Logo

SweetSpot

Privacy Policy

Last updated: 2026 February 19

Introduction

Thank you for choosing the App, offered by SweetSpot ("SweetSpot," "we," "us," or "our"). Your privacy is important to us. This Privacy Policy explains how SweetSpot collects, uses, shares, and protects your information when you use the App.

1. Information We Collect

Categories

  • Personal: Name, email, investment interests, billing information (handled through third-party services).
  • Usage: Device details, IP address, browser type, app usage, and account subscription records.
  • AI Data: Publicly available stock prices from sources such as the Alpha Vantage public API.

Google Analytics

  • We use Google Analytics to understand how visitors interact with our service and improve user experience.
  • IP anonymization is enabled, so your full IP address is never stored.
  • Analytics data is not combined with other personal information.
  • Processing is covered by a GDPR-compliant Data Processing Agreement with Google.
  • You can opt out via your browser settings or Google’s opt‑out tools.

Firebase Hosting

  • We use Firebase Hosting (Google Cloud) to host and serve our website and services.
  • Static assets and hosting logs are handled with privacy and security safeguards.
  • Processing is covered by a GDPR-compliant Data Processing Agreement with Google Cloud.
  • Hosting logs are not used to build personal user profiles.

Firestore (GCP) Data Storage

  • We use Firestore on Google Cloud Platform to store app and account data, including certain personal information.
  • Data is encrypted in transit and at rest.
  • Access is restricted via role‑based access controls and audit logging.
  • Your user data is stored in Google Cloud data centers located in the European Union, specifically in regions such as Belgium, the Netherlands, and Finland (for example: europe‑west1, europe‑west4, europe‑north1). See Google Cloud Locations for more details.

Stripe Payments

  • We use Stripe to process payments and manage subscriptions securely.
  • Your card details are entered into Stripe's secure payment form and sent directly to Stripe's servers.
  • We never see or store your full credit card number or CVC; Stripe provides us only with tokens and limited details (for example, the last four digits and card brand) for billing records.
  • Stripe is PCI‑DSS Level 1 compliant and implements strong encryption and security controls to protect your payment information.

2. How We Use Your Information

We use your information to operate, improve, and protect the App, including:

  • To deliver and enhance the App's features, predictions, and user experience.
  • To manage your account, subscriptions, and service-related communications.
  • To monitor performance, prevent abuse, and maintain security of the App.
  • To meet applicable legal, accounting, and compliance requirements.

Where GDPR applies, we process your personal data under the following legal bases:

  • Performance of a contract (providing and maintaining your account and subscription).
  • Legitimate interests (improving the App, preventing fraud and abuse).
  • Consent (for analytics cookies and optional communications, where required).
  • Legal obligations (tax, accounting, and regulatory requirements).

3. Sharing Your Information

We never sell your personal data. We may share information with:

  • Google services: Analytics, Firebase, and Firestore, which process data on our behalf under strict Data Processing Agreements and GDPR-compliant terms.
  • Payment processors: Stripe, which handles your card data on our behalf. We do not have access to your full card number or CVC.
  • Other trusted vendors: Service providers who support our operations (for example, email delivery or customer support) under confidentiality and data protection agreements.
  • Legal and regulatory authorities: When required to comply with law, enforce our terms, or protect rights, safety, and security.

4. Data Security & Compliance

We implement technical and organizational measures to protect your data and support GDPR compliance:

  • Encryption for data in transit (HTTPS/TLS) and at rest where supported by our providers.
  • Access controls, authentication, and logging for sensitive systems.
  • Use of reputable cloud providers (Google Cloud, Stripe) with industry certifications such as ISO 27001 and PCI‑DSS.
  • Regular reviews of our security posture and data protection practices.

5. Your Rights

Where GDPR or similar laws apply, you may have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at contact@sweetspot.app.

6. Cookies and Tracking

We use essential cookies to make the App work and analytics cookies (such as Google Analytics) to understand usage and improve the service. Where required, you can give or withdraw consent to analytics cookies through our cookie banner or your browser settings.

7. Children's Privacy

The App is intended for individuals aged 18 and above and is not directed to children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and, where appropriate, notify you by email or in-app notice.

9. Contact Us

Questions about privacy, GDPR rights, or data processing? Email us at contact@sweetspot.app.

10. Data Retention

We retain your personal data only as long as necessary for the purposes described in this Policy, including providing the App, complying with legal obligations, resolving disputes, and enforcing our agreements. When data is no longer required, we delete it or irreversibly anonymize it, in line with legal and regulatory requirements.