Goethi

Privacy Notice

Last updated: 2026

1. Who we are

Goethi is operated by Ahmed Ayman Ahmed Fouad Hamam ("we", "us", "our"). We are the data controller for the personal data we process about you in connection with the Service.

2. Personal data we collect

  • Account data — email address, password (hashed), and any name you provide.
  • Purchase data — the email used at checkout, the level and pack purchased, and a transaction reference. Card and billing details are collected and processed by Paddle, not by us.
  • Support messages — the content of messages you send us.
  • Usage and device data — pages visited, actions taken, IP address, browser type, device and approximate location, collected to operate, secure and improve the Service.
  • Cookies — see section 9.

3. Why we use your data and our legal basis

  • To provide the Service (creating your account, granting access to purchased samples, syncing unlocks across devices) — performance of a contract.
  • To process payments and grant entitlements — performance of a contract, in cooperation with Paddle as Merchant of Record.
  • To secure the Service and prevent fraud or abuse — legitimate interests.
  • To provide customer support — performance of a contract and legitimate interests.
  • To improve the Service (analytics, debugging) — legitimate interests.
  • To comply with legal obligations (tax, accounting, responding to lawful requests) — legal obligation.
  • Marketing, where applicable — your consent, which you can withdraw at any time.

4. Who we share data with

  • Paddle.com — our Merchant of Record. Paddle handles checkout, payment processing, subscription management, tax compliance, invoicing and refunds. See Paddle's Privacy Notice.
  • Service providers / subprocessors — hosting, database, authentication, email delivery, error monitoring and analytics providers acting on our instructions.
  • Professional advisers — legal, tax and accounting advisers, as needed.
  • Authorities — where we are required to disclose data by law or to protect our rights.

5. International transfers

Our providers may process personal data outside your country, including in the EEA, the UK and the United States. Where required, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Retention

We keep account data for as long as you have an account, and purchase records for as long as needed for tax, accounting and dispute-resolution purposes (typically up to 10 years, depending on local law). Support messages are kept for up to 3 years. Usage logs are kept for up to 12 months. After these periods, data is deleted or anonymised.

7. Your rights

Depending on where you live you may have the right to access, rectify, erase, restrict or object to the processing of your personal data, to data portability, and to withdraw consent. EU/UK users have the right to lodge a complaint with their local supervisory authority. We will respond to verified requests within one month. Contact us at support@goethi.online.

8. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, hashed passwords and database row-level security. No system can be guaranteed 100% secure.

9. Cookies

We use strictly necessary cookies and local storage to keep you signed in, remember your purchase email for guest checkout, and operate the Service. We may use analytics cookies to understand how the Service is used. You can manage cookies through your browser settings.

10. Changes

We may update this notice from time to time. The date at the top reflects the last update.

11. Contact

For privacy questions or to exercise your rights, email support@goethi.online.