PRIVACY POLICY

PewScore LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, the PewScore mobile app, and related services (collectively, the "Service").

1. Information We Collect

Information you provide:

• Account Information: Email address and display name. Sign-in is supported via Apple Sign In, Google, magic link, or email and password.
• Phone Number: If you choose to link a competition shooter profile (USPSA, PCSL, or IDPA), we collect your phone number to verify your identity and prevent profile abuse. Your phone number is transmitted to Twilio, Inc. solely to send a one-time verification code; it is not used for marketing. You may unlink your profile at any time, and your phone number is deleted when you delete your account.
• Profile Information: Optional shooter-type and division preferences you select during onboarding so we can tailor the Coach experience.
• Linked Shooter Profile: If you link a competition profile, we retrieve your public organization match history, scores, and profile data to calculate your rating and personalize your experience. This data is sourced through Competitive Metrics LLC, a third-party data analytics company.
• Coach Conversations: When you chat with the AI Coach, your messages and the Coach's responses are processed and stored to provide the Service (for example, keeping your conversation history available). We analyze conversations — primarily with automated tools, and occasionally by limited human review — to improve the Coach's accuracy, safety, and helpfulness. All analysis runs on our own infrastructure. Raw conversation transcripts are retained for up to 90 days; aggregated, non-identifying quality metrics may be kept longer. Deleting your account permanently removes your conversation history and message logs.
• AI Coach Notes. When you chat with the PewScore AI Coach, the Coach may automatically save notes about details you choose to share — such as your general (city/region-level) location, home range or club, training goals, equipment, and skill details you report (for example, a draw or split time). These notes are derived only from messages you voluntarily send to the Coach; we do not record audio, access your contacts, or collect this in the background. Your notes evolve as you do — when you provide updated information, it replaces the earlier value.
• Video Submissions: If you use the Stage Plan video coaching feature (Pro tier), you may upload video recordings of your stage runs. These are stored securely and processed by our coaching pipeline. You may delete submissions at any time.

Information collected automatically:

• Shooting Performance Data: Match results, scores, and statistics from sanctioned competitions. This data is provided to PewScore by Competitive Metrics LLC, a third-party data analytics company.
• Calculated Data: Ratings, rankings, and tier classifications derived from your performance.
• Usage Data: Features used and general interaction with the Service, collected via PostHog (see Section 4). We use this data to understand how the app is used and to improve the Service.
• Device Identifiers: We may collect your device's vendor identifier (IDFV) and basic hardware information to manage app security and session continuity. We do not use the Advertising Identifier (IDFA) and we do not track you across other companies' apps or websites.
• Location: If you grant location permission, PewScore accesses your device's precise location to find shooting matches and clubs near you. It is used only while you are using the app for this feature; you can decline or revoke it in Settings and the nearby-matches feature simply won't surface local results. The general (city/region) location the Coach may note is separate and derived only from what you choose to tell the Coach.
• Diagnostics & Crash Data: We collect crash logs and basic performance/diagnostic data (via Sentry — see Section 4) to detect and fix stability and performance problems. This data may be linked to your account to help us reproduce issues; it is never used for advertising.
• Health & Workout Data (Apple Watch): If you use the PewScore Apple Watch app and grant permission, we read your heart rate and active energy during a Shot Timer session and save the session to the Apple Health app as a workout. We also use wrist-motion data to detect shots. Health and motion data is processed on your devices and stored in Apple Health (HealthKit) under Apple's protections — it is not transmitted to PewScore servers, is never used for advertising or marketing, and is never shared with or sold to third parties. You can revoke access at any time in the Health app or Settings, and you can delete saved workouts directly in Apple Health.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your PewScore account
• Calculate and display your performance ratings
• Display leaderboards and rankings
• Send account-related notifications (verification codes, important updates)
• Improve our services and develop new features
• To personalize your AI Coach — remembering your context between sessions, and, where you enable social or nearby features, helping connect you with local matches or other members.
• Prevent fraud and ensure fair competition

3. Information Displayed Publicly

The following information may be displayed on public leaderboards:

• Your display name
• Your current rating and tier
• Your ranking position
• General location (state level only)

Your email address and Coach conversations are never displayed publicly.

4. Information Sharing

We do not sell your personal information. We do not share your data with third-party data brokers and we do not use your data for cross-app or cross-site advertising.

HealthKit data is never shared. Data obtained through Apple HealthKit (heart rate, active energy, workouts) stays on your devices and in Apple Health. We do not use HealthKit data for advertising, marketing, use-based data mining, or any purpose other than recording your Shot Timer sessions as workouts, and we never disclose it to any third party.

Generating your Coach responses and notes involves AI processing the text of your Coach messages. This runs primarily on our own first-party infrastructure (our self-hosted models); if those are temporarily unavailable, processing may fall back to a third-party AI provider (see Anthropic, PBC below). In that case your Coach prompts are sent without your name, email, or device identifier, and the provider does not train its models on PewScore traffic.

We may share information with:

• Service Providers (sub-processors): Third-party infrastructure that helps us operate the Service. Each is contractually obligated to protect your data and may only process it on our instructions.
  • Supabase — authentication and primary database
  • Cloudflare — API edge, CDN, and DDoS protection
  • Twilio, Inc. — SMS delivery for phone verification. Twilio receives your phone number solely to send a one-time code; it does not store or use it for any other purpose.
  • Anthropic, PBC — large-language-model inference for the PewScore Coach when our self-hosted models are unavailable. Coach prompts are sent without your name, email, or device identifier; Anthropic does not train its models on PewScore traffic.
  • PostHog, Inc. — product analytics. PostHog receives anonymized usage events (e.g. features tapped, tabs visited). No personally identifiable information is sent. App users can opt out by contacting us at privacy@pewscore.com; website visitors may also manage PostHog analytics consent at any time via the "Privacy choices" link in the pewscore.com footer (see Section 10, Website Analytics & Cookies).
  • Apple Inc. — in-app purchases and subscription billing via StoreKit. Apple processes payment information directly; PewScore does not receive or store your payment card details.
  • RevenueCat, Inc. — subscription management and purchase-receipt validation across platforms. RevenueCat receives your App Store transaction/receipt and an app-generated user identifier to determine your subscription status; it does not receive your payment card details.
  • Sentry (Functional Software, Inc.) — crash reporting and performance monitoring. Sentry receives diagnostic data (crash stack traces, performance metrics, device and OS type) and an identifier to help us fix bugs and improve stability.
  • Competitive Metrics LLC — competition match and performance data analytics. Competitive Metrics LLC provides the match history, scores, and statistics used to calculate PewScore ratings. No personally identifiable information beyond your public competition profile is shared.
  • Google LLC (Google Analytics 4) — website traffic and acquisition analytics for the pewscore.com website only. Google Analytics 4 receives anonymized pageview, session, and referral data (including UTM/campaign parameters) to help us understand how visitors find and use the site. No personally identifiable information is sent to Google Analytics. This tool is used solely for first-party traffic measurement; PewScore does not operate a Google Ads account and GA4 data is not used for advertising. Loads only when you grant "Analytics" consent.
  • Microsoft Corporation (Microsoft Clarity) — website session recording and heatmaps for the pewscore.com website only, used to identify usability problems and improve the site experience. Clarity reconstructs mouse movement, clicks, and scrolls; all input fields and sensitive content are masked by default and are never captured. Clarity never loads on the Privacy, Terms, or Account Deletion pages, and loads only when you grant "Experience recording" consent.
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit and at rest
• Row-level security policies on our database
• Regular security assessments
• Limited access to personal data on a need-to-know basis

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Request deletion of your account and associated data
• Opt-out: Unsubscribe from non-essential communications

To exercise these rights, email our Legal Department at legal@pewscore.com.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Performance data may be retained to maintain historical leaderboard integrity. Raw AI Coach conversation transcripts are retained for up to 90 days; aggregated, non-identifying quality metrics may be kept longer. You may request deletion at any time.

You can view, edit, or delete your AI Coach notes at any time in Settings. We keep them until you delete them or delete your account, and deleting your account deletes them.

8. Children's Privacy

PewScore is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Third-Party Services

The Service integrates with the following third parties. Their privacy policies govern the data they receive:

• Supabase: Database and authentication (Privacy Policy)
• Cloudflare: Edge networking and protection (Privacy Policy)
• Twilio, Inc.: SMS verification for shooter profile linking (Privacy Policy)
• Anthropic, PBC: Large-language-model inference for the PewScore Coach (Privacy Policy)
• PostHog, Inc.: Product analytics (Privacy Policy)
• Apple Inc.: In-app purchases and subscription billing (Privacy Policy)
• RevenueCat, Inc.: Subscription management and receipt validation (Privacy Policy)
• Sentry (Functional Software, Inc.): Crash reporting and performance monitoring (Privacy Policy)
• Google LLC (Google Analytics 4): Website traffic analytics for pewscore.com (Privacy Policy)
• Microsoft Corporation (Microsoft Clarity): Website session recording and heatmaps for pewscore.com (Privacy Statement)

10. Website Analytics & Cookies (pewscore.com)

This section applies to the pewscore.com website. The PewScore mobile app uses a separate, app-native analytics stack; see the sub-processor descriptions in Section 4 (Information Sharing) above.

Consent model (opt-in)

We operate a global opt-in consent model for the pewscore.com website. No analytics cookies or non-essential scripts load until you make an explicit choice. When you first visit the site, a consent banner invites you to choose. You may also change or withdraw your consent at any time by clicking the "Privacy choices" link in the site footer. Your consent decision is stored in your browser's localStorage (not a tracking cookie). Granting consent takes effect immediately. Revoking consent takes full effect on your next page load: any analytics or recording providers already active in your current page session continue running until you navigate to a new page, at which point they are no longer loaded.

There are three consent categories:

• Essential — always active. No analytics or tracking. Covers only what is strictly necessary to serve the page (fonts, static assets, our own CDN).
• Analytics — covers PostHog (website behavior analytics) and Google Analytics 4 (website traffic and acquisition). Neither loads unless you grant this category.
• Experience recording — covers Microsoft Clarity (session recording and heatmaps). Does not load unless you grant this category, and never loads on the Privacy, Terms, or Account Deletion pages regardless of your consent choice.

Google Analytics 4 (Google LLC)

When you grant "Analytics" consent, we load Google Analytics 4 (measurement ID G-GPWHBCYL4Y) to collect anonymized website usage data: pageviews, sessions, traffic source and medium, UTM/campaign parameters, and landing-page performance. This data is used solely to understand how visitors discover and use pewscore.com and to improve the site. GA4 is not used for advertising. PewScore does not currently operate a Google Ads account, and GA4 data is not linked to any ad-serving or remarketing product. No personally identifiable information (name, email, phone, member number, or form contents) is sent to Google Analytics. Google's IP-address handling follows GA4's current defaults; consult Google's Privacy Policy for details. Data is retained per Google's standard GA4 retention settings; we have not configured a custom retention period beyond GA4 defaults.

Microsoft Clarity (Microsoft Corporation)

When you grant "Experience recording" consent, we load Microsoft Clarity (tag ID xbm5g47zvo) to record sessions and generate heatmaps showing where visitors click, move, and scroll on pewscore.com. This helps us identify usability problems and improve the site experience. Clarity masks all form inputs and sensitive content by default — typed text, passwords, and similar fields are never captured. Clarity is excluded from the following pages in all cases, even with consent: Privacy Policy, Terms of Service, and Account Deletion. Clarity data is used for UX improvement only, not for advertising. Data is retained per Microsoft Clarity's standard retention policy; consult Microsoft's Privacy Statement for details.

PostHog (website use)

When you grant "Analytics" consent, we also load PostHog (product analytics) on the website to measure funnel engagement: assessment completions, pricing page interactions, rankings page usage, and App Store link clicks. PostHog website session replay is disabled — Microsoft Clarity (above) owns session recording, and we do not collect dual recordings. PostHog's autocapture (automatic DOM-event collection) is also disabled; only explicit, named events are collected. No personally identifiable information is sent. Data is retained per PostHog's standard retention policy.

Prohibited-data commitment

Regardless of consent, the website analytics tools (GA4, Microsoft Clarity, and PostHog) are never configured to receive:

• Your email address, phone number, or member / competitor number
• Authentication credentials or session tokens
• The raw contents of any form field
• Raw shooter-profile identity data

Clarity's input masking is enabled by default and has not been disabled. GA4 is initialized with no custom user-ID or PII dimension configuration. PostHog is initialized with autocapture disabled and no PII properties set. This commitment is architectural — these values are never passed to the analytics tools in the first place.

Not used for advertising

Consistent with our overall policy (Section 4), the cookies and identifiers set by GA4, Microsoft Clarity, and PostHog on pewscore.com are not used for cross-site advertising, remarketing, or behavioral targeting. We do not sell this data. We do not use it to track you across other companies' websites or apps.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Effective Date." Your continued use of PewScore after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or our data practices, contact our Legal Department:

Email: legal@pewscore.com

Customer Support: (607) 397-2673 — (60) PEWSCORE

Corporate / Legal: (307) 248-7397 — (307) 248-PEWS

Mailing Address:
PewScore LLC
680 S Cache Street Suite 100-15231
Jackson, WY 83001
USA

13. Account and Data Deletion

You may delete your account and all associated personal data at any time through the "Settings" menu within the PewScore App. Alternatively, you may submit a deletion request via our web-based portal at pewscore.com/delete-account or by emailing support@pewscore.com.

Upon request, we will delete or anonymize your personal data within 30 days, except where we are legally required to retain it.