PRIVACY POLICY
Greenkeeper Evidence Field — iOS, iPadOS & watchOS
Apple App Store privacy notice for the Greenkeeper Evidence Field iOS / iPadOS / watchOS application, its App Clip surface and the External Viewer Share Links it generates.
Document: Greenkeeper Evidence Field — Privacy Policy
Application: Greenkeeper Evidence Field (iOS / iPadOS / watchOS) · App Clip · External Viewer Share Links
Issuing controller: ML Consulting MB · legal entity code 306991112
Version: 1.0
Effective from: 1 June 2026
Last updated: 19 May 2026
Privacy contact: support+greenkeeper@mlconsulting.lt
Lead supervisory authority: Valstybinė duomenų apsaugos inspekcija (VDAI), Vilnius
Backend data residency: European Union
Distribution: Apple App Store
User profile: Business User (B2B) — premium members’ clubs, tournament-hosting venues, resort golf operators, multi-property groups
SAFETY DISCLAIMER — READ FIRST Greenkeeper Evidence Field is an evidence-capture and assurance tool. It is NOT a safety system, lightning-warning system, weather-warning system, severe-weather siren, evacuation system or emergency-response service. Lightning, storm, frost, heat and other weather-related alerts and Apple Watch haptics are sourced from Apple’s WeatherKit service on a best-effort basis and are ADVISORY ONLY. The Course Operator is solely responsible for safety. Do NOT rely on the App, the Apple Watch surface, any APNs notification, any ActivityKit Live Activity or any HealthKit haptic as the primary or sole safety warning for personnel, members, players or property.
Read together with the Greenkeeper Evidence Field Terms and Conditions (Master Terms + Schedule A) published by ML Consulting MB.
AT A GLANCE What you should know in 60 seconds. We do not sell your personal data and we never will. Greenkeeper Evidence Field is offline-first: course-condition captures, photographs, voice memos, GPS pin-drops, frost / lightning / storm / heat / drought event logs and Apple Watch interactions are stored on your iPhone, iPad or Apple Watch and synced to our EU-resident backend when connectivity returns. The Greenkeeper backend is hosted in the European Union. Personal data is encrypted in transit and at rest. We do not run advertising in the App, and we do not embed third-party advertising or tracking SDKs. The App is declared “Data Not Used to Track You” in the App Store. Greenkeeper Evidence Field is sold exclusively under a written Order Form (Direct Channel) — no App Store auto-renewable subscription is offered by default. We never see your payment-card data. The App is NOT a safety, lightning-warning or weather-warning system. Lightning alerts, frost alerts and severe-weather alerts (including the Apple Watch haptic on lightning detection) are sourced from Apple’s WeatherKit on a best-effort basis and are advisory only. HealthKit is requested only for the Apple Watch haptic engine that delivers lightning alerts. We do NOT read your heart rate, activity, sleep or any other health data, and we do NOT receive any HealthKit values. Location is captured event-based. Course-zone geofencing (the “Always” location permission) is opt-in and is used only to auto-suggest the right Course Zone for a capture and to scope App Clip casual-worker access. Course Quality Scores and Superintendent Reliability Scores are workspace-internal operational data, computed deterministically, and must not be used as the sole basis for any material decision about a worker or be published as a public ranking. References in the App to governing bodies, championships and certifications (R&A, USGA, PGA TOUR, PGA of America, DP World Tour, LPGA, LET, Augusta National, Open Championship, Audubon, GEO Certified, ISO 14001 and similar) are descriptive only. None of those bodies endorses, certifies or warrants the App, the templates or any Pack. AI helpers (on-device CoreML turf-disease / pest / divot classifiers, on-device Speech / backend Whisper voice transcription, backend Claude-class Pack-narrative drafts) are a paid opt-in add-on, off by default, never autonomous, raw input always retained, and inputs and outputs are never used to train any third-party model. External Viewer Share Links delivered to members, regulators, governing bodies and insurers are signed and time-limited, scoped to the records selected by the Course Operator, and exclude worker-identifying information unless necessary. You can exercise the full set of EU GDPR rights at any time by writing to support+greenkeeper@mlconsulting.lt. Our lead supervisory authority is the Lithuanian State Data Protection Inspectorate (VDAI) in Vilnius. Greenkeeper Evidence Field is intended for business users only (B2B).
1. About this Privacy Policy
ML Consulting MB (“ML Consulting”, “we”, “us”, “our”) is the publisher of the Greenkeeper Evidence Field iOS / iPadOS / watchOS application (the “App”), distributed through the Apple App Store. This Privacy Policy explains what personal data the App and its related surfaces — the watchOS companion that runs on Apple Watch, the App Clip surface invoked via Course-Zone QR code, the browser-accessible External Viewer Share Links it generates for members, regulators, governing bodies, insurers and tournament reviewers, and the server-emailed Multi-Property Group Reports at Group Operator tier — process when you download, install, sign in to, subscribe to, open an App Clip session, open a Share Link, wear the Apple Watch companion or otherwise use the App, why we process it, the legal bases on which we rely, with whom we share it, for how long we keep it, and the rights you have under the GDPR and other applicable privacy laws.
This Policy is written to satisfy Articles 12 to 14 of Regulation (EU) 2016/679 (the “GDPR”) and the Lithuanian Law on Legal Protection of Personal Data of the Republic of Lithuania, which implements the GDPR in Lithuania. It is also designed to be consistent with the App Privacy details (the App Store privacy “nutrition label”) and the Privacy Manifest (PrivacyInfo.xcprivacy) published with the Greenkeeper Evidence Field App.
Greenkeeper Evidence Field is premium enterprise software intended for business users (B2B) — premium members’ golf clubs, tournament-hosting venues, resort golf operators, multi-property golf groups and the superintendents, assistant superintendents, irrigation / equipment leads, field crew, GMs, Tournament Directors, environmental compliance officers and external viewers they invite. Members, players, regulators, governing bodies and insurers who receive defence packs or open share links interact with the App as third parties of the Course Operator. This Policy should be read together with the Greenkeeper Evidence Field Terms and Conditions (Master Terms + Schedule A) and, where ML Consulting acts as processor, the Master Data Processing Agreement (“Master DPA”) concluded with the Course Operator.
1.1 Critical safety reminder
NOT A SAFETY SYSTEM Greenkeeper Evidence Field — including the Apple Watch surface — is an evidence-capture and assurance tool, not a primary safety device. Lightning, storm, frost, heat and other weather-related alerts (whether shown on iPhone, iPad or as an Apple Watch haptic) are sourced from Apple’s WeatherKit service on a best-effort basis and are ADVISORY ONLY. The Course Operator is solely responsible for publishing, training, drilling, communicating and enforcing its own written safety, lightning-suspension, severe-weather, heat-stress, evacuation and emergency protocols, and for maintaining redundant, independent primary safety systems (for example, sirens, horns, dedicated lightning-detection sensors, manned spotter networks and on-site emergency communication). Do NOT rely on the App, the Apple Watch surface, any APNs notification, any ActivityKit Live Activity or any HealthKit haptic as the primary or sole safety warning for personnel, members, players or property.
2. Controller identification
We are the data controller for the processing described as “we act as controller” in section 4 of this Policy. Our identification details are set out below.
Legal name: ML Consulting MB
Legal form: Mažoji bendrija (small partnership) governed by the law of the Republic of Lithuania
Legal entity code: 306991112 (Centre of Registers of the Republic of Lithuania)
Website: https://mlconsulting.lt
Privacy contact: support+greenkeeper@mlconsulting.lt
ML Consulting MB has not designated a Data Protection Officer because its current processing does not meet the criteria in Article 37(1) GDPR. The privacy contact above handles all data-protection enquiries. If our processing activities change such that a DPO becomes mandatory, we will appoint one and publish their contact details in this Policy.
Our lead supervisory authority for the purposes of the GDPR’s one-stop-shop mechanism (Article 56 GDPR) is the Lithuanian State Data Protection Inspectorate — Valstybinė duomenų apsaugos inspekcija (“VDAI”) — at L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania, telephone +370 5 271 2804, email ada@ada.lt, website vdai.lrv.lt.
3. Scope of this Policy
This Privacy Policy applies to:
the Greenkeeper Evidence Field iOS / iPadOS / watchOS application published by ML Consulting MB on the Apple App Store, including the watchOS companion that runs on Apple Watch;
the App Clip surface invoked by casual or seasonal crew members via the Course-Zone QR code, where the casual worker captures inspections, treatments and proof-of-work for the duration of a visit without installing the full App;
the browser-accessible External Viewer Share Links the App generates for members, players, regulators, governing bodies, insurers, tournament reviewers and other external viewers;
the server-emailed Multi-Property Group Report PDFs at Group Operator tier;
user accounts, Courses (Workspaces), Course Zones, subscriptions, trials, onboarding sessions, support channels, billing operations and authentication services that we operate in connection with the App;
the App’s landing pages, help articles and documentation hosted on mlconsulting.lt that describe Greenkeeper Evidence Field; and
email, in-application and other communications you exchange with us about the App.
Where Apple Inc. or its subsidiaries, or any other independent third party, processes personal data on its own account in connection with the App — for example, the Apple App Store, Sign in with Apple, App Clip experience hosting, APNs push, WeatherKit, ActivityKit, ClockKit, HealthKit (haptic engine on Apple Watch only — see section 5.7), iCloud, or a payment-card network — that party acts as a separate controller and its own privacy policy applies in addition to this Policy.
4. Our two privacy roles — controller and processor
4.1 We act as controller
We determine the purposes and means of processing for the following categories, which is why this Policy applies to them directly:
account and authentication data we collect to identify you and operate your user account;
device, technical, telemetry and security-event data the App generates during normal use;
communications and support correspondence about the App; and
billing and payment data we collect from Direct-Channel Course Operators (all paid Greenkeeper Evidence Field tiers and add-ons).
4.2 We act as processor
Greenkeeper Evidence Field operates on a Course / Workspace model. The Course Operator (typically a premium members’ club, tournament-hosting venue, resort golf operator or multi-property group) uses the App to manage Course Zones, Course Captures, Treatment Records, Frost / Lightning / Climate Event Records, Member Complaint Records, Incident Records and the Defence Packs assembled from them. For that Customer Data — including superintendent / crew personal data, App Clip casual-worker session data, member-complaint subject data, member / player names in incident records, External Viewer Share Link recipient data and biometric-gated audit-log entries within the meaning of Schedule A of the Terms and Conditions — the Course Operator is the controller and ML Consulting acts as a processor under the Master DPA, which meets the requirements of Article 28 GDPR.
In that role we process Customer Data only on the documented instructions of the Course Operator, except where we are required to act otherwise by EU or Lithuanian law. If you are a superintendent, assistant, crew member, casual or seasonal worker, GM, Tournament Director, environmental compliance officer, member, player, regulator, governing-body reviewer, insurer or other individual whose personal data has been uploaded to Greenkeeper Evidence Field by a Course Operator, that organisation is the controller and you should approach it first with any data-protection request. We will redirect any request we receive on its behalf without undue delay (see section 17.4).
5. Apple App Store, iOS and watchOS platform context
Because the App is delivered through the Apple App Store and runs on Apple’s iOS, iPadOS and watchOS platforms, several aspects of how your personal data is handled are inherited from Apple’s platform. This section makes the most relevant ones explicit.
5.1 App Privacy details on the App Store
Apple requires every application on the App Store to publish a structured summary of the data it collects (the “App Privacy details”, commonly described as the App Store privacy “nutrition label”). The App Privacy details for Greenkeeper Evidence Field are kept consistent with this Policy. Indicatively, they declare Contact Info (the email addresses of members, regulators, governing-body reviewers, insurers and external viewers you invite, and your own account email), User Content (Course Captures, photographs, voice memos, Treatment Records, Frost / Lightning / Climate Event Records, Member Complaint Records, Incident Records and watermarked Defence Pack PDFs) and, where opted-in, Diagnostics and anonymous Usage Data. Tracking is declared as None.
5.2 App Tracking Transparency
Greenkeeper Evidence Field does not track you across other companies’ applications and websites within the meaning of Apple’s App Tracking Transparency framework. We do not request the App Tracking Transparency permission and we do not use the iOS Identifier for Advertisers (IDFA). The App’s App Store declaration is set to “Data Not Used to Track You”.
5.3 Privacy Manifest
Greenkeeper Evidence Field ships an Apple-required Privacy Manifest (PrivacyInfo.xcprivacy) declaring the data categories the App collects, the reasons for any use of “required reason” iOS APIs and the third-party SDKs the App depends on. The Privacy Manifest is the machine-readable counterpart of this Policy.
5.4 iOS sandbox and Data Protection
On-device application data is held inside the iOS application sandbox and benefits from Apple’s default Data Protection (typically the “Complete Until First User Authentication” class), which encrypts that data at rest using a key derived from your device passcode. Where the App needs to retain a small secret value (for example, a session token), we use Apple’s Keychain Services rather than handling secrets ourselves.
5.5 Sign in with Apple and email magic-link
The App offers Sign in with Apple in line with Apple’s App Store Review Guidelines § 4.8. When you choose this option, Apple supplies us with a stable Apple Account identifier and either your real email address or an Apple-generated relay address (“Hide My Email”). The App also supports email magic-link authentication: you receive a one-time signed link by email, and we never store a password. We never receive your Apple Account password.
5.6 Biometric gates (Face ID / Touch ID)
High-consequence operations — finalising a Tournament-Ready Assurance Pack, exporting an Insurance / Liability Incident Pack, releasing an Environmental Compliance Pack, accessing the audit log — can be gated by Face ID / Touch ID through Apple’s LocalAuthentication framework. Biometric data never leaves the device; Apple does not provide us with your biometric template.
5.7 HealthKit — limited to the Apple Watch haptic engine
The Apple Watch companion may request HealthKit access for one specific purpose only: to deliver the haptic alert when WeatherKit reports a lightning detection within the configured radius of the Course. We do NOT read your heart rate, activity, sleep, workouts, body measurements or any other HealthKit value, and we do NOT receive any HealthKit data from your device. The HealthKit prompt is shown only if and when you enable the lightning-alert feature on your Apple Watch, and you can revoke it at any time in iOS Settings → Privacy & Security → Health → Greenkeeper Evidence Field. If you decline HealthKit access, the lightning haptic feature does not function and the App falls back to standard Apple Watch notifications.
5.8 Apple Watch (watchOS) companion
The watchOS companion hosts time-critical operational interactions: lightning haptic alerts (subject to section 5.7), Frost Cycle and Treatment Re-Entry Interval timers, course-closure Live Activities via ActivityKit, and Quick Task Confirmations from anywhere on the property. It uses standard Apple frameworks (watchOS, ActivityKit, ClockKit, BGTaskScheduler) and stores its operational data on-device through the watchOS sandbox until the iPhone synchronises. The Apple Watch is a productivity companion, not a primary safety device (see section 1.1).
5.9 App Clip (casual workers)
Greenkeeper Evidence Field uses Apple’s App Clip framework. A casual or seasonal crew member invited via the Course-Zone QR code may open the App Clip and capture Course Captures, Treatment Records and proof-of-work for the duration of a visit, without installing the full App. App Clip code, App Clip experience hosting and the App Clip lifecycle (including the iOS-enforced binary cap and limited entitlements) are governed by Apple’s App Clip platform. App Clip sessions are scoped to assigned Course Zones and are tracked under an AppClipSession record (Course Zone, worker Apple identifier supplied by Apple’s App Clip flow, session start and end timestamps, captures performed).
