Features How It Works Pricing Coaches About Contact
Download App

GDPR Privacy Notice

Last updated: March 17, 2026

1. Introduction and Scope

This GDPR Privacy Notice explains how BowlersAI Inc. ("BowlersAI," "we," "us," or "our") collects, uses, stores, and protects personal data of individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland when they use the BowlersAI mobile application, website, and related services (collectively, the "Service").

BowlersAI is a bowling coaching and analysis application that provides AI-powered coaching, practice tracking, video analysis, voice score entry, and certified coach evaluations. This notice applies to all personal data processed in connection with the Service and supplements our general Privacy Policy.

By using the Service, you acknowledge that you have read and understood this GDPR Privacy Notice. If you do not agree with the practices described herein, please do not use the Service.

2. Data Controller Information

The data controller responsible for your personal data is:

BowlersAI Inc.
Email: partnership@bowlersai.com

BowlersAI Inc. determines the purposes and means of processing your personal data and is responsible for ensuring that processing activities comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws.

3. Legal Bases for Processing

We process your personal data only when we have a valid legal basis under Article 6 of the GDPR. The legal bases we rely on include:

  • Consent (Art. 6(1)(a)): Where you have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications, enabling voice score entry via speech recognition, or sharing your data with a coach.
  • Performance of a Contract (Art. 6(1)(b)): Processing necessary for the performance of a contract to which you are a party, including providing access to the BowlersAI app, managing your account, processing subscription payments through Stripe, and delivering AI coaching features.
  • Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by your rights and freedoms. This includes improving our Service, ensuring security and fraud prevention, analyzing usage patterns to enhance the user experience, and maintaining the app's infrastructure.
  • Legal Obligation (Art. 6(1)(c)): Processing necessary for compliance with a legal obligation, such as tax and accounting requirements or responding to lawful requests from public authorities.

4. Categories of Personal Data Processed

We may collect and process the following categories of personal data:

  • Identity Data: Name, email address, profile photo, and user ID as provided during account registration via Firebase Authentication or Google Sign-In.
  • Contact Data: Email address used for account communication and support requests.
  • Payment Data: Subscription status, payment history, and transaction identifiers processed through Stripe. We do not store full credit card numbers or banking details; these are handled directly by Stripe.
  • Bowling Performance Data: Scores, practice session logs, game statistics, evaluations, ball specifications, spare systems, and coaching notes entered by you or your coach.
  • Media Data: Videos and photos recorded within the app for bowling analysis, and audio captured through voice score entry via speech recognition.
  • AI Interaction Data: Conversations, queries, and responses exchanged with the BowlersAI assistant powered by Firebase Vertex AI.
  • Coach-Student Data: Coaching relationship information, shared evaluations, session notes, and communication between coaches and students within the platform.
  • Technical Data: Device type, operating system version, app version, IP address, device attestation tokens, and diagnostic information.
  • Usage Data: Feature usage patterns, session durations, navigation paths, and interaction data collected through Firebase Analytics.
  • Sync Data: Data synchronized across your devices via iCloud/CloudKit, including all locally stored bowling data and preferences.

5. Purposes of Processing

We process your personal data for the following purposes:

  • Providing, maintaining, and improving the BowlersAI app and its features.
  • Creating and managing your user account and authenticating your identity.
  • Processing subscription payments and managing billing through Stripe.
  • Delivering AI-powered bowling coaching and analysis via Firebase Vertex AI.
  • Enabling video recording and analysis for bowling technique review.
  • Processing voice input through speech recognition for score entry.
  • Facilitating coach-student relationships and data sharing.
  • Synchronizing your data across your Apple devices via iCloud/CloudKit.
  • Sending push notifications and service-related communications.
  • Analyzing usage trends and improving app performance through Firebase Analytics.
  • Ensuring app security, preventing fraud, and verifying device integrity via DeviceCheck and App Attest.
  • Complying with legal obligations and responding to lawful requests.

