Does your PoS have a UM?
How does your customer database get to the cloud? It flies Allegiant Airlines
The world today is full of acronyms for all sorts of reasons. Our industry has plenty – PGA, USGA, NGCOA, GCSAA, NGF, and more. Some acronyms become brands, like IBM. Some are just abbreviations for commonly used words or phrases, like ISP (Internet Service Provider). For purposes of this article we’ve created a new one: UM, or Ulterior Motive, and we’ll explain how a golf point-of-sale provider had a UM in plain sight that no one saw.
Teesnap jolted the industry just a few years ago with a cloud and iOS-based system and mobile capabilities. It offered reduced rates on credit card processing; a system promised to be updated every 45 days, and better customer data-gathering capabilities. It sought to charge courses by the number of rounds played and refused to offer API connections to third parties.
On Dec. 13, 2018, Teesnap jolted its clients with an email sent by its parent, Allegiant Airlines, that revealed that Teesnap had shared the customer data from its golf course clients with its parent. This ignited a firestorm on the NGCOA Accelerate message board far surpassing comments for the more mundane “rental pull carts” or “no show policy.”
NGCOA members were irate, with comments such as, “I am furious! People are unsubscribing to email, calling to complain, emailing. This is a deal breaker as far as I am concerned." Also, "We were affected by the email as well with angry customers who thought we sold and profited from our email list.”
What caused this outrage? Check out the email below, but please don’t jump to any conclusions before reading the rest of this article:
From: Allegiant <This email address is being protected from spambots. You need JavaScript enabled to view it.
>
Sent: Thursday, December 13, 2018, 2:40 PM
To: (redacted for privacy)
Subject: An update from Cypress Creek Golf Club (redacted for privacy)
Allegiant offers nonstop deals on nonstop flights.
|
With data theft and sharing being hot enough issues to commence congressional hearings and public grilling of tech execs like Mark Zuckerberg (Facebook) and Sundar Pichai (Google); and the whole Russia thing with Cambridge Analytica and their Internet Research Agency, not to mention most of our personal emails being stolen, sold, or compromised in some way (Viagra, anyone?), it’s easy to see how Allegiant’s effort to acquire new customers drew the ire of Teesnap’s golf course clients.
However, there are more layers to this story than a Pro V1x. And those angry course operators are partly to blame.
Pellucid’s crack fact-finding research team acquired a recent Teesnap client contract, v3.7, executed in March 2018. Two sections state, verbatim, the following:
3.5 License to Your Content. You hereby grant Teesnap a non-exclusive, worldwide, transferable, irrevocable (during the term of this Agreement) and sublicensable license to use, copy, distribute, display and perform any of your content concerning your Golf Course Offerings (including any trademarks trade names, logos or copyrighted material of yours to be included in any advertising for your Golf Course Offerings) in any and all media or formats in connection with Teesnap’s fulfillment of its rights and obligations under this Agreement, including the promotion of your Golf Course Offerings.
3.8 Customer Data. You acknowledge that you will own all data collected by, or on behalf of, Teesnap pursuant to this Agreement, including all information and data of individuals who may or do purchase your Golf Course Offerings (“Customer Data”); provided, however, that Teesnap and its Affiliates shall have the right to use any such data collected by it for marketing or other purposes. Teesnap shall take commercially reasonable efforts to protect the security of Customer data and comply with all laws relating to the processing of any Customer Data. If you become aware of or suspect, any unauthorized access to or use of Customer Data by Teesnap, you shall immediately notify Teesnap and shall cooperate with Teesnap in the investigation of such a breach and the mitigation of damages.
To put it bluntly, owner/operators who signed this contract or other versions with the same or similar language either did not read it in its entirety; or if they did, did not understand the terms. Or, didn’t care. To us, the language in 3.8 makes clear that Teesnap and its affiliates (Allegiant Airlines et al.) gained the right to harvest and market to their course clients’ customers.
We reviewed the customer data security language in the contracts of three of Teesnap’s competitors – Club Prophet, EZLinks, and Chronogolf. We did not find similar language to Teesnap’s. That’s not to say that an attorney can’t tear these clauses apart in a hundred different ways. Ours is a common sense, layman’s review of the language.