5.10 External Viewer Share Links
The App can generate signed, time-limited browser Share Links that deliver a scoped, read-only subset of Customer Data to a member, player, regulator, governing body, insurer, tournament reviewer or other third party — without requiring them to install the App or hold an Account. Share Links are served by Greenkeeper’s EU-resident backend, are scoped to records the Course Operator expressly selects, default to excluding worker-identifying information where exposure is not necessary, expire on a deadline set by the Course Operator and are revocable at any time. Recipients of a Share Link are processed as Customer Data on behalf of the Course Operator (we act as processor).
5.11 WeatherKit, APNs Time-Sensitive, ActivityKit, EventKit and Bluetooth
Greenkeeper Evidence Field relies on a number of Apple frameworks and platform services, each governed by Apple’s privacy terms in addition to this Policy: WeatherKit (microclimate snapshots attached to Course Captures, Treatment Records and Frost / Lightning / Climate Event Records on a best-effort basis, and the data source for severe-weather threshold detection); APNs Time-Sensitive (lightning alerts, frost warnings, treatment re-entry interval expirations, tournament-day morning briefings, sync-conflict notifications); ActivityKit Live Activities (closure status, treatment timers and tournament suspension surfaced on the Dynamic Island and Lock Screen); EventKit (optional writes of follow-up events to your Apple Calendar); AVFoundation (camera and audio capture); CoreLocation (event-based GPS stamping and, where enabled, Course-Zone geofencing); PencilKit (annotation on iPad); PDFKit (watermarked Pack rendering); Speech (on-device first-pass voice transcription); BGTaskScheduler (background sync); StoreKit 2 (preserved for any future App Store IAP path).
Where you enable an integration with a ranger or radio device that uses Apple’s Core Bluetooth framework, the App may request Bluetooth permission — solely to communicate with that specific device. We do not scan for unrelated Bluetooth devices.
5.12 App Privacy Report
iOS 15.2 and later provide an in-operating-system App Privacy Report (Settings → Privacy & Security → App Privacy Report) that lets you inspect the sensors, data categories and network domains the App has accessed. Greenkeeper Evidence Field is designed so that this report shows the Apple platform domains used by the features above, plus ML Consulting’s EU-resident backend and the AI sub-processor endpoint where the backend AI add-on has been enabled by the Course Operator (see section 14).
6. Key terms used in this Policy
Personal data — any information relating to an identified or identifiable natural person, as defined in Article 4(1) GDPR.
Processing — any operation performed on personal data, including collection, recording, organisation, storage, use, disclosure and erasure.
Controller — the person who determines the purposes and means of processing.
Processor — a person who processes personal data on behalf of a controller.
Course Operator / Workspace Owner — the business customer (typically a premium members’ club, tournament-hosting venue, resort golf operator or multi-property group) that uses Greenkeeper Evidence Field to manage its Course(s).
Course Zone — a geofenced sub-area of a Course (green, fairway, bunker, irrigation zone, equipment shed) used to auto-attach captures and to scope worker access.
Customer Data — all data submitted by, or generated for, the Course Operator through the App, App Clip surface, Apple Watch companion or Share Links, including Course Captures, Treatment Records, Frost / Lightning / Climate Event Records, Member Complaint Records, Incident Records, Defence Packs, Course Quality Score and Superintendent Reliability Score data, exports and append-only audit logs.
Course Quality Score — a workspace-internal score derived deterministically from Course Captures, Treatment Records and tournament-prep checklist completion.
Superintendent Reliability Score — a workspace-internal score derived deterministically from a superintendent’s saved Course Captures, Treatment Records, complaint defences and incident records. It is not exposed to peers, members, brokers, insurers, tournament reviewers or the public.
WeatherKit Snapshot — a time-stamped record of microclimate or weather values sourced from Apple’s WeatherKit service at the moment of capture and attached to the relevant record or Pack for attestation purposes.
Apple Watch Surface — the watchOS companion that hosts lightning haptic alerts, frost-cycle timers, treatment re-entry interval timers, course-closure Live Activities and quick task-complete confirmations.
Defence Pack — a watermarked PDF generated by Greenkeeper Evidence Field, including Member Complaint Defence Pack, Tournament-Ready Assurance Pack, Insurance / Liability Incident Pack, Environmental Compliance Pack, Climate Event Defence Pack, Multi-Year Course History Pack and Multi-Property Group Report.
External Viewer Share Link — a signed, time-limited browser link generated by the App that delivers a scoped, read-only subset of Customer Data to a member, regulator, governing body, insurer or other third party.
On-device — data stored or processed locally on the user’s iPhone, iPad or Apple Watch inside the iOS / watchOS application sandbox; it does not leave the device unless this Policy says otherwise.
Backend — Greenkeeper’s EU-resident server-side service, to which on-device records are synced and from which Share Links, Packs and (where enabled) AI narrative drafts are served.
Sub-processor — a third-party service provider that processes personal data on our behalf or that supports a feature of the App.
EEA — the European Economic Area, comprising the EU Member States, Iceland, Liechtenstein and Norway.
VDAI — Valstybinė duomenų apsaugos inspekcija, the Lithuanian State Data Protection Inspectorate, our lead supervisory authority.
7. Personal data we process
We collect only the data we reasonably need to operate, secure, support and improve the App. The categories below describe what Greenkeeper Evidence Field processes; not every Workspace, user account or device profile will involve every category.
Category: Examples and notes
Account and authentication data: Name, email address, account identifier, authentication method (Sign in with Apple or email magic-link), Apple-issued relay address where you used “Hide My Email”, Workspace membership, role (superintendent, assistant superintendent, irrigation / equipment lead, field crew, GM, Tournament Director, environmental compliance officer, external viewer) and permissions. We do not store passwords; magic-link authentication uses one-time signed links.
Device, technical and telemetry data: IP address (typically truncated for analytics), device model and operating-system version (iOS, iPadOS, watchOS), App version, language and timezone, pseudonymised interaction events (screens viewed, features used, capture-duration metrics), crash reports, performance traces and security-relevant events such as failed log-ins and biometric gate attempts.
Communications and support data: The content and metadata of any email, support ticket, in-app help message, demo request, onboarding call note or other correspondence with us, including any attachments you choose to send.
Billing and payment data (Direct Channel — all tiers and add-ons): Invoicing entity name, registered address, VAT identifier, signatory contact, Order Form record (Plan, term, fees, user / course / season / property limits, add-ons including Environmental / Pesticide Compliance Module, AI photo classifier, Tournament-Ready Pack assembly and Multi-Year Course History), payment-status data, bank-transfer reference and the last four digits of the payment card where card payment is used. We do not store full payment-card numbers.
Customer Data — Course, Course Zone and operational records: Courses, Course Zones, daily Course Captures, Treatment Records (plant-protection-product / biocide / pesticide / fertiliser / wetting-agent applications with product, dose, method, applicator, re-entry interval and batch / lot number), Frost Cycle Records, Lightning Event Records, Climate Event Records (storm, hail, flood, drought, heat, smoke), Member Complaint Records, Incident Records (slip-and-fall, divot injury, equipment incident), Defence Pack PDFs and the append-only audit log.
Superintendent, crew and seasonal-worker personal data: Where the Course Operator invites a superintendent, assistant, crew member, irrigation lead, GM, Tournament Director, environmental compliance officer or other worker (employed, contractor or seasonal) as an authorised user: the worker’s name, email, role, Workspace identifier, the timestamp of their acknowledgment of the Workspace privacy notice, Course Zone assignments, Apple Watch activity in the App and the records they capture (including their own user identifier, GPS pin-drops at the moment of capture and any voice memo or photograph in which they are identifiable). See section 11.
App Clip casual / seasonal worker session data: Where a casual or seasonal worker opens the App Clip via the Course-Zone QR code: an AppClipSession record (assigned Course Zones, worker Apple identifier supplied by Apple’s App Clip flow, session start and end timestamps, captures performed during the session). App Clip data is treated as Customer Data on behalf of the Course Operator.
Member, player and complaint-subject personal data: Names and contact details of members or players appearing in Member Complaint Records or Incident Records (including the complainant, any third-party witness, and the affected person). This data is treated as Customer Data on behalf of the Course Operator.
