Who we are
ShotRx is operated by 17452217 Canada Inc. (operating as Metriview), based in Outremont, Quebec, Canada. Contact: founders@metriview.info.
What we collect
- Account info — email, display name, avatar (when you sign in with Google or Apple). Password hash if you register with email.
- Golf profile — handicap, typical distances, preferred ball flight, launch monitor used, goals, physical considerations. You enter this in onboarding and can edit or delete it at any time.
- Launch monitor photos — the images you upload for AI analysis. Stored in our encrypted Supabase Storage bucket and attached to your account.
- Session data — extracted metrics (club speed, ball speed, smash factor, launch angle, spin, club path, face angle, attack angle, carry distance), diagnosis text, drill recommendations, notes, tags, ratings, conditions.
- Subscription status — whether you have Full Bag active, from RevenueCat (iOS) or Stripe (web).
- Usage events — which analyses you've run (count + timestamp only), used to enforce the free-tier limit and rate limit.
We do not collect your location, browser fingerprint, advertising ID, or track you across other apps or websites.
How we use your data
- To run the AI analysis: your launch monitor photo + golf profile are sent to Anthropic's Claude API for metric extraction and coaching diagnosis.
- To recommend practice drills and link YouTube videos: the drill title + diagnosis keywords are sent to the YouTube Data API (Google).
- To show your session history, trends, and goals across sessions (the longitudinal tracking is the core product).
- To enforce free-tier limits and rate limits on analyze calls.
- To process subscription payments (Stripe on web, StoreKit via Apple on iOS, validated by RevenueCat).
- To authenticate you (Supabase Auth).
You can turn off AI processing at any time via Settings → Privacy & AI. With it off, no new data leaves your device for Claude or YouTube; existing sessions are preserved.
Who we share data with
ShotRx uses the following third-party processors. Each has their own privacy policy; we minimize what we send.
- Anthropic (Claude API) — your launch-monitor image + golf profile + session context. Anthropic does not train models on API data and does not retain it beyond the request, per their API terms. anthropic.com/legal/privacy
- Supabase — hosts the database, authentication, and encrypted photo storage. EU + US hosting. supabase.com/privacy
- Vercel — hosts the web app. We don't store user data at Vercel; it's only the application runtime. vercel.com/legal/privacy-policy
- Google (YouTube Data API) — drill name + issue keywords, so we can embed the most relevant training video. No personal identifiers sent. policies.google.com/privacy
- Google / Apple Sign-In — only if you choose that sign-in option. We receive your email + name from the provider. No ongoing data exchange.
- RevenueCat — iOS subscription receipt validation. Your Supabase user id links to a RevenueCat customer record. revenuecat.com/privacy
- Stripe — web subscription billing only. Handles card data directly; ShotRx never sees card numbers. stripe.com/privacy
We do not sell your data. We do not share it with advertisers. We do not run any analytics SDK that tracks you across apps.
Your rights
- Access + export — Settings → Data → Export All Data exports every session to CSV.
- Correct — edit your profile (ProfileDrawer) or individual sessions any time.
- Delete — Settings → Danger Zone → Delete Account removes your account, profile, all sessions, all drill recommendations, and all Storage photos. This is irreversible and happens within seconds.
- Revoke AI consent — Settings → Privacy & AI toggle stops all Claude / YouTube calls from your account. Previously-saved sessions remain until you delete them.
- Object / restrict / complain — email us at founders@metriview.info. Quebec residents have additional rights under Law 25 (Quebec private-sector privacy law); EU/UK residents have GDPR rights. We respond within 30 days.
Data retention
Sessions, photos, profile data: kept as long as your account exists. On account deletion, removed within minutes and purged from backups within 30 days. Log entries used for security/abuse prevention may be retained up to 90 days before automatic deletion.
Security
All traffic is HTTPS-only with HSTS. Row-level security on the database prevents users from reading each other's data. Images in Supabase Storage are access-controlled. We don't log image content to edge function logs. See our public GitHub repo for security-audit commits.
Children
ShotRx is not directed at children under 13. We do not knowingly collect data from children. If you're a parent and believe your child has created an account, email us and we'll delete it.
Changes
When we change this policy materially, we'll notify you via email and an in-app banner before the change takes effect. Past versions available on request.
Lounge mode (venue guests)
If you scanned a QR code at a golf simulator lounge or venue, you got a temporary guest session instead of creating a full account. Here's what that means:
- What we collect — your email and first name, and (if you chose to check the box) your consent to receive occasional golf tips and ShotRx news. If you sign in with Google or Apple instead, we receive your email and name from the provider.
- Why — your email lets you claim your swing history later by creating a free account. It also lets us enforce fair-use limits and prevent abuse of the free coaching the venue is providing.
- What the venue sees — aggregate usage only (like how many sessions happened that day). The venue does not see your individual swing data, diagnosis, or contact info.
- How long your session lasts — each venue sets its own guest session duration (typically a few hours), long enough to cover a visit. When it expires, you can scan the QR code again to start a new one.
- Retention — if you never convert your guest session into a full account, we delete your guest data after 13 months, per Quebec Law 25.
- Your rights — same as any user: access, correction, deletion. Email founders@metriview.info to request deletion of your guest data at any time.
Contact
Privacy questions: founders@metriview.info
See also: AI Disclaimer & Legal