6. Data Recipients and Third-Party Processors

We share your personal data with the following categories of recipients, each acting as a data processor on our behalf or as an independent data controller where applicable:

  • Google LLC / Firebase: Provides authentication (Firebase Auth), database storage (Cloud Firestore), file storage (Firebase Storage), analytics (Firebase Analytics), push notifications (Firebase Cloud Messaging), AI services (Firebase Vertex AI), serverless functions (Cloud Functions), and app security (App Check). Google processes data in accordance with its Data Processing Terms.
  • Stripe, Inc.: Processes subscription payments, manages billing, and handles credit card transactions. Stripe acts as both a data processor (for payment processing on our behalf) and an independent data controller (for its own fraud prevention and compliance obligations). Stripe is PCI DSS Level 1 certified.
  • Apple Inc.: Provides iCloud/CloudKit for cross-device data synchronization, DeviceCheck for device attestation, App Store for app distribution, and StoreKit for review prompts. Apple processes synced data under its own privacy policy when you enable iCloud.
  • Coaches (where applicable): If you opt into a coach-student relationship, your designated coach may access your bowling performance data, session logs, evaluations, and videos as necessary to provide coaching services.

We do not sell your personal data to third parties. We only share data with third parties as described above and as necessary to provide the Service.

7. International Data Transfers

BowlersAI Inc. is based in the United States. If you are located in the EEA, UK, or Switzerland, your personal data will be transferred to and processed in the United States and other countries where our service providers operate.

We ensure that international transfers of personal data are protected by appropriate safeguards in accordance with the GDPR, including:

  • Standard Contractual Clauses (SCCs): We rely on the European Commission's Standard Contractual Clauses as the primary transfer mechanism for data transferred outside the EEA.
  • EU-U.S. Data Privacy Framework: Where applicable, our processors (including Google and Stripe) may also rely on their certification under the EU-U.S. Data Privacy Framework.
  • Supplementary Measures: We implement additional technical and organizational measures, including encryption in transit and at rest, to ensure the continued protection of your data.

You may request a copy of the safeguards we have in place by contacting us at partnership@bowlersai.com.

8. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The specific retention periods are as follows:

  • Account Data: Retained for the duration of your account. Upon account deletion, your data is removed from our active systems within 30 days, except where retention is required by law.
  • Bowling Performance Data: Retained for the duration of your account and deleted upon account deletion request.
  • Media (Videos and Audio): Retained in Firebase Storage for the duration of your account. Deleted upon account deletion request within 30 days.
  • AI Conversation History: Retained for the duration of your account to provide continuity in coaching. Deleted upon account deletion.
  • Payment and Transaction Data: Retained for a minimum of 7 years after the transaction date as required by tax and accounting regulations.
  • Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely. Identifiable analytics data is retained for up to 14 months in accordance with Firebase Analytics defaults.
  • iCloud/CloudKit Data: Managed by Apple under your iCloud account settings. Deleting data from the app removes it from iCloud sync.
  • Backup Copies: May persist in encrypted backup systems for up to 90 days after deletion from active systems.

9. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
  • Right to Rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17): You have the right to request deletion of your personal data where there is no compelling reason for continued processing ("right to be forgotten").
  • Right to Restriction of Processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
  • Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to Object (Art. 21): You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  • Right to Lodge a Complaint (Art. 77): You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you believe that processing of your personal data violates the GDPR.

10. How to Exercise Your Rights

To exercise any of the rights described above, please contact us at:

Email: partnership@bowlersai.com

When submitting a request, please include your full name, email address associated with your BowlersAI account, and a description of the right you wish to exercise. We may need to verify your identity before processing your request.

We will respond to your request within 30 days. If your request is complex or if we receive a high volume of requests, we may extend this period by an additional 60 days, in which case we will notify you of the extension and the reasons for it.

You may also delete your account and associated data directly within the BowlersAI app by navigating to your account settings and selecting the account deletion option.