External Viewer Share Link recipient data: Where the Course Operator issues an External Viewer Share Link: the recipient’s email address or name, the scope of records the link exposes, the expiry, the activity log (when the link was opened) and the revocation state. This data is treated as Customer Data on behalf of the Course Operator.
Camera, microphone and on-device file data: Course Capture photographs, treatment / climate-event / incident photographs, voice memos (AVFoundation + on-device Speech framework first-pass transcript), PencilKit annotations on iPad. Camera, photo-library, microphone and Speech-recognition access are controlled by the iOS permission prompts and may be revoked at any time in iOS Settings.
Location data (CoreLocation, event-based and zone geofencing): GPS coordinates captured at the moment you save a Course Capture, Treatment Record, Frost / Lightning / Climate Event Record or Incident Record (“When In Use” permission). With the optional separate “Always” permission, the App auto-suggests the relevant Course Zone for a capture (based on geofences set by the Course Operator) and scopes App Clip casual-worker access to assigned Course Zones. The App does not perform continuous background tracking outside the geofencing feature; you can disable Always access in iOS Settings at any time.
WeatherKit microclimate and severe-weather data: Time-stamped microclimate values (typically temperature, humidity, atmospheric pressure, wind, precipitation) sourced from Apple’s WeatherKit service at the moment of capture and attached to the relevant record or Pack as a WeatherKit Snapshot. WeatherKit is also the data source for the severe-weather threshold detection that surfaces lightning, frost, storm, heat and drought alerts. WeatherKit access is governed by Apple’s terms in addition to this Policy.
HealthKit access (Apple Watch haptic engine only): Where you enable the lightning-alert feature on the Apple Watch companion, the App requests HealthKit access for the sole purpose of using the haptic engine via Apple’s framework to deliver the lightning haptic. We do NOT read, transmit or store your heart rate, activity, sleep, workouts, body measurements or any other HealthKit values. The HealthKit prompt is shown only when the lightning-alert feature is enabled and can be revoked at any time in iOS Settings.
Apple Watch (watchOS) interaction data: Apple Watch surface events: lightning-alert acknowledgements; frost-cycle timer starts and stops; treatment re-entry interval timer starts and stops; Live Activity state transitions for course-closure; one-tap Quick Task Confirmation acknowledgements. These events sync to the Course’s append-only audit log on the iPhone.
Apple Calendar (EventKit) integration: Where the Course Operator enables it, the App writes follow-up events (treatment re-entry interval expirations, frost-watch reminders, tournament-day morning briefings) to the Apple Calendar of the relevant authorised user. We do not read or transmit your wider Calendar contents.
Notification preferences and tokens: Push-notification cadence toggles (lightning, frost, treatment expiration, tournament-week alerts, member-complaint pending, sync-conflict, App Clip session reminder); iOS notification permission state; APNs device push token used by Apple Push Notification service to deliver Time-Sensitive pushes; ActivityKit Live Activity state.
Bluetooth (optional ranger / radio integration): Where you enable a ranger or radio device integration that uses Apple’s Core Bluetooth framework, the identifier of that specific device, paired solely for the purpose of that integration. The App does not scan for unrelated Bluetooth devices.
On-device CoreML inference outputs: Where the AI photo-classifier add-on is enabled: the output of on-device CoreML classifiers for turf disease (dollar spot, brown patch, Pythium, anthracnose), pest detection (chinch bug, grub damage) and divot classification, stored alongside the raw photo. CoreML inference runs locally on your device.
Backend AI helper inputs and outputs (paid opt-in add-on): Where the Course Operator has enabled the backend AI add-on: the photograph or audio clip sent for higher-fidelity refinement (backend turf-disease / pest classifier; backend Whisper-class voice transcription) and the structured-text input sent for Claude-class Pack-narrative drafting (Member Complaint, Tournament-Ready Assurance, Environmental Compliance, Climate Event, Multi-Year Course History narratives), plus the generated draft outputs. Raw input is always retained alongside any AI-structured output; see section 14.
Course Quality and Superintendent Reliability Score data: Workspace-internal scores computed deterministically from cross-record activity. Confidential to the Course Operator; not exposed to peers, members, brokers, insurers, tournament reviewers or the public. See section 11.2.
Application-generated data: Outputs of the deterministic Field Engine, the Frost Cycle engine, the Lightning Alert pipeline, the Treatment Re-Entry Interval timer, the Course Quality and Superintendent Reliability Score computations, the audit log, capture-duration telemetry and similar computed values.
7.1 Special categories of personal data
Greenkeeper Evidence Field is not designed to collect special categories of personal data within the meaning of Article 9 GDPR (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation). You must not upload special-category data to the App unless it is strictly necessary for your lawful use of the App and you have a valid lawful basis under Article 9(2) GDPR. The Course Operator is responsible for that lawful basis.
Two specific clarifications. First, biometric authentication (Face ID / Touch ID) is performed by Apple’s LocalAuthentication framework and biometric data never leaves the device; the App stores only the verified / not-verified outcome and the authentication-type metadata. Second, HealthKit access is requested only for the Apple Watch haptic engine that delivers the lightning alert (see section 5.7); we do not receive, read, transmit or store any HealthKit values.
7.2 What we do not collect
To remove ambiguity, Greenkeeper Evidence Field does not collect:
the contents of your Apple Contacts, the wider Apple Calendar, your photo library beyond images you actively attach, or any HomeKit data;
any HealthKit data values (heart rate, activity, sleep, workouts, body measurements, etc.) — the HealthKit permission is used only to drive the Apple Watch haptic engine on lightning detection;
behavioural-advertising identifiers; we do not run advertising, do not use the IDFA and do not share data with advertising networks;
analytics, attribution or crash-reporting data through any third-party SDK that has not been disclosed in this Policy and in the App’s Privacy Manifest;
continuous background-location data outside the optional Course-Zone geofencing feature (which requires explicit “Always” location permission set by you).
8. How we collect personal data
We collect personal data in three ways:
Directly from you — when you create an account, complete a form, install or use the App on iPhone, iPad or Apple Watch, open an App Clip session, open an External Viewer Share Link, capture a Course Capture, Treatment, Frost / Lightning / Climate Event Record, Member Complaint Record or Incident Record, attach a photograph or voice memo, generate a Pack, issue a Share Link, contact support or subscribe to a communication.
Automatically through your use of the App — when the App generates technical, telemetry, security or computational data (capture-duration metrics, Field Engine outputs, Lightning Alert pipeline events, Apple Watch interaction events, append-only audit-log entries) necessary to deliver, secure or improve the service, and when Apple platform services (WeatherKit, APNs, ActivityKit, CoreLocation geofence transitions) supply data linked to your action.
From third parties — when Apple supplies us with the result of Sign in with Apple, when a Course Operator administrator invites you to a Workspace, when a casual or seasonal worker scans an App Clip QR code, when a payment provider confirms a payment, when a recipient opens an External Viewer Share Link, or when an authority lawfully provides information in connection with a regulatory matter.
9. Why we process personal data and our legal bases
For each processing activity we rely on a lawful basis under Article 6(1) GDPR. The table below sets them out for the categories of processing covered by this Policy.
Purpose: Data used | Legal basis | GDPR ref.
