclosure set against the Visa Stored Credential Transaction Framework and ROSCA characterization; Mastercard parallel standards and Reg E (saved debit cards) in the same pass.]
7. Analytics and Cookies
We built the site so you would not need a cookie banner, and you will not see one.
Analytics without cookies. We use Plausible, which sets no cookies, creates no persistent identifiers, stores no personal data, and cannot follow you across the web. We see aggregate patterns — pages viewed, rough geography, referral sources — never individual browsing profiles.
No advertising cookies. None. No ad pixels, no cross-site trackers, no "sharing" of data for behavioral advertising. If we ever propose to add marketing pixels, this policy and our consent tooling will be updated first, and opt-outs (including universal opt-out preference signals such as Global Privacy Control) will be in place before anything fires.
The essential cookies we do use, all strictly necessary:
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
| `sb-*` session cookies | Supabase (first-party) | Keeps you signed in to your account | For your sign-in session |
| `__stripe_mid` | Stripe | Fraud prevention on payments | 1 year |
| `__stripe_sid` | Stripe | Fraud prevention on payments | 30 minutes |
Album viewing. When you view a trip album, photos and video are delivered from Mux's network, which receives your IP address and device details in order to stream the content. Our current implementation sets no Mux cookies. If we adopt Mux's player tooling in the future and that changes, this table will be updated first.
Do Not Track and Global Privacy Control. We do not track visitors across other websites, and no third party collects personal information across sites through our service, so there is nothing for these browser signals to opt out of. If our practices ever change, we will honor them.
8. Texts, Calls, and WhatsApp
Trip messages. With your phone number, we send transactional messages about your booking and trip: confirmations, payment reminders, and day-of logistics. These are part of the service. Even so, you can reply STOP to any text at any time. [COUNSEL/OWNER #60 — confirm A2P 10DLC brand/campaign registration covers the Quo concierge numbers before any SMS sends.]
Marketing texts — only if you ask. We send marketing texts only with your prior express written consent, given separately at sign-up. Consent is never a condition of booking. Message frequency varies; message and data rates may apply; reply HELP for help and STOP to cancel.
Stopping is easy, and immediate. You may revoke consent by any reasonable means — replying STOP, QUIT, END, REVOKE, OPT OUT, CANCEL, or UNSUBSCRIBE to a text, or simply telling us. Our suppression systems apply revocations immediately upon processing, and in all cases within ten business days as federal rules require. You may receive a single confirmation message of your opt-out, and nothing more.
Quiet hours. We send marketing texts only between 8 a.m. and 9 p.m. in your local time zone, and we honor stricter state windows (for example, Florida's 8 a.m.–8 p.m.). [COUNSEL #17 — pending FCC declaratory petition on whether texting quiet hours are "telephone solicitations" under 47 CFR 64.1200(c)(1), and whether FL §501.616(6) ("phone calls," 3-per-24h cap) reaches texts vs. §501.059; the operational posture above is drafted to the stricter reading.]
Calls. Calls with our concierge team are placed through Quo, and we keep records of them — number, time, and conversation notes — to serve you across the trip. [COUNSEL — confirm whether call audio is recorded or transcribed via Quo; if so, add a recording-notice disclosure here and an all-party-consent script for the call flow.]
WhatsApp (planned). When we introduce WhatsApp messaging for international travel, we will message you there only after you opt in to WhatsApp specifically, by name; business-initiated messages will use Meta-approved templates, and blocks and opt-outs will be honored immediately.
A note on email. Trip and account emails are part of the service. Marketing email is sent only to subscribers, always identifies Arrive Golf with our postal address, and always carries a working unsubscribe that we honor within ten business days — usually at once.
9. How Long We Keep It
Our rule is the shortest window that still runs your trip and meets the law. Deletion is enforced by an automated daily sweep, not by good intentions.
| Information | Kept for | How |
|---|---|---|
| Dining, health, and accessibility details | 90 days after your trip ends | Deleted automatically |
| Emergency contacts | 90 days after your trip ends | Deleted automatically |
| Trip intake answers | 90 days after your trip ends | Deleted automatically |
| Travel documents (passport details) | While your account is active, for trip operations | Cleared from your profile on account deletion or erasure request |
| Booking and payment records (seller-of-travel records) | 3 years | Retained as required by law (e.g., Cal. Bus. & Prof. Code §17550.15(f)(3)) |
| Consent records | As required by law — retention window under counsel review | Retained as legal evidence of your consents and opt-outs |
| Waiver and e-signature evidence | As required by law — retention window under counsel review | Retained as legal evidence, in write-once records |
| Communications records (email, text, call) | Under counsel review | Reviewed and pruned manually pending a finalized window |
| Account basics (name, email, golf profile) | While your account is active | Deleted or anonymized on account deletion, subject to the records above |
[COUNSEL #16 / ws0 #56 — every "under counsel review" window above is a placeholder in migration 0260 (placeholder=true); finalize the windows and flip the flags before launch.]