There is no fee for exercising your rights. However, we may charge a reasonable fee for manifestly unfounded or excessive requests, or refuse to act on such requests, in accordance with the GDPR.

11. Automated Decision-Making and Profiling

BowlersAI uses artificial intelligence through Firebase Vertex AI to provide bowling coaching suggestions, technique analysis, and performance insights. This AI assistant processes your bowling data, session history, and conversational input to generate personalized coaching recommendations.

Important disclaimer: The AI coaching assistant provides suggestions and analysis for informational and educational purposes only. It does not make decisions that produce legal effects or similarly significantly affect you. All AI-generated coaching advice should be considered as supplementary guidance, not as professional instruction.

The AI assistant does not make any automated decisions regarding your account status, subscription access, or any other matter with legal or significant effects. Subscription and payment decisions are handled through standard processes with human oversight.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. If you have concerns about automated processing, please contact us at partnership@bowlersai.com.

12. Children's Data

BowlersAI is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent.

If a child under 16 wishes to use BowlersAI, a parent or legal guardian must provide consent and create and manage the account on the child's behalf. The parent or guardian is responsible for overseeing the child's use of the Service and any data shared through coach-student features.

If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that data as promptly as possible. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at partnership@bowlersai.com.

13. Cookie Policy

The BowlersAI website (bowlersai.com) may use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for the website to function properly, including session management and security features. These cookies do not require consent.
  • Analytics Cookies: Used through Firebase Analytics to understand how visitors interact with our website, helping us improve the user experience. These cookies are set only with your consent.
  • Preference Cookies: Store your preferences such as theme selection (light/dark mode). These cookies enhance your experience but are not essential.

The BowlersAI mobile app does not use cookies. It uses device-local storage (SwiftData) and cloud storage (Firebase, iCloud) to maintain your session and data.

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect the core functionality of the website.

14. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All data is encrypted in transit using TLS/SSL and at rest within Firebase and iCloud storage systems.
  • Authentication Security: Firebase Authentication with secure token management, including automatic token refresh and session validation.
  • Device Attestation: App Attest and DeviceCheck verify the integrity of devices accessing the Service, preventing unauthorized or tampered access.
  • Secure Credential Storage: Sensitive credentials are stored using the iOS Keychain, which provides hardware-backed encryption.
  • Access Controls: Firebase Security Rules restrict data access to authorized users. Firestore rules ensure users can only access their own data unless explicit coach-student sharing is established.
  • Payment Security: All payment processing is handled by Stripe, which is PCI DSS Level 1 certified. We never store full credit card numbers on our systems.
  • Regular Security Reviews: We periodically review our security practices and update them as necessary to address emerging threats.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents.

15. Data Breach Notification Procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Supervisory Authority: We will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR.
  • Notify Affected Individuals: If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, as required by Article 34 of the GDPR. Notification will include a description of the nature of the breach, the likely consequences, and the measures taken or proposed to address it.
  • Document the Breach: We will maintain a record of all data breaches, including the facts, effects, and remedial actions taken, regardless of whether notification to the supervisory authority is required.
  • Remediation: We will take immediate steps to contain the breach, assess the risk, and implement measures to prevent recurrence.

16. Changes to This Policy

We may update this GDPR Privacy Notice from time to time to reflect changes in our data processing practices, legal requirements, or operational needs. When we make material changes, we will:

  • Update the "Last updated" date at the top of this notice.
  • Notify you through the app or by email if the changes significantly affect how we process your personal data.
  • Where required by law, obtain your consent before implementing changes that affect the legal basis for processing.

We encourage you to review this notice periodically to stay informed about how we protect your personal data.

17. Contact and DPO Information

If you have any questions, concerns, or requests regarding this GDPR Privacy Notice or our data processing practices, please contact us:

BowlersAI Inc.
Email: partnership@bowlersai.com

Data Protection Officer (DPO) Contact:

Email: partnership@bowlersai.com

We are committed to working with you to resolve any concerns about your privacy and data protection. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.