Provide and operate the App, watchOS companion, App Clip and External Viewer surfaces, including authentication, Courses / Course Zones, daily Course Captures, Treatment Records, Frost / Lightning / Climate Event Records, Member Complaint and Incident Records, Pack assembly, audit history, exports and sync.: Account and authentication data; device, technical and telemetry data; Customer Data and operational records; superintendent / crew, App Clip casual-worker, member / player, complaint-subject and Share Link recipient personal data (as processor). | Performance of a contract with you (or pre-contractual steps at your request). | Art. 6(1)(b)
Process payments and manage billing for Direct-Channel Course Operators (all tiers + add-ons); comply with statutory accounting and tax retention.: Billing and payment data; account data. | Performance of a contract; compliance with a legal obligation under Lithuanian accounting and tax law. | Art. 6(1)(b); Art. 6(1)(c)
Camera, microphone, photo and on-device Speech features (Course Captures, Treatment / Climate Event / Incident captures and voice memos).: Camera and microphone input (in memory); captured stills and voice clips (only when you save them); on-device Speech first-pass transcript. | Performance of a contract; consent for camera, microphone, photo-library and Speech-recognition access via the iOS prompts. | Art. 6(1)(b); Art. 6(1)(a)
Event-based GPS capture on Course Captures, Treatment Records, Frost / Lightning / Climate Event Records and Incident Records.: Location data captured at the moment of save. | Performance of a contract; consent via the iOS “When In Use” location prompt. | Art. 6(1)(b); Art. 6(1)(a)
Optional Course-Zone geofencing for capture auto-suggestion and App Clip casual-worker scoping.: Location data via the iOS “Always” location permission; geofence transitions; AppClipSession assignment. | Consent (the user must grant “Always” location and can revoke at any time in iOS Settings). | Art. 6(1)(a)
WeatherKit microclimate attestation on records and Packs; severe-weather threshold detection (lightning, frost, storm, heat, drought) for advisory alerts.: WeatherKit Snapshot at moment of capture; threshold-detection signals. | Performance of a contract; Apple’s WeatherKit terms apply in addition. | Art. 6(1)(b)
Apple Watch haptic alerts (lightning) via Apple’s HealthKit haptic engine.: HealthKit permission to drive the haptic engine only — no HealthKit values are read, transmitted or stored. Watch interaction events (acknowledgement, timer starts). | Consent (the user must enable the lightning-alert feature and grant HealthKit access; revocable in iOS Settings). | Art. 6(1)(a)
APNs Time-Sensitive push notifications, ActivityKit Live Activity countdowns and configurable notification cadence (lightning, frost, treatment expiration, tournament-week alerts, member-complaint pending, sync conflict, App Clip session).: Notification preferences; APNs push token; application-generated alerts; ActivityKit Live Activity state. | Consent (granted via the iOS notification prompt and the App’s Settings). | Art. 6(1)(a)
Optional EventKit writes of follow-up events to Apple Calendar.: Calendar event metadata for treatment re-entry, frost-watch and tournament-day briefings. | Consent via the iOS Calendar prompt. | Art. 6(1)(a)
Optional Bluetooth integration with a ranger or radio device.: Identifier of the specific paired device; integration events. | Consent (the user must enable the integration and grant Bluetooth permission). | Art. 6(1)(a)
On-device CoreML photo classification — turf disease, pest, divot (paid add-on).: Photograph attached to a Course Capture; CoreML output stored alongside. | Performance of a contract (consent for the add-on by the Course Operator); no data leaves the device. | Art. 6(1)(b)
Backend AI helpers — higher-fidelity classifier refinement, Whisper-class voice transcription and Claude-class Pack-narrative drafts (paid opt-in add-on).: Photograph, audio clip or structured-text inputs; generated draft outputs. | Performance of a contract; consent (Course Operator add-on enablement). | Art. 6(1)(b); Art. 6(1)(a)
Compute workspace-internal Course Quality Scores and Superintendent Reliability Scores for operational use, with meaningful human review.: Saved Course Captures, Treatment Records, complaint defences and incident records within the Course Operator’s Workspace. | Performance of a contract; legitimate interests of the Course Operator in operational quality. | Art. 6(1)(b); Art. 6(1)(f)
Issue, serve and revoke External Viewer Share Links; deliver Multi-Property Group Report PDFs by email at Group Operator tier.: Recipient contact data; Share Link scope and expiry; activity log; aggregated cross-property metrics. | Performance of a contract. | Art. 6(1)(b)
Secure the App; prevent fraud, abuse, evidence tampering, Share Link forging and unauthorised access.: Authentication data; device, technical and telemetry data; security-relevant events; append-only audit log; biometric gate state. | Legitimate interests in protecting the integrity, availability and confidentiality of the App and the evidentiary integrity of Packs. | Art. 6(1)(f)
Improve the App; conduct privacy-respecting product analytics (opt-in).: Pseudonymised telemetry; aggregated usage statistics. | Legitimate interests in understanding how the App is used. Where required, consent. | Art. 6(1)(f); Art. 6(1)(a)
Provide customer support and respond to enquiries.: Communications and support data; account data. | Performance of a contract; legitimate interests for general or pre-contractual enquiries. | Art. 6(1)(b); Art. 6(1)(f)
Respond to data-subject requests and operate the GDPR rights workflow.: All categories relevant to the request. | Compliance with a legal obligation under the GDPR. | Art. 6(1)(c); Arts. 12 to 22
Send service messages (security, billing, material change notices).: Account data; communications data. | Performance of a contract. | Art. 6(1)(b)
Defend or pursue legal claims.: Data relevant to the claim. | Legitimate interests in establishing, exercising or defending legal claims. | Art. 6(1)(f)
Comply with legal, regulatory and tax obligations and respond to lawful requests.: Data required by law (typically account, billing, audit and security logs). | Compliance with a legal obligation. | Art. 6(1)(c); Art. 23
Where we rely on legitimate interests under Article 6(1)(f) GDPR, we have carried out and documented a balancing assessment that concluded our interests are not overridden by your fundamental rights and freedoms. Where we rely on consent under Article 6(1)(a) GDPR, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal — through iOS Settings, the relevant in-app toggle, the unsubscribe link in any marketing email or by writing to us.
10. Offline-first architecture, on-device storage and EU-resident backend
Greenkeeper Evidence Field is offline-first. Course Captures, Treatment Records, Frost / Lightning / Climate Event Records, Member Complaint and Incident Records, photographs, voice memos, GPS pin-drops and Apple Watch interactions are written first to on-device storage (SwiftData on iPhone / iPad, watchOS storage on Apple Watch) inside the iOS / watchOS application sandbox. Records sync to the Greenkeeper backend when connectivity returns. If you delete the App, reset your device or fail to maintain a backup before sync, locally-held but unsynced data may be lost.
The backend is hosted in the European Union. Personal data is encrypted in transit (TLS 1.2 or higher) and at rest. Records and files are isolated per Workspace using row-level security and signed-URL access. Background sync uses Apple’s BGTaskScheduler when iOS schedules it; this is best-effort and depends on device state.
11. Course Operators, superintendents, crew, casual workers and Share Link recipients
Greenkeeper Evidence Field is operated on a Course / Workspace model. The Course Operator’s administrator may invite superintendents, assistants, irrigation / equipment leads, field crew, GMs, Tournament Directors, environmental compliance officers and external viewers; configure roles and Course Zone assignments; view activity inside the Workspace; generate Defence Packs; issue Share Links; and configure retention. The administrator is responsible for ensuring that invited users, members / players who appear in records, casual workers and Share Link recipients receive an appropriate privacy notice and that the organisation has a valid lawful basis for processing their personal data.
For these features we act as processor of Customer Data on behalf of the Course Operator under the Master DPA. Course Operators must rely on their own privacy notice for the substantive obligation under Articles 13 to 14 GDPR; this Policy applies in addition to that notice in respect of data we process as controller (account, telemetry, support, billing and similar data).
11.1 Superintendent and crew monitoring under Article 88 GDPR
Because superintendent and crew evidence capture, event-based GPS stamping, Course-Zone geofencing and Apple Watch activity tracking can constitute employee monitoring in many EU jurisdictions, the Course Operator is responsible — under clause A4 of Schedule A of the Terms and Conditions — for satisfying the worker-monitoring obligations of the country where the worker normally works, including any required works-council, seasonal-worker, hospitality-sector or collective-bargaining consultation under the law of that EU Member State.
Before granting any worker access, the Course Operator must provide a privacy notice meeting Articles 13 to 14 GDPR and the national worker-information rules implementing Article 88 GDPR, consult representatives where required, establish and document an appropriate lawful basis under Article 6(1) GDPR, and use monitoring features (course-zone geofencing, GPS pin-drops, photos, voice memos, Superintendent Reliability Score, Apple Watch activity, audit-log entries) proportionately and only for the legitimate operational purposes described in the worker privacy notice. The App is not designed for, and must not be used for, covert worker surveillance. Where a minor is engaged as a seasonal crew member (where local labour law permits), the Course Operator is responsible for obtaining parental / guardian consent and complying with national child-labour and youth-work rules.
11.2 Course Quality and Superintendent Reliability Score discipline
Course Quality Scores and Superintendent Reliability Scores are workspace-internal operational data. Under clause A8 of Schedule A, the Course Operator must keep individual Superintendent Reliability Scores confidential within the Course Operator (no exposure to peers, members, brokers, insurers, tournament reviewers or the public); must not use either score as the sole basis for any material decision affecting a superintendent or worker (employment, contractor renewal, disciplinary action) without meaningful human review and an independent assessment; must not use either score in a defamatory, retaliatory, discriminatory, anti-competitive, anti-union or otherwise unlawful manner; and must not publish a Course Quality Score, a Superintendent Reliability Score or a Multi-Property Group Report as a substitute for an independent ranking service or public benchmark.
11.3 App Clip casual / seasonal workers
Where a casual or seasonal worker opens the App Clip via the Course-Zone QR code, the Course Operator is responsible for providing — on or before the first App Clip session — the privacy notice required by clause A4 of Schedule A (adapted to App Clip scope) and any wage, fee, contract, social-security and tax arrangement. Use of the App Clip surface does not create any agency, employment or service relationship between ML Consulting and the casual worker.
11.4 Members, players and complaint subjects
Where the Course Operator enters a member, player, complainant or any third-party witness into a Member Complaint Record or Incident Record, or issues a Share Link to a member or player, the Course Operator is the controller for those data subjects and must comply with Articles 13 to 14 GDPR. Sensitive incident details (medical observations following a slip-and-fall, for example) must be entered only where the Course Operator has a lawful basis under Article 9(2) GDPR for the relevant special-category data.
11.5 External Viewer Share Link recipients (members, regulators, governing bodies, insurers, tournament reviewers)
Where the Course Operator issues an External Viewer Share Link, the Course Operator is responsible for: limiting the link scope to records the recipient actually needs; setting an appropriate expiry; excluding precise worker-identifying information where exposure is not necessary; and informing the recipient that the link delivers a read-only operational record only — not a regulatory certification, a governing-body endorsement, a safety attestation or a legally binding document.
12. Recipients of personal data
We share personal data only with the categories of recipients listed below, and only to the extent necessary for the purpose. We do not sell personal data, and we do not “share” personal data for cross-context behavioural advertising as that term is defined under California law.
Recipient category: Purpose | Status
Apple Inc. and Apple Distribution International Limited: App Store distribution, Sign in with Apple, App Clip experience hosting, APNs push delivery, WeatherKit microclimate and severe-weather data, ActivityKit Live Activities, ClockKit (watchOS), HealthKit haptic-engine framework (no values transmitted), iCloud where used, StoreKit 2 (preserved for any future App Store IAP path) and related Apple platform services. | Independent controller for App Store-side and Apple-platform-side processing.
EU-resident backend hosting provider (managed Postgres): Host the Greenkeeper backend, including encrypted Course / Course Zone record storage, signed-URL file storage, row-level security per Workspace, scheduled jobs (severe-weather threshold detection, treatment re-entry reminders, tournament-week briefings) and Share Link serving. | Sub-processor under written terms; data hosted in the European Union.
Workflow orchestration provider (server-side cron and event jobs): Run scheduled jobs — severe-weather threshold detection, treatment re-entry interval reminders, owner-approval pending digests, sync-conflict notifications and Multi-Property Group Report assembly. | Sub-processor under written terms.
Email-delivery provider: Send service messages, magic-link authentication emails, support replies, onboarding communications, External Viewer Share Link emails and the Multi-Property Group Report email at Group Operator tier. | Sub-processor under written terms.
Anonymised product-analytics, monitoring and crash-reporting providers: Privacy-respecting product analytics, performance monitoring and bug diagnostics; pseudonymised where feasible; opt-in for Diagnostics and Usage Data in the App Privacy details. | Sub-processors under written terms; used only after consent where required.
Payment and invoicing provider (Direct Channel): Process payments, invoices, refunds, taxes and reconciliation for all paid tiers, add-ons and onboarding. | Independent controller or sub-processor depending on the provider.
Backend turf-disease / pest classifier provider (paid add-on): Higher-fidelity refinement of the on-device CoreML turf-disease, pest and divot classifications, where the Course Operator has enabled the AI photo-classifier add-on. | Sub-processor under written terms; inputs and outputs are not used to train any third-party model.
Voice-transcription provider (backend Whisper-class, paid add-on): Refine on-device first-pass transcripts of Course Capture, Treatment, Climate Event and Incident voice memos, where the Course Operator has enabled the AI add-on. | Sub-processor under written terms; inputs and outputs are not used to train any third-party model.
Language-model provider (Anthropic — Claude-class Pack-narrative drafts, paid add-on): Generate narrative drafts for Member Complaint Defence Packs, Tournament-Ready Assurance Packs, Environmental Compliance Packs, Climate Event Defence Packs and Multi-Year Course History Packs, where the Course Operator has enabled the AI add-on. Customer-identifying free text is minimised before transmission. AI-drafted narratives carry a “Draft — review before submitting” watermark until a Course Operator administrator finalises. | Sub-processor under written terms; inputs and outputs are not used to train any third-party model.
Professional advisers (lawyers, accountants, auditors, insurers): Legal, tax, audit, insurance and compliance advice on a need-to-know basis. | Independent controllers under their own duties of confidence.
Authorities, courts and regulators: Where we are required by law, court order or a binding regulatory request, including the Lithuanian State Data Protection Inspectorate (VDAI) and the Lithuanian State Tax Inspectorate (VMI) where applicable. | Independent controllers acting under their statutory powers.
Successor entity: In the context of a merger, acquisition, restructuring or sale of assets, subject to confidentiality safeguards and to the buyer continuing to honour the commitments in this Policy. | Independent controller after the transaction closes.
References in the App to governing bodies, championships, tours or certifications — including R&A, USGA, PGA TOUR, PGA of America, DP World Tour, LPGA, LET, Augusta National, Open Championship, Ryder Cup, Solheim Cup, Audubon Cooperative Sanctuary Program for Golf, GEO Certified, ISO 14001 and others — are descriptive only and identify the format that the App is capable of supporting or the certification regime that the Course Operator participates in. None of those bodies endorses, certifies, audits, approves or warrants the App, the templates or any Pack, and none is a sub-processor, recipient or party to this Policy by virtue of being named in a template.
A current list of our sub-processors, together with the country in which each provider operates, is published at mlconsulting.lt/legal/sub-processors and is updated when the list changes. Each sub-processor we engage is bound by a written contract that imposes the data-protection obligations required by Article 28 GDPR (or, where ML Consulting is the controller, equivalent contractual safeguards).
13. International data transfers
ML Consulting MB is established in Lithuania and hosts the Greenkeeper backend in the European Union. Personal data is encrypted in transit and at rest, and we aim to keep personal data within the European Economic Area by default. Some of our sub-processors and the global infrastructure of Apple Inc. (App Store, App Clip hosting, APNs, WeatherKit, ActivityKit) and of the language-model, voice-transcription and turf-disease-classifier add-on providers may process data in the United States or other regions where they operate.
Where personal data is transferred outside the EEA or the United Kingdom to a country that has not been the subject of an adequacy decision under Article 45 GDPR, we rely on one or more of the safeguards required by Chapter V GDPR, in particular:
European Commission adequacy decisions, including the EU-US Data Privacy Framework where the recipient is certified under it;
the European Commission’s Standard Contractual Clauses (Module Two — controller to processor — and Module Three — processor to sub-processor — as applicable), with the UK International Data Transfer Addendum or the UK International Data Transfer Agreement for transfers from the United Kingdom;
additional technical measures including TLS 1.2 or higher for data in transit and encryption at rest, as well as contractual and organisational measures appropriate to the risk; and
any other lawful transfer mechanism under Articles 46 to 49 GDPR.
