Privacy Policy

Last updated: March 2025

This Privacy Policy describes how Spotter ("we", "us", or "our") collects, uses, and protects information about you when you use the Spotter mobile application ("the App"). By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following categories of personal data:

• Account information: email address, first name, last name, date of birth, gender.
• Fitness profile: primary fitness goal, experience level, weekly workout frequency.
• Training data: training programs, workout plans, exercise logs (sets, reps, weight, rest times), workout summaries (duration, volume).
• Body weight data: body weight entries with dates.
• Custom exercises: exercises you create within the App.

We do not collect location data, payment information, or any data from your device beyond what is listed above.

2. How We Collect Your Information

• Directly from you: when you register, complete the onboarding flow, or enter data in the App.
• Automatically via Firebase Authentication: when you sign in with email/password or Google Sign-In, Firebase processes your credentials. We receive only the user identifier and email from Firebase.

3. How We Use Your Information

We use your data exclusively to:

• Provide and operate the App's core features (logging workouts, tracking progress).
• Personalise your experience (e.g., exercise recommendations based on your goal and level).
• Sync your data across devices via our backend service.
• Improve the App based on aggregated, anonymised usage patterns.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services, each with its own privacy policy:

• Firebase Authentication (Google): handles sign-in and identity verification. Firebase Privacy Policy.
• Google Sign-In: optional authentication method via your Google account.

No analytics SDKs or advertising networks are embedded in the App.

5. Data Storage and Security

Your data is stored on servers located in the European Union (or the region closest to your location as determined by our cloud provider). We use industry-standard security measures, including HTTPS/TLS for all data in transit and access controls on our backend infrastructure.

Firebase Authentication uses secure token-based sessions. We store your Firebase ID token locally on your device using encrypted secure storage.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, all your data (profile, training programs, workout history, exercise logs, body weight entries) is permanently deleted from our servers within 30 days.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

• Right of access: you can request a copy of the personal data we hold about you.
• Right to rectification: you can correct inaccurate data directly in the App's settings.
• Right to erasure: you can permanently delete your account and all associated data from Settings → Delete Account inside the App.
• Right to data portability: you can request an export of your data by contacting us.
• Right to object: you can object to certain types of processing by contacting us.

To exercise any of these rights, contact us at the address below.

8. Children's Privacy

The App is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by updating the "Last updated" date at the top of this page. Continued use of the App after changes constitutes your acceptance of the updated policy.