Security
Protecting accounts, payments, and equipment data.
GolfAuth handles ownership records, contact details, and payment flows. Here is how we protect that information — and how to reach us if you find a vulnerability.
Practices
Technical and organisational controls
No system is perfectly secure. We invest in layered controls and respond when something goes wrong. Binding detail on personal information sits in our Privacy Policy.
Encryption & access control
Data is encrypted in transit (TLS) and at rest. Passwords are cryptographically hashed. Database row-level security and staff access controls limit who can see user data. Administrative actions are audit-logged.
Account protection
Two-factor authentication is available for accounts. We run dependency vulnerability scanning, code security analysis, and runtime monitoring as part of ongoing engineering practice.
Payments
Card payments are processed by Stripe. GolfAuth does not store full card numbers on our servers. Pro payouts use Stripe Connect so funds go to the professional’s connected Stripe account.
Incidents & notification
We maintain incident response procedures. If a security incident affects your personal information, we will notify you as required by applicable law — including Australia’s Notifiable Data Breaches scheme (APP 11), GDPR Article 34, and equivalent frameworks.
Responsible disclosure
Found a vulnerability?
If you believe you have found a security issue in GolfAuth products or infrastructure, please email us before public disclosure so we can investigate and fix it.
security@golfauth.com
Please include steps to reproduce, affected URLs or apps, and impact if known. Do not include live customer data or secrets in the report.
General product questions go to Contact or support@golfauth.com. Privacy requests: privacy@golfauth.com.

