MATHARTLEY

Goals and Training

Privacy Policy

About this notice

This privacy notice explains how Mathew Hartley Consulting ("we", "us") collects, uses, and protects your personal information when you use Mat Hartley · Goals and Training (the "Service") at training.mathartley.com. We comply with the Protection of Personal Information Act, 2013 (POPIA), and where applicable the EU General Data Protection Regulation (GDPR).

Who is responsible

The responsible party is Mathew Hartley, trading as Mathew Hartley Consulting, based in Durban, South Africa. To contact us about your data: mat@mathartley.com.

What we collect

We collect the minimum needed to operate the Service:

• Account information: your email address and a password (stored hashed — never readable in plain text by us).
• Goal-tracking data: the goals, daily actions, notes, and reviews you enter into the Service. This is yours.
• Subscription data: trial start date, paid-until date, and references to your Yoco payment transactions. We do not store or have access to your card details.
• Technical data: browser type, IP address, device type, and pages visited (standard server logs).

How we use it

• To provide the Service (sync your data across devices, gate access to paid features).
• To process subscription payments via Yoco.
• To send you account-related emails (sign-in confirmations, password resets, renewal reminders before your access lapses).
• To improve the Service and resolve technical issues.

We do not sell your data, share it for advertising, or use it to train AI models.

Where your data lives

The Service uses third-party providers to operate. Your data may be processed by:

• Supabase (database and authentication, EU servers)
• Cloudflare (hosting and content delivery)
• Yoco (payment processing, South Africa)
• Resend (transactional email)
• Bunny.net (video streaming)
• Google Workspace (the curriculum spreadsheet read by the Service)

Each of these has its own privacy commitments. Some processing happens outside South Africa; by using the Service you consent to this transfer.

Cookies and local storage

The Service stores authentication tokens and a cache of your data in your browser's local storage so the app works offline. We do not use third-party tracking cookies for advertising.

Team subscriptions

If you joined the Service by redeeming a code from your employer or team manager, your team manager (the person who purchased the team subscription) can see a limited engagement view of your activity. Specifically, the manager dashboard shows:

• Your display name (a non-email label — by default the part of your email before the "@", which you can change)
• Whether your access is active or expired
• The last date you signed in
• Which program day you've reached (out of 40)
• How many weekly videos you've watched
• Your daily completion percentage over the last 30 days
• Whether you have set goals in the tracker (yes or no — not the goals themselves)

The manager cannot see: the goals you set, the daily actions you track, your notes or journal entries, your weekly reviews, which life pillars you focus on, your email address, or any other personal content. The dashboard is intentionally limited to whether you're showing up — it is provided for engagement support, not for performance management or disciplinary purposes.

If you redeemed a team code and want to be removed from a team's view, email mat@mathartley.com. Removal will end your team-funded access; you can continue using the Service by paying the personal subscription.

Your rights

Under POPIA you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or outdated information
• Delete your account and associated data
• Object to specific uses of your information
• Lodge a complaint with the Information Regulator (South Africa)

To exercise any of these, email mat@mathartley.com. We respond within 30 days.

How long we keep it

We keep your account data while your account is active and for up to 12 months after cancellation, after which it is permanently deleted. Anonymised aggregate data may be retained longer for analytics.

Security

Passwords are hashed using industry-standard algorithms and never stored in readable form. Connections use HTTPS. Access to the database is restricted via row-level security so users can only see their own data. No system is perfectly secure — if we discover a breach affecting your data, we will notify you within a reasonable time.

Children

The Service is not intended for users under 18. If you believe a child has signed up, contact us and we will delete the account.

Changes to this policy

We may update this notice as the Service evolves. Material changes will be communicated by email and reflected in the "last updated" date above.

Contact

Questions, requests, or complaints about your data: mat@mathartley.com

← Back to app