[COUNSEL — travel-document retention posture: the automated 90-day sweep (migration 0260) covers the dining/health/accessibility, emergency-contact, and intake classes; passport details are not an automatic retention class today — they persist while the account is active and are cleared on erasure. Confirm one of: (a) add a passport/government-ID retention class + automatic sweep to the product (queued as a product change), or (b) bless the retained-while-active posture stated above.]
Two honest footnotes. First, a legal hold — litigation, an investigation, or a regulatory demand — pauses deletion for the affected records until the hold clears. Second, deletion requests work the same way: what the law requires us to keep, we keep, and Section 10 tells you exactly what that is rather than letting a "we delete everything" promise imply otherwise.
10. Your Rights and How to Exercise Them
We extend these rights to every Arrive Golf customer nationwide, whatever your state — one standard, honored as written. Connecticut residents hold rights under the Connecticut Data Privacy Act as a matter of law; residents of other states may hold rights under their own laws; and rather than make you look up which apply, we simply grant them to everyone. [COUNSEL #14 / #15 — re-verify the state-threshold table at launch scale (MD MODPA, MT, DE/NH/NJ/IA/TN/MN/IN/KY/RI; FL FDBR $1B floor; HI absence check) and the CCPA CPI-adjusted revenue figure; the voluntary nationwide grant is deliberate per ws2 recommendation.]
You may, at any time:
- Access and export — confirm what personal data we hold about you and receive a copy in a portable, machine-readable format.
- Correct — fix inaccurate or outdated information, either in your account directly or by asking us.
- Delete — ask us to delete your personal data. We will anonymize your identity across our systems (including your name and email), and we will tell you plainly what remains: booking and payment records kept 3 years under seller-of-travel law, consent records, waiver and e-signature evidence, and your opt-out suppressions (which we keep precisely so we never contact you again).
- Revoke consent — withdraw any consent (dining and health details, travel documents, marketing, the photo release) as easily as you gave it. For sensitive data, we stop processing within 15 days of revocation.
- Appeal — if we decline a request, we will explain why, and you may appeal that decision through the same contact channels. If your appeal is denied, you may raise the matter with your state attorney general; Connecticut residents may contact the Connecticut Office of the Attorney General.
- Never face discrimination — exercising your rights will never change your price, your service, or how we treat you.
How to make a request: email tom@arrivegolf.com or use the contact page, from the email address on your account where possible. We verify every request — usually by confirming control of that email — because releasing your data to the wrong person is the failure mode we care most about. An authorized agent may act for you with your written permission, subject to the same verification. We respond within 45 days of a verified request. [COUNSEL #16 — confirm the committed response window (CTDPA 45-day anchor), whether to state the one-time 45-day extension for complex requests, the appeal-decision window, and the final deletion carve-out wording mirroring docs/RETENTION_AND_DSAR.md.]
11. Security and Incident Response
We protect your information with layered, specific measures, not adjectives:
- Encryption in transit and at rest.
- Row-level security in our database, so every query is scoped to the account making it — the four roles on our platform (visitor, golfer, group leader, admin) can each see only what they should.
- Least-privilege vendor access: the scoped, expiring day-sheet links of Section 4 exist so that no trip vendor ever holds a copy of our records.
- Write-once records for consents, waivers, and disclosure logs — evidence that cannot be quietly edited.
- Personal-data scrubbing on error telemetry, and card data isolated entirely to Stripe.
- Heightened handling for sensitive data: dining, health, accessibility, and passport details are consent-gated and minimized to trip operations. Dining, health, accessibility, emergency-contact, and trip-intake details are deleted automatically on the 90-day schedule; passport details are cleared from your profile on account deletion or erasure request (Section 9).
No system is perfectly secure, and we will not pretend otherwise. If a security incident affects your personal information, we will investigate, contain it, and notify you and the relevant regulators consistent with applicable law, without unreasonable delay. [COUNSEL #21 — the state-by-state notification map (CT 60-day, CA/FL 30-day, WA, HI; passport and health data as trigger elements; encrypted-data safe harbors) is maintained as an internal incident-response one-pager, deliberately not promised as day counts here; confirm this posture and the IR plan reference.]
12. Adults Only
Arrive Golf trips are for adults. Our services and marketing are directed to people 18 and older, and we do not knowingly collect personal information from anyone under 18. If we learn we hold a minor's information, we delete it. Because our service is not directed to children under 13 and we knowingly collect no data from them, the Children's Online Privacy Protection Act (COPPA) does not apply to our platform.
13. Changes to This Policy, and How to Reach Us
The version and effective date at the top of this policy tell you exactly which edition you are reading, and the "last updated" line always shows the month and year of the most recent change. When we make a material change, we will email account holders and post the updated policy before it takes effect. Prior versions are archived, and we will provide any of them on request.
Talk to us — about this policy, your data, or anything it covers:
Email: tom@arrivegolf.com (owner option: a dedicated privacy@arrivegolf.com alias is recommended at launch) Mail: Arrive Golf, LLC · 1 Southbridge · Cromwell, CT 06416 Online: the contact page on our site
We would rather answer a question in an hour than let a doubt linger for a day.