This Privacy Policy explains what personal information we collect, how we use and share it, and the choices you have. It applies to the SwingMentalist website and web app (and, once released, our native Android and iOS applications) - together, the "Service" - operated by Amit Shlomo, a sole proprietor based in Israel ("SwingMentalist," "we," "us").
We are committed to processing your data lawfully, fairly, and transparently. We sell software, not your data.
Note: SwingMentalist is currently in a closed beta. Some features described in this policy may be experimental, subject to change, or temporarily unavailable. We will update this policy and notify you if any change materially affects how we collect or use your data.
For users in the European Economic Area, United Kingdom, or other jurisdictions with similar laws, we rely on the following legal bases under the GDPR / UK GDPR:
We use the following providers to operate the Service. They process data on our behalf under their own privacy and security commitments:
| Provider | Purpose | Data handled |
|---|---|---|
| Paddle.com Market Ltd. (UK) | Payments & subscription billing (Merchant of Record) | Name, email, billing address, payment method, transaction history |
| MongoDB Atlas (AWS us-east-1, USA) | Primary database hosting | All account & workspace data described above |
| Hetzner Online (Ashburn VA, USA) | Application server hosting | Server logs, transient request data |
| Cloudflare | DNS & DDoS protection (proxied) | IP addresses, request metadata |
| Google Firebase | Push notification delivery (FCM) | Device push token, notification payload |
| Google Sign-In | Optional OAuth login | Email, name, Google account ID. Currently disabled during closed beta. |
| Google (Gmail SMTP) | Transactional email delivery (email verification, password reset, billing receipts, optional alert notifications) | Recipient email address, sender display name, message content |
| Twelve Data, Inc. | Market data feed (price, volume, fundamentals, earnings calendar, news headlines) | No personal data - we query public ticker symbols only |
We disclose your information to law enforcement or other parties only when required by valid legal process or to protect the rights, safety, and property of SwingMentalist, our users, or the public.
Our primary database is hosted in the United States (AWS us-east-1) by MongoDB Atlas. Our application server is also in the United States (Ashburn, Virginia). Paddle is based in the United Kingdom. As an operator based in Israel serving global customers, we transfer data internationally.
For users in the EU/UK: international transfers rely on Standard Contractual Clauses (SCCs) or equivalent safeguards offered by our providers. You can request a copy of the relevant safeguards by emailing us.
Depending on where you live, you may have the following rights:
To exercise any of these rights, email [email protected]. We will respond within 30 days. We may ask you to verify your identity first.
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what categories of personal information we collect, the right to delete, the right to correct, and the right to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising.
We protect your data with industry-standard measures: TLS encryption in transit (HTTPS via Let's Encrypt), encryption at rest in MongoDB Atlas, bcrypt password hashing, signed and short-lived session tokens, firewalled servers with restricted SSH access, fail2ban for brute-force protection, and the principle of least privilege for administrator accounts. No system is perfectly secure; if a breach affects you, we will notify you and the relevant authorities as required by law.
The Service is not intended for, and we do not knowingly collect personal information from, anyone under 18. If you believe a child has provided us personal information, contact us and we will delete it.
The Service does not set any cookies of its own on your browser. Authentication is handled by an Authorization: Bearer header carrying a JSON Web Token (JWT), not by a session cookie. We do not use first-party analytics, advertising, fingerprinting, or social-tracking cookies of any kind.
For strictly functional purposes - without which the Service could not work the way you expect - we store small amounts of data in your browser's localStorage and in the Progressive Web App service-worker cache. This data lives on your device, is never automatically transmitted with HTTP requests (unlike cookies), and is used only by the Service itself.
Authorization header. Removed on sign-out.Under the EU's ePrivacy Directive and the Israeli ePrivacy framework, storage that is strictly necessary for a service the user has explicitly requested does not require prior consent. All of the above falls within that exemption, which is why the Service does not display a cookie banner.
If you choose to use either of the following integrations, the third party may set its own cookies on its own domain. These are governed by the third party's own privacy notice, not ours, because we never receive or store them:
You can decline these integrations and still use the Service - sign up with an email and password instead of Google, and remain on the free tier instead of opening the Paddle checkout.
You can erase all of the local storage described above at any time by using your browser's "Clear site data" / "Clear storage" tool for the SwingMentalist domain, or by signing out (which clears the authentication token explicitly). Clearing the data will sign you out and reset your preferences to defaults.
We may update this Privacy Policy from time to time. Material changes will be announced by email or via a notice in the Service at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent version.
Questions, complaints, or data-rights requests? Email [email protected].