Allegiant and its affiliates reportedly sent three emails including the one shown earlier in this article. Curiously, this writer did not receive any despite being in the customer database of at least one Teesnap client (who is in the process of switching to another company). Moreover, not all Teesnap clients were affected. It appears there was some geo-coding of email addresses segmented by proximity to airports served by Allegiant. There are ways to do this even if a full postal address is not part of the customer contact file.
Our first impression was that the displayed email violated CAN-SPAM regulations. We shared it with an email marketing expert from a leading data marketing firm along with the contract language. While she’s not allowed to offer a legal opinion on the contract language, she did confirm that based on it and the format of the email, this did not violate CAN-SPAM.
Allegiant used the course name based on the language in section 3.5, and its email displays a clear path to unsubscribe. Whether the course customers are confused about whom they might unsubscribe from (the course? Allegiant?) is not a CAN-SPAM issue. It assumes they’ll figure it out.
So that leaves us with Teesnap/Allegiant’s UM – why did they do this? We sent several emails and placed calls to Teesnap CEO Bryan Lord and two of his associates and at deadline, have not received a response. However, some insight is gleaned from this article in Yahoo Finance from late 2018: https://finance.yahoo.com/news/budget-airline-diversifying-just-losing-165000398.html. In it are three key points:
- Allegiant believes that its large existing customer base and distribution capabilities will enable it to create a more profitable hotel model by not relying on third-party distributors like online travel agencies.
- Yet its smaller initiatives like Teesnap and G4CE aren't likely to move the needle, while the Sunseeker Resorts project is a big gamble.
- But the company also hopes to collect customers’ email addresses to enable direct marketing of Allegiant flights and vacation packages later on.
Oh, boy. Let’s all add 2+2.
Lord did write an apology letter to Teesnap clients – we have it. We’re not inclined to publish it – it’s a personal letter from Lord to his clients. He apologizes for the communication that went out to patrons of the golf courses “soliciting them to opt-in/opt-out of future emails campaigns.” He adds that Teesnap/Allegiant “fell short on the execution of this outreach…that created an unintended issue in the form of an intrusive email for you and your customers.” He goes on to extoll the virtues of what Teesnap does and will do in the future for golf course clients. However, nowhere does he say that Allegiant and affiliates will never use the course customer databases again. The tone of the letter is more “it’s easier to ask forgiveness than beg for permission.”
The questions we sent Lord and received no response include:
- Why would you include clauses like 3.5 and 3.8 (from the v3.7 contract) when no one else in the industry had ever done this?
- Were you directed by Allegiant to include clauses like this when you came to them with your idea to create Teesnap? Alternatively, was this your idea to help get Allegiant's backing?
- What happens to the data if a current client opts out of your contract and changes systems? Do you maintain the right to continue marketing to their database?
- Will new versions of your contract include the two clauses in question?
Wherefore art thou, USA Tee Time Coalition?
First, full disclosure. This writer supports the mission of the USATTC and briefed its director Jared Williams in the beginning on “the good, the bad, and the ugly” of the tee time business.
The Teesnap incident is a sparkling example of why the USATTC exists. Nearly a month later (as of this writing) it's been silent. Insiders indicate its response has bounced around between the USATTC board of directors, the NGCOA board and leadership, and PGA leadership and legal counsel. In their slight defense, the holiday season interrupted business, and the parties to the response wanted full legal review and assurance. Given the eruption of anger seen on Accelerate and the seriousness of course operators’ concern, even just a “we’re working on this” message might have been a good idea.
Williams has responded via email on several occasions to our requests for comment. While providing nothing on the record, we guess that USATTC will issue an advisory to course owner/operators regarding data protection and privacy policies and take a more active role reviewing each vendor's privacy policies and affiliate agreements. USATTC will assume the responsibility to help educate and inform golf course operators of the clauses and contract language to which they should pay particular attention and ask specific questions.
That’s a bit like barring the barn door after the horses have escaped, but if pursued aggressively and published across multiple golf industry channels, it will give operators shopping for a new PoS system something else to consider. That’s especially timely as show season begins.
In the end, much of the onus lay in the laps of those who signed the contracts. Stuart Lindsay sums it up best with an image:
And, beware the UM.