Legal

Privacy Policy

Last updated: June 2026

Redswing Systems LLC (“Redswing,” “we,” “our,” or “us”) operates the Redswing platform at redswing.io. This Privacy Policy explains what personal information we collect, how we use it, and the rights you have regarding your data. It applies to event organizers who create accounts, players and donors who register for events through the platform, and visitors to our website.

1. Information we collect

We collect personal information in several categories depending on how you interact with the platform.

1.1 Account and organizer information

When you create an organizer account, we collect your name, email address, phone number, organization name, and any other details you provide during account setup.

1.2 Event registration and participant data

When players or donors register for events through Redswing, the organizer collects participant information using the platform, including name, email address, phone number, team name, and responses to any custom registration questions the organizer has added. Redswing stores this information on behalf of the organizer.

1.3 Payment and financial information

We collect payment amounts, Stripe payment identifiers, and payout records associated with event transactions. We do not store credit card numbers, bank account numbers, or other sensitive payment credentials — all card and bank data is handled and secured directly by Stripe.

Payment card information qualifies as “sensitive personal information” under California privacy law. We use it only to process transactions and maintain required financial records; we do not use it for any other purpose.

1.4 SMS consent records

When a participant provides their phone number and SMS consent during event registration, we record whether consent was given, the timestamp of that consent, the exact consent language that was displayed, and the IP address of the device used to submit the form. We retain these records for at least five years as required by the FTC Telemarketing Sales Rule (16 C.F.R. § 310.5).

1.5 Scoring and event activity data

We collect golf scores submitted through the platform, auction bids, leaderboard data, and fundraising totals associated with each event.

1.6 Tax and charitable contribution records

We generate and store IRS quid pro quo disclosure text based on fair market value information provided by organizers. This disclosure text is stored on each registration record and included in confirmation emails.

1.7 Usage and technical data

We collect information about how you use the platform, including pages visited, features used, and event page impressions. We also collect standard technical information such as browser type, operating system, and IP address. We use cookies and similar technologies — see Section 8 for details.

1.8 AI-generated content inputs

When an organizer requests a post-event report, we send aggregated or anonymized event data (fundraising totals, registration counts, scoring summaries) to Anthropic's Claude AI to generate the report. We do not send individual participant names, email addresses, phone numbers, or payment details to Anthropic for this purpose.

2. How we use your information

We use the information we collect for the following purposes:

  • Processing event registrations, donations, sponsorships, and auction purchases on behalf of event organizers
  • Sending transactional emails such as registration confirmations, donation receipts, and event updates
  • Sending SMS text messages to participants who have provided explicit prior express written consent
  • Generating IRS quid pro quo disclosures at checkout and storing them on registration records
  • Generating AI-assisted post-event fundraising reports for organizers
  • Providing organizers with analytics about their events including registration counts, fundraising totals, and leaderboard data
  • Maintaining financial records required for tax compliance
  • Improving and operating the Redswing platform
  • Preventing fraud and enforcing our Terms of Service
  • Complying with applicable law, legal process, or government requests

We do not sell your personal information to third parties. We do not use participant or donor data for advertising, behavioral targeting, or any purpose unrelated to the event you registered for or the platform's operation.

We do not use personal information to make automated decisions that produce legal or similarly significant effects about individuals. Our AI tools generate organizer-facing summaries and reports only, and are not used to make decisions about any individual participant or donor.

3. Data sharing and service providers

We share personal information only with the following service providers who help us operate the platform. Each receives only the data necessary to perform their specific function and is prohibited from using it for any other purpose.

  • Stripe (Stripe Payments Company): Payment processing, identity verification for connected organizer accounts, and fund disbursement. Stripe holds applicable money transmitter licenses. Your card and bank information is stored by Stripe, not Redswing. Stripe's privacy policy governs its handling of your payment data. Connected organizer accounts are also subject to the Stripe Connected Account Agreement.
  • Twilio: SMS message delivery. Your phone number is transmitted to Twilio solely to deliver event-related text messages to participants who have consented. SMS opt-in data and consent are not shared with Twilio or any other party for marketing or promotional purposes — only for message delivery.
  • Resend: Transactional email delivery, including registration confirmations and receipts.
  • Supabase: Cloud database and authentication infrastructure. All application data is stored in Supabase's PostgreSQL databases hosted on Amazon Web Services, with encryption at rest and in transit.
  • Vercel: Web hosting, serverless functions, and edge delivery of the platform.
  • Anthropic: AI model services used to generate post-event fundraising reports for organizers. We transmit aggregated or anonymized event data — not individual participant PII — for this purpose.

Event organizers can access data related to their own events, including registrant names, contact information, and payment records, for the purpose of managing their events. Organizers are independently responsible for their own use of this data and must comply with applicable privacy laws.

We may disclose personal information if required by law, subpoena, court order, or other legal process. If Redswing is acquired, merged, or its assets transferred, personal information may transfer as part of that transaction. We will provide advance notice before information becomes subject to a materially different privacy policy.

4. SMS communications (TCPA)

Redswing sends SMS text messages to event participants only when they have provided prior express written consent during the event registration process. The consent disclosure identifies the sender, describes the types of messages that may be sent, discloses that automated technology may be used, states that message and data rates may apply, describes approximate message frequency, and confirms that consent is not a condition of purchase or participation.

Consent records are stored per participant and include the timestamp of consent, the exact disclosure language displayed, and the IP address of the submitting device. We retain these records for a minimum of five years as required by 16 C.F.R. § 310.5.

To opt out: Reply STOP to any text message you receive, or email hello@redswing.io. We also accept opt-outs via the contact methods in Section 13. We will process opt-out requests within ten business days and will send one confirmation message only. Opting out does not affect your event registration or participation.

We never send SMS to participants who have not consented. Our platform enforces this rule at the database level — all batch SMS queries filter exclusively for participants with recorded consent.

Standard message and data rates may apply. Message frequency varies by event.

Text messaging originator opt-in data and consent will not be shared with any third parties or affiliates for their marketing or promotional purposes. The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties. Mobile opt-in information may be shared only with service providers (such as Twilio) that assist Redswing in delivering event-related text messages, and solely for that purpose.

5. Artificial intelligence and automated tools

Redswing uses Anthropic's Claude AI model to generate post-event fundraising reports for event organizers. When an organizer requests a report, we send aggregated event data (total registrations, total funds raised, event format, anonymized scoring summaries) to Anthropic's API to generate the report narrative. We do not send individual participant names, email addresses, phone numbers, or payment details to Anthropic for this purpose.

AI-generated reports are produced for organizer use only and are not used to make automated decisions about individual participants or donors. The content of AI-generated reports does not constitute legal, tax, or financial advice.

Anthropic's handling of data submitted to its API is governed by Anthropic's privacy policy and API data usage terms.

6. Data retention

We retain different categories of information for different periods based on the purpose of collection and applicable legal requirements:

  • Financial and transaction records (payments, donations, platform fees): Seven years, to support IRS tax compliance and audit requirements.
  • IRS quid pro quo disclosure records: Seven years, matching the retention period for the underlying charitable contribution records.
  • SMS consent records: Five years from the date of consent, as required by the FTC Telemarketing Sales Rule (16 C.F.R. § 310.5).
  • Event registration and participant contact data: For the duration of the organizer's account and up to three years after account closure, unless earlier deletion is requested (subject to legal retention obligations above).
  • Scoring and leaderboard data: Indefinitely for historical event records unless deletion is requested.
  • Account information: For the duration of the organizer's account and for a reasonable period after closure.
  • Technical and security logs: Up to 90 days for operational and security purposes.

7. Your privacy rights

Depending on where you live, you may have certain rights regarding your personal information. We honor these rights regardless of your state of residence.

Right to know

You may request information about the categories of personal information we have collected about you and the purposes for which we use it.

Right to access

You may request a copy of the specific personal information we hold about you.

Right to correction

You may request that we correct inaccurate personal information we hold about you.

Right to deletion

You may request deletion of personal information we hold about you. We will comply unless we are required to retain it by law — for example, we must retain financial records for seven years for IRS compliance.

Right to opt out of sale or sharing

We do not sell your personal information and do not share it for cross-context behavioral advertising. No opt-out is needed because we do not engage in these activities.

Non-discrimination

We will not deny services, charge different prices, or provide a lower quality of service because you exercised a privacy right.

How to exercise your rights

Contact us at hello@redswing.io or via the web form at redswing.io/privacy-request. We will respond to verified requests within 45 days and may extend by an additional 45 days with notice. You may designate an authorized agent to make a request on your behalf by providing written authorization.

8. Cookies and tracking technologies

Redswing uses cookies and similar technologies to operate the platform:

  • Strictly necessary cookies: Required for authentication, session management, and core platform functionality. These cannot be disabled without affecting platform operation.
  • Analytics: We may use analytics tools to understand platform usage in aggregate. We configure these as service providers — they do not use data collected on our platform for advertising or cross-site behavioral tracking.

We do not use third-party advertising pixels, retargeting pixels, or social media tracking pixels. We do not share your browsing activity on Redswing with advertisers.

If your browser sends a Global Privacy Control (GPC) signal, we treat it as a valid opt-out of any data uses that would constitute "sharing" under California law. You can also manage cookies through your browser settings.

9. Security

We protect your personal information using industry-standard practices including: encrypted connections (TLS/HTTPS) for all data in transit; encryption at rest for database-stored data; row-level security policies limiting data access to authorized users; and access controls restricting employee access on a need-to-know basis. We do not store full payment card numbers or bank credentials — all sensitive financial data is held by Stripe.

No security system is impenetrable. If you believe your account has been compromised, contact us immediately at hello@redswing.io.

10. Data breach notification

In the event of a security breach resulting in unauthorized access to personal information, we will notify affected individuals within 30 calendar days of discovering the breach, consistent with California Civil Code § 1798.82 (as amended by SB 446, effective January 1, 2026). Where required by applicable state law, we will also notify relevant state attorneys general.

We require our data subprocessors to notify us of any breach involving our data within 72 hours of discovery, so that we can meet our obligations to you.

11. Children's privacy

The Redswing platform is intended solely for use by persons 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 13. If we learn we have collected personal information from a child under 13, we will delete it promptly. Please contact us at hello@redswing.io if you believe we may have collected information from a minor.

12. California-specific disclosures

This section provides additional disclosures required for California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Cal. Civil Code § 1798.100 et seq.

Categories of personal information collected in the past 12 months: Identifiers (name, email, phone, IP address); customer records (registration and payment history); commercial information (transaction amounts); internet or other network activity (usage data, page views); inferences (event analytics); and sensitive personal information (payment card data processed by Stripe).

We do not sell or share personal information as those terms are defined under California law, and we do not use it for cross-context behavioral advertising.

Retention periods are set forth in Section 6 above.

California residents may exercise the rights described in Section 7. We will respond within 45 days, with a possible 45-day extension upon notice.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above. For material changes affecting registered organizers, we will send email notice to accounts on record. Your continued use of the platform after the updated policy takes effect constitutes acceptance of the revised policy. We review this policy at least annually.

14. Contact us

For questions about this Privacy Policy, to exercise your privacy rights, or to report a security concern, contact us through any of the following: