Authenticated access
Console and app features rely on authenticated user sessions. Course-management actions are designed to be available only to approved course team members or Pin Masters administrators.
Security
Security and trust for course operations.
Pin Masters handles course setup, live operational content, player app activity, and location-enabled features. Security is treated as part of the product design, not as a separate afterthought.
Role-based access
Firebase infrastructure
Data minimisation
Product Controls
Built around scoped access and practical minimisation.
Course-scoped permissions
Course data is modelled around course IDs and membership checks so a user can be a member of one or more courses without receiving broad access to every course.
Location-aware, not identity-first
Location is used to provide in-round features such as yardages, current-hole context, pace, and course guidance. Pin Masters aims to keep this operational and course-focused, not as a public identity profile for golfers.
Data minimisation
The product is designed to store the information needed to provide course and player features, while avoiding unnecessary personal detail where a lighter record is enough.
Infrastructure
Using managed services for the critical foundation.
Pin Masters is built on Firebase and related managed services for authentication, database, hosting, messaging, and application delivery.
Transport security
Web and app traffic uses HTTPS/TLS through managed hosting and service endpoints.
Firestore rules
Data access is controlled with Firestore security rules and application-level checks that separate players, course members, and administrators.
Push notifications
Device push tokens are stored per user/device so notification delivery can be targeted without exposing token lists publicly.
Payment data
Pin Masters does not currently process card payments directly on this website. If billing is added, payment data should be handled by a trusted payment provider.
Report A Concern
Found something that looks unsafe?
Please send a clear report with the affected page or feature, steps to reproduce, and any relevant screenshots. Do not access another person's account or private data while testing.