1.Our commitment

We treat the security of your data as a foundational responsibility. We design our systems to limit who can access your data, encrypt it in transit and at rest, and monitor for unusual activity.

2.Data in transit

All communication between the BRD Golf app and our servers is encrypted using industry-standard transport security (TLS 1.2 or higher). Your data is never sent over an unencrypted connection.

3.Data at rest

Your data is stored in secure cloud infrastructure with encryption applied at the storage layer. Backups follow the same protections as production data.

4.Access controls

Access to production systems is restricted to authorised personnel on a least-privilege basis. Administrative actions are logged and reviewed.

5.Authentication

BRD Golf uses passwordless email-based authentication. We do not store your password because there isn't one to store. Session tokens are stored securely on your device and expire periodically.

6.Tenant isolation

Your team's data is logically isolated from other teams'. People can only see content that has been explicitly shared with them through the app — for example, your coach can see your swings because you connected with them.

7.Vulnerability management

We monitor our dependencies and infrastructure for known vulnerabilities and apply patches and updates on a regular cadence. We perform internal review of security-sensitive code paths before changes ship.

8.Incident response

If we become aware of a security incident affecting your data, we will investigate promptly and notify affected users and regulators where required by law.

9.Reporting a vulnerability

If you believe you've found a security issue in BRD Golf, please report it to security@brdlabs.com. We appreciate responsible disclosure and will work with you to resolve the issue.

10.Contact

General questions about our security practices? Email support@brdlabs.com.