Privacy Policy

Last updated: July 6, 2026

Operator Information

Operator: Yoon
Email: stringgoat.dev@gmail.com

1. Personal Information We Collect

String GOAT ("Service") collects the following personal information:

  • Account information: Email address, name (provided via social login)
  • Service usage information: String records, racket information, feedback ratings
  • Device information: Device identifier, OS version, app version
  • Web session information: Cookies and session tokens (for maintaining web dashboard login)
  • Wearable and workout data (collected when you use the Apple Watch or Wear OS companion app during a tennis session): heart rate, active calories, motion sensor data (accelerometer and gyroscope), swing/stroke counts, and GPS location if you enable it.

2. Purpose and Legal Basis for Processing Personal Information

Collected personal information is used for the following purposes. For EU/EEA users, processing is based on performance of a service contract (GDPR Article 6(1)(b)):

  • Service provision and operation (mobile app and web dashboard)
  • User authentication and account management
  • Cloud synchronization and backup
  • AI string analysis service provision
  • Push notification delivery (replacement timing alerts, etc.)
  • Subscription payment processing and management
  • Service improvement and new service development

The companion watch app collects motion, location, and health-related data (such as heart rate) only after you grant the corresponding permissions in your device's system prompts (Motion & Fitness, Location, and Health / Body Sensors). You can withdraw these permissions at any time in your device settings. For EU/EEA users, health-related data is special-category data processed solely on the basis of your explicit consent (GDPR Article 9(2)(a)).

3. Third-Party Services and International Data Transfers

String GOAT uses the following third-party services. These services are primarily hosted in the US and data may be transferred to that country:

  • Supabase (US) — Database storage and user authentication. Includes Google and Apple social login. GDPR DPA in place. Privacy Policy
  • Google Gemini API (US) — AI string analysis. Only anonymized string data is sent; no personally identifiable information is included.
  • Firebase Cloud Messaging (US) — Mobile push notifications.
  • RevenueCat (US) — In-app subscription payment management for the mobile app. Privacy Policy
  • Polar (US) — Web subscription payment processing (via Stripe). Privacy Policy
  • Google AdMob (US) — In-app advertising for free-tier users of the mobile app. Uses the advertising identifier (IDFA/GAID) to serve and measure ads. Privacy Policy

Advertising and tracking: Free-tier users of the mobile app see ads served by Google AdMob. On iOS, the app requests App Tracking Transparency permission before the advertising identifier is used for personalized ads; if you decline, ads are shown non-personalized. You can change this at any time in your device settings (iOS: Settings > Privacy & Security > Tracking; Android: ad personalization settings). Subscribers (Pro/Premium) do not see ads.

4. Cookies and Sessions

The web dashboard uses cookies to maintain login status. Cookies can be disabled in your browser settings, but some features may be limited. Collected cookie information is only used for authentication purposes.

5. Data Retention Period

Personal information is retained for the duration of service use. Upon account deletion request, all data is immediately and permanently deleted. If you only cancel your subscription, your data is retained.

6. User Rights

Users may exercise the following rights at any time:

  • Request to access personal information
  • Request to correct personal information
  • Request to delete personal information (account deletion)
  • Right to data portability (Excel/CSV export)
  • Request to restrict processing

EU/EEA: EU/EEA users: If the above rights are denied, you have the right to lodge a complaint with the data protection supervisory authority in your country of residence.

7. Automated Decision-Making

The AI string analysis feature provides reference information for string selection. This does not constitute binding automated decision-making; the final choice is always yours.

8. Data Security

All data is transmitted encrypted (HTTPS/TLS) and stored encrypted on the server. Row Level Security (RLS) ensures that only you can access your own data.

9. Contact

For privacy-related inquiries, please contact stringgoat.dev@gmail.com.