14. Automated decision-making, on-device CoreML and backend AI
14.1 No solely-automated decisions with legal or similarly significant effects
We do not subject you to decisions producing legal effects concerning you or similarly significantly affecting you that are based solely on automated processing within the meaning of Article 22 GDPR. Where any aspect of a decision affecting you is informed by automated logic, a human is meaningfully involved in the outcome. The Course Quality Score and Superintendent Reliability Score, in particular, must not be used as the sole basis for any material decision about a worker (see section 11.2). The App also does not, and must not be used to, replace meteorological judgement: WeatherKit is data, and the Course Operator’s responsible person makes the safety call.
14.2 On-device CoreML
The App may include on-device CoreML photo classifiers (paid add-on): turf disease (dollar spot, brown patch, Pythium, anthracnose), pest detection (chinch bug, grub damage) and divot classification. They run locally on your iPhone or iPad and the photograph is not transmitted to any third-party AI provider as a result of this feature. Outputs are advisory; below a confidence threshold of 70%, the App surfaces a “needs review” badge and does not auto-publish a classification. You can always override the suggestion before saving.
The App also uses Apple’s on-device Speech framework for a first-pass transcription of voice memos. Speech recognition runs locally and is governed by Apple’s framework and its iOS permission prompt.
14.3 Backend AI add-on — opt-in, never autonomous
The App may include an opt-in, paid backend AI add-on with three components: higher-fidelity refinement of the turf-disease / pest / divot classifications; Whisper-class voice transcription for longer-form audio; and Claude-class narrative drafting for Defence Packs (Member Complaint, Tournament-Ready Assurance, Environmental Compliance, Climate Event, Multi-Year Course History). The add-on is off by default and is activated only when an admin of the Course Operator explicitly enables it in Settings.
Where the backend AI add-on is enabled:
AI output is editable text only and requires explicit human confirmation before persistence, export or sending;
raw input (photos, audio, free-text, original CoreML classifications) is always retained alongside any AI-structured output, so you can audit and override;
AI never auto-publishes a Course Capture, Treatment Record, Frost / Lightning / Climate Event Record, Member Complaint Record, Incident Record or Pack, never changes Course Quality or Superintendent Reliability Score state, never changes Pack export state, never changes billing state and never changes audit-log state;
AI-drafted Pack narratives carry a “Draft — review before submitting” watermark until a Course Operator administrator explicitly finalises;
inputs and outputs are not used by ML Consulting or by any sub-processor to train any third-party model;
customer-identifying free text and third-party personal data are minimised before transmission to the sub-processor;
the Course Operator may disable the add-on at any time in Settings.
14.4 Third-party AI sub-processors
Backend classifier refinement, Whisper-class voice transcription and Claude-class narrative drafting are performed by sub-processors disclosed in section 12 and in our sub-processor list, under written agreements that prohibit the use of inputs or outputs to train any third-party model.
14.5 EU AI Act readiness
We design and operate AI features to be compatible with applicable obligations under Regulation (EU) 2024/1689 (the Artificial Intelligence Act), including transparency, logging and human-oversight requirements appropriate to the risk classification of the relevant feature. None of our current AI features is, or is held out as, a high-risk AI system within the meaning of Annex III of the AI Act.
15. How long we keep personal data
We keep personal data only for as long as we need it for the purpose for which it was collected, or as required by applicable law. The retention periods below are indicative; the actual period for any item of personal data is the longest of the periods that apply to the purposes for which we use it.
Category: Retention period | Trigger for deletion or anonymisation
Account and authentication data: Lifetime of the account; in any case deleted or anonymised within 24 months of complete inactivity, save where statutory retention applies. | Account deletion, 24-month inactivity sweep or end of statutory retention.
On-device application data (iPhone, iPad, Apple Watch): Held on your device for as long as you keep it; included in iCloud Backup if you have it enabled. Removed by the operating system on App deletion. | You delete the data, the App or your account.
Telemetry, capture-duration and service-operation data: Pseudonymised at collection where feasible; retained in identifiable form for a maximum of 13 months; aggregated or anonymised data may be retained indefinitely. | Time-based deletion or aggregation.
Communications and support data: Up to 24 months from the close of the last related correspondence; longer where the matter relates to a complaint, dispute, regulatory request, member-incident matter or legal claim, until the matter is resolved plus the applicable limitation period. | Time-based deletion or matter closure.
Billing, accounting and tax records: Up to 10 years from the end of the relevant accounting period, in line with the Lithuanian Law on Financial Accounting and the Lithuanian Law on Tax Administration. | Expiry of the statutory retention period.
Customer Data within Workspaces — Courses, Course Zones, Course Captures, Treatment Records, Frost / Lightning / Climate Event Records, Member Complaint and Incident Records, Course Quality and Superintendent Reliability Score data, Defence Pack PDFs and append-only audit log (we are processor): Governed by the Master DPA: a 30-day data-export window in read-only mode after termination, followed by deletion or anonymisation within a further 60 days, save for records the Course Operator is required by law to retain (in particular pesticide / biocide registers, water-abstraction records, occupational health-and-safety records, environmental-certification audit trails and insurance / liability matters). | Termination of the customer agreement, plus the period set in the Master DPA.
App Clip session records: Retained while the parent Course Capture / Treatment Record exists; otherwise no longer than 12 months from the session end, save where part of a regulatory or contractual matter. | Deletion of the parent records or time-based deletion.
External Viewer Share Links: Active until expiry or revocation; activity log retained for up to 12 months from link expiry for audit purposes. | Link expiry, revocation or time-based deletion.
Multi-Property Group Report archives: Up to 36 months from issue, or longer where required for group governance, insurance, certification or tournament-rota discussions. | Time-based deletion or end of contract.
Security and platform audit logs: Up to 24 months, or longer where necessary for security, fraud-prevention or legal-claim purposes. | Time-based deletion.
Backups: Standard backup-rotation cycles (typically up to 30 days). Backups are not used to restore deleted accounts and are themselves overwritten on the rotation cycle. | Backup-rotation cycle.
16. Security and personal-data breaches
16.1 Article 32 measures
We implement and maintain appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration or disclosure, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk to your rights and freedoms (Article 32 GDPR). For Greenkeeper Evidence Field specifically, these measures include: EU-resident backend hosting with encryption in transit (TLS 1.2 or higher) and at rest; row-level security per Workspace identifier in the database; signed-URL access to evidence files with short time-to-live; optional Face ID / Touch ID biometric gating of high-consequence operations (Defence Pack export, audit-log access); watermarking and audit-trail blocks on every Pack (with the “Draft — review before submitting” watermark on AI-drafted narratives until finalised); an append-only audit log of capture, edit, status change, Pack export, Share Link issuance, biometric verification, Apple Watch acknowledgement and timer events; time-limited, scope-restricted External Viewer Share Links with default worker-identity minimisation; and proof-gated save flows for Course Captures and Treatment Records.
16.2 Notification of personal-data breaches
If we become aware of a personal-data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach (Article 33 GDPR). Where the breach is likely to result in a high risk, we will notify the affected data subjects without undue delay (Article 34 GDPR). Where ML Consulting is acting as processor on behalf of a Course Operator, we will notify the Course Operator without undue delay in accordance with Article 33(2) GDPR and the Master DPA.
16.3 Reporting a suspected breach to us
If you suspect a security incident or unauthorised access affecting your account, device, App Clip session or External Viewer Share Link, please notify us at support+greenkeeper@mlconsulting.lt without undue delay. Provide as much detail as you can; do not include passwords or other secrets in the email. We prioritise security reports and incidents during an active tournament or storm-event capture window.
