Legal

Privacy Policy

Last updated: March 2026

Albatross (“we,” “our,” or “us”) provides an AI-powered sales automation platform for golf course event management. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, visit our website, or interact with emails sent through our platform.

By using Albatross, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the service.

1. Data We Collect

We collect the following categories of information:

1.1 Event Buyer Information

  • Name, email address, and phone number (provided via email inquiries)
  • Event details: date, guest count, event type, catering preferences, and special requests
  • Engagement signals: email opens, proposal views, and interaction timestamps

1.2 Golf Course Manager Information

  • Name and email address of the General Manager (GM) or authorized staff
  • Golf course business details: name, address, menu configuration, and pricing
  • Gmail OAuth credentials (see Section 3 for details)

1.3 Payment Information

  • Payment processing is handled entirely by Stripe. We receive transaction confirmations (amount, date, status) but never store credit card numbers, CVVs, or full bank account details.

1.4 Automatically Collected Data

  • IP address, browser type, and device information
  • Pages visited and interaction patterns on our website
  • Session cookies for authentication (see our Cookie Policy)

2. How We Use Your Data

  • To process event inquiries and generate proposals on behalf of golf courses
  • To facilitate communication between event buyers and golf course managers
  • To process deposit payments via Stripe
  • To send transactional emails (proposals, confirmations, receipts)
  • To improve our AI models and service quality (no personally identifiable information is used in model training)
  • To comply with legal obligations and enforce our Terms of Service

3. Gmail OAuth Integration

Albatross connects to your golf course’s Gmail account via Google OAuth 2.0 to send and receive emails on behalf of the General Manager. We request the following scopes:

  • gmail.readonly — To read incoming event inquiry emails
  • gmail.send — To send proposals and confirmations as the GM
  • gmail.modify — To mark processed emails as read and manage labels

We store OAuth refresh tokens securely and encrypted at rest. Gmail access can be revoked at any time by the GM through their Google Account settings or by contacting us. We do not access emails unrelated to event inquiries. Our inbox poller filters only for messages matching event-related criteria.

4. Stripe Payment Processing

All payment processing is handled by Stripe, Inc., which is PCI DSS Level 1 compliant — the highest level of certification in the payment card industry. Albatross does not store, process, or have access to full credit card numbers. We receive only transaction metadata (amount, status, date, and a truncated card identifier) for record-keeping purposes.

5. Third-Party Services

We use the following third-party services to operate Albatross:

  • OpenAI — For email classification and draft generation. We do not send personally identifiable information (PII) in prompts. Event details are anonymized or abstracted before processing.
  • Stripe — For secure payment processing (see Section 4).
  • Google (Gmail API) — For email integration on behalf of golf course managers (see Section 3).

Each third-party provider operates under their own privacy policy. We encourage you to review their policies directly.

6. Cookies

We use minimal, essential cookies for session management and CSRF protection on our dashboard. We do not use third-party tracking cookies. For full details, see our Cookie Policy.

7. Data Retention

We retain event and transaction data for a period of 3 years from the date of the event, unless a longer retention period is required by law. After this period, data is securely deleted.

You may request early deletion of your data at any time by contacting us (see Section 10). Upon receiving a valid deletion request, we will remove your personal data within 30 days, except where retention is required for legal or compliance purposes.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

  • Right of Access — Request a copy of the personal data we hold about you
  • Right to Rectification — Request correction of inaccurate or incomplete data
  • Right to Erasure — Request deletion of your personal data
  • Right to Restrict Processing — Request that we limit how we use your data
  • Right to Data Portability — Receive your data in a structured, machine-readable format
  • Right to Object — Object to processing of your data for certain purposes

To exercise any of these rights, please contact us at hello@albatross.golf. We will respond to your request within 30 days.

9. CAN-SPAM Compliance

All emails sent through Albatross comply with the CAN-SPAM Act. Specifically:

  • Emails are sent from an identifiable sender (the golf course’s GM) with accurate header information
  • Subject lines accurately reflect the content of the email
  • All emails include an unsubscribe mechanism allowing recipients to opt out of future communications
  • Opt-out requests are honored within 10 business days

10. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us at:

hello@albatross.golf

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of the service after changes constitutes acceptance of the updated policy.