Privacy Policy
Last updated: July 8, 2026
Operator Information
Operator: Yoon
Email: stringgoat.dev@gmail.com
1. Personal Information We Collect
String GOAT ("Service") collects the following personal information:
- Account information: Email address, name (provided via social login)
- Service usage information: String records, racket information, feedback ratings, and photos you upload (e.g. racket or session photos)
- Device information: Device identifier, OS version, app version
- Web session information: Cookies and session tokens (for maintaining web dashboard login)
- Wearable and workout data (collected when you use the Apple Watch or Wear OS companion app during a tennis session): heart rate, active calories, motion sensor data (accelerometer and gyroscope), swing/stroke counts, step counts, and GPS location if you enable it.
2. Purpose and Legal Basis for Processing Personal Information
Collected personal information is used for the following purposes. For EU/EEA users, processing is based on performance of a service contract (GDPR Article 6(1)(b)):
- Service provision and operation (mobile app and web dashboard)
- User authentication and account management
- Cloud synchronization and backup
- AI string analysis service provision
- Push notification delivery (replacement timing alerts, etc.)
- Subscription payment processing and management
- Service improvement and new service development
- Workout session recording and statistics (companion watch app)
The companion watch app collects motion, location, and health-related data (such as heart rate) only after you grant the corresponding permissions in your device's system prompts (Motion & Fitness, Location, and Health / Body Sensors). You can withdraw these permissions at any time in your device settings. For EU/EEA users, health-related data is special-category data processed solely on the basis of your explicit consent (GDPR Article 9(2)(a)). On Apple Watch, heart rate and calorie data are read through Apple HealthKit; on Wear OS, through the Android Body Sensors permission.
3. Third-Party Services and International Data Transfers
String GOAT uses the following third-party services. These services are primarily hosted in the US and data may be transferred to that country:
- Supabase (US) — Database storage and user authentication. Includes Google and Apple social login. GDPR DPA in place. Privacy Policy
- Google Gemini API (US) — AI string analysis. Only anonymized equipment (racket and string) data and usage records (including feedback and workout session statistics) are sent; no personally identifiable information is included.
- Firebase Cloud Messaging (US) — Mobile push notifications.
- RevenueCat (US) — In-app subscription payment management for the mobile app. Privacy Policy
- Polar (US) — Web subscription payment processing (via Stripe). Privacy Policy
- Google AdMob (US) — In-app advertising for free-tier users of the mobile app. Uses the advertising identifier (IDFA/GAID) to serve and measure ads. Privacy Policy
Advertising and tracking: Free-tier users of the mobile app see ads served by Google AdMob. On iOS, the app requests App Tracking Transparency permission before the advertising identifier is used for personalized ads; if you decline, ads are shown non-personalized. You can change this at any time in your device settings (iOS: Settings > Privacy & Security > Tracking; Android: ad personalization settings). Subscribers (Pro/Premium) do not see ads. Health and workout data (heart rate, motion sensor data, and location) is never used for advertising purposes and is never shared with advertisers or data brokers.
4. Cookies and Sessions
The web dashboard uses cookies to maintain login status. Cookies can be disabled in your browser settings, but some features may be limited. Collected cookie information is only used for authentication purposes.
5. Data Retention Period
Personal information is retained for the duration of service use. Upon account deletion request, all data is immediately and permanently deleted. If you only cancel your subscription, your data is retained.
6. User Rights
Users may exercise the following rights at any time:
- Request to access personal information
- Request to correct personal information
- Request to delete personal information (account deletion)
- Right to data portability (Excel/CSV export)
- Request to restrict processing
EU/EEA: EU/EEA users: If the above rights are denied, you have the right to lodge a complaint with the data protection supervisory authority in your country of residence.
You can also request account and data deletion without the app on our dedicated page: Account & Data Deletion
7. Automated Decision-Making
The AI string analysis feature provides reference information for string selection. This does not constitute binding automated decision-making; the final choice is always yours.
8. Data Security
All data is transmitted encrypted (HTTPS/TLS) and stored encrypted on the server. Row Level Security (RLS) ensures that only you can access your own data.
9. Children's Privacy
The Service is not directed to children under the age of 14 (or the applicable legal minimum age in your jurisdiction), and we do not knowingly collect personal information from such children. If we become aware that personal information of a child has been collected, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at the email address below.
10. Contact
For privacy-related inquiries, please contact stringgoat.dev@gmail.com.