17. Your rights as a data subject
Subject to the conditions set out in the GDPR, you have the rights below. These rights are not absolute and may be restricted by law.
Right of access (Article 15). Confirm whether we process personal data about you and obtain a copy together with the information set out in Article 15.
Right to rectification (Article 16). Have inaccurate personal data corrected and incomplete data completed.
Right to erasure (Article 17). Have personal data erased where the conditions in Article 17 apply, including where the data is no longer necessary or where you withdraw consent and there is no other legal basis. The App offers an in-app “Delete account” control.
Right to restriction of processing (Article 18). Restrict our processing while we verify the accuracy of contested data, while we deal with an objection or in the other circumstances set out in Article 18.
Right to data portability (Article 20). Where processing is based on consent or contract performance and is carried out by automated means, receive the data you provided in a structured, commonly-used and machine-readable format. The App provides in-app exports and watermarked PDF Packs.
Right to object (Article 21). Object to processing based on legitimate interests on grounds relating to your particular situation, and at any time to direct marketing.
Rights related to automated decision-making (Article 22). Not be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects, and obtain human intervention, express your point of view and contest the decision where the right applies. See section 14, and the specific protection for superintendents and crew in section 11.2.
Right to withdraw consent (Article 7(3)). Where we rely on consent, withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
Right to lodge a complaint (Article 77). Complain to our lead supervisory authority — the VDAI in Vilnius — or to the supervisory authority of the EU Member State where you habitually reside, where you work or where the alleged infringement took place. We would, however, appreciate the opportunity to address your concern directly first.
17.1 How to exercise your rights
You can exercise the rights above by sending an email to support+greenkeeper@mlconsulting.lt with the words “Privacy request — Greenkeeper Evidence Field” in the subject line.
We will respond to verifiable requests without undue delay and in any event within one month of receipt under Article 12(3) GDPR. We may extend that period by up to a further two months for complex or numerous requests, in which case we will inform you of the extension and the reason within the first month. We may need to verify your identity (typically by asking you to authenticate to the relevant account or to provide proof of identity proportionate to the request and the data concerned). The service is free of charge unless your request is manifestly unfounded or excessive (Article 12(5) GDPR).
17.2 Workspace-controlled data
For Customer Data that we process as processor on behalf of a Course Operator — including data about superintendents, crew, App Clip casual workers, members, players, complaint subjects, incident witnesses, Share Link recipients and Course Quality / Superintendent Reliability Score data — please direct your request to the Course Operator first; if you cannot identify the Course Operator, contact us at support+greenkeeper@mlconsulting.lt and we will redirect your request without undue delay.
18. Regional rights notices
18.1 United Kingdom
If you are in the United Kingdom, the UK General Data Protection Regulation and the UK Data Protection Act 2018 apply to processing within their territorial scope. The rights set out in section 17 apply equivalently. The UK supervisory authority is the Information Commissioner’s Office (ICO).
18.2 Switzerland
If you are in Switzerland, the Swiss Federal Act on Data Protection (revFADP) applies to processing within its territorial scope. The Swiss supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC). Where we transfer data to Switzerland, we apply the Swiss addendum to the Standard Contractual Clauses where required.
18.3 California, United States
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA / CPRA”), gives you the right to (i) know the categories and specific pieces of personal information we collect, (ii) request deletion, (iii) request correction, (iv) limit the use and disclosure of sensitive personal information, and (v) opt out of any “sale” or “sharing” of personal information. We do not sell personal information and we do not “share” personal information for cross-context behavioural advertising. We will not discriminate against you for exercising any of these rights.
18.4 Other US states
Similar rights are available to residents of Colorado, Connecticut, Virginia, Utah, Texas, Florida and other US states with comprehensive privacy laws. To exercise any state-law right, write to support+greenkeeper@mlconsulting.lt.
18.5 Global Privacy Control
On the App’s landing pages, we honour the Global Privacy Control signal where technically feasible, treating it as an objection to non-essential cookies and a request to opt out of any “sale” or “sharing” of personal information.
19. Children
Greenkeeper Evidence Field is intended for business users (B2B) only and is not designed for use by minors as the contracting party or as a worker. Where a minor is engaged as a seasonal crew member where local labour law permits, the Course Operator is responsible for obtaining parental / guardian consent and for complying with national child-labour and youth-work rules. Apple’s App Store age rating reflects the relevant minimum age for the App. If we become aware that we have collected personal data from a child without the appropriate authorisation, we will delete it without undue delay. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at support+greenkeeper@mlconsulting.lt.
20. Cookies and similar technologies
The Greenkeeper Evidence Field iOS / iPadOS / watchOS App does not use analytics, advertising, profiling or marketing cookies. The App and its App Clip use on-device storage (the iOS / watchOS application sandbox, the Keychain, SwiftData, UserDefaults) to deliver their features. This is not “cookies” within the meaning of the ePrivacy Directive 2002/58/EC and is governed by this Policy rather than by this section.
The External Viewer Share Link web pages and the App’s landing pages on mlconsulting.lt use only strictly-necessary cookies (for example, a signed session cookie to honour the Share Link scope). No analytics or advertising cookies are set.
21. Communications
21.1 Service messages
We send transactional service messages (security alerts, billing notices, magic-link authentication emails, support replies, material change notices) on the basis of contract performance under Article 6(1)(b) GDPR. Service messages are not commercial marketing and cannot be opted out of without ceasing to use the App.
21.2 Direct marketing
Where we send commercial marketing emails about Greenkeeper Evidence Field — product updates, launch announcements, educational materials or event invitations — we rely either on (i) your prior consent under Article 6(1)(a) GDPR and Article 13 of the ePrivacy Directive, or (ii) the “soft opt-in” under Article 13(2) of the ePrivacy Directive (existing customer relationship, similar products or services, with a clear opt-out at the point of collection and in every message). You may opt out at any time by clicking the unsubscribe link in any marketing email, by emailing support+greenkeeper@mlconsulting.lt or by updating your preferences in your account where applicable.
21.3 Operational notifications
APNs Time-Sensitive notifications (lightning, frost, treatment expiration, tournament-week alerts), ActivityKit Live Activities (closure status, treatment timers, suspension countdowns), Apple Watch haptics (lightning alerts, frost / treatment timer endings) and EventKit calendar writes are operational reminders configured by you in iOS Settings and in the App’s Settings. They are best-effort and depend on Apple’s platform services. The Course Operator remains responsible for performing the underlying operational action (suspension, evacuation, treatment, follow-up) regardless of the presence or absence of a notification — see the safety reminder in section 1.1.
22. Changes to this Policy
22.1 Routine updates
We may update this Policy from time to time, for example to reflect new features, regulatory developments, sub-processor changes or operational changes. The latest version is always published on the App’s App Store listing and at mlconsulting.lt/greenkeeper/privacy.
22.2 Material changes
Where a change is material and adversely affects your rights or expectations, we will give reasonable advance notice — typically at least 30 days, unless a shorter period is required by law — by in-app notice and, where we have your email address, by email. Non-material changes (typographical fixes, clarifications, contact-detail updates, sub-processor list updates) take effect on posting.
22.3 Versioning
Each version of this Policy is dated and archived. The version in force at the time of the relevant processing governs that processing.
23. Contact us
For any question, request or complaint about this Policy or about how we process your personal data, please contact us using the details below.
Controller: ML Consulting MB
Address: Vilnius, Republic of Lithuania
Legal entity code: 306991112
Privacy contact (email): support+greenkeeper@mlconsulting.lt
Website: https://mlconsulting.lt
Lead supervisory authority: Valstybinė duomenų apsaugos inspekcija (VDAI), L. Sapiegos g. 17, LT-10312 Vilnius, Lithuania · +370 5 271 2804 · ada@ada.lt · vdai.lrv.lt
Document end · Version 1.0 · Effective 1 June 2026 · Greenkeeper Evidence Field — Privacy Policy · © 2026 ML Consulting MB
© 2026. All rights reserved.
