SPOTTER
// legal

Privacy
Policy

Last updated: April 14, 2026

Welcome to Spotter Coach. We built this app to help you log your workouts, track your nutrition, and stay accountable with your friends. Your privacy matters to us, and this policy explains exactly what we collect, why we collect it, and how we protect it.

By using Spotter Coach, you agree to the practices described in this Privacy Policy.

1. Who We Are

Spotter Coach is operated by Matti ("we", "us", or "our"). The application may display the short name "Spotter" for user experience; legally and in app stores the service is Spotter Coach. We do not assert trademark rights in the word "Spotter" alone. If you have any questions about this policy, contact us at: [email protected]

2. What Information We Collect

2.1 Account Information

When you sign up, we collect: name and username, email address, profile photo (optional), bio (optional), date account was created.

2.2 Fitness & Workout Data

Workout logs (exercises, sets, reps, weights), personal records (PRs), workout duration and timestamps, custom exercises and routines, rest timer usage.

2.3 Nutrition Data

Food items scanned or entered, nutritional information (calories, protein, carbs, fat), meal type and date/time, barcodes scanned.

2.4 Progress Photos

Progress photos are stored securely in Supabase Storage. Optional metadata includes body weight and a personal note. Photos are private by default.

2.5 Social Activity

Friends you add, workouts and PRs you post, reactions and comments, progress photos you choose to make public.

2.6 Special Category Health Data (GDPR Article 9)

Spotter Coach collects and processes data that constitutes "special category" health data under GDPR Article 9. This includes:

  • Body weight and weight history
  • Height, date of birth, and biological sex
  • Fitness goals and diet goals (e.g. cutting, bulking)
  • Food logs and nutritional intake
  • Injuries, dietary restrictions, and health notes you voluntarily add via "Things Spot Should Know"
  • Activity level and training history

Processing this data is necessary to provide Spotter Coach's core features, including personalised AI coaching from Spot. We only process this data with your explicit consent, which you provide during onboarding. You may withdraw consent at any time by deleting your account.

2.7 Things Spot Should Know

You may optionally provide Spot with personal health context such as injuries, allergies, dietary restrictions, and training preferences. This information is stored in your account and used only to personalise Spot's coaching responses. You can view, edit, or delete this information at any time from Settings.

2.8 Messages to Spot (AI Feature)

Your conversations with Spot are stored and used to provide the service. Spot is powered by Google Gemini. Your messages are sent to Google's API over a secure connection. Google processes this data under their Data Processing Agreement and applicable privacy regulations. Do not share sensitive personal information (passwords, financial details, medical diagnoses) in Spot conversations.

2.9 Device & Usage Data

Device type and OS, app version, IP address, usage patterns, crash logs, and analytics events (via PostHog).

2.10 Payment Information

Subscriptions are handled entirely by Apple and Google via RevenueCat. We never see, store, or process your payment card details.

3. Legal Basis for Processing (GDPR)

For users in the EU/EEA, we process your data under the following legal bases:

  • Explicit consent (Article 6(1)(a) and Article 9(2)(a)) — for health data including weight, food logs, injuries, and dietary notes
  • Contract performance (Article 6(1)(b)) — to provide the Spotter Coach service you signed up for
  • Legitimate interests (Article 6(1)(f)) — for analytics, security, and app improvement
  • Legal obligation (Article 6(1)(c)) — where required by law

You have the right to withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

4. How We Use Your Information

We use data to: provide and run Spotter Coach, detect and celebrate PRs, power the Spot AI assistant, send push notifications, analyse performance, improve the app, and comply with legal obligations.

We do not sell your personal data. We do not run ads. We do not use your data to train third-party AI models without your consent.

5. Automated Decision-Making (GDPR Article 22)

Spot uses AI to make personalised coaching suggestions based on your health data. These suggestions are informational only and do not constitute medical advice. You have the right to request human review of any AI-generated recommendation and to contest decisions that affect you. Spot's logic is based on your workout history, nutrition data, and stated goals.

6. How We Share Your Information

6.1 With Other Users

Your workouts and PRs are shared with approved friends. Progress photos are private unless explicitly shared. Public profiles are visible to anyone with your profile link.

6.2 With Service Providers

  • Supabase — database, authentication, file storage, realtime infrastructure (EU/US infrastructure; Data Processing Agreement in place)
  • Google (Gemini API) — powers the Spot AI assistant (Data Processing Agreement in place)
  • RevenueCat — subscription management
  • Open Food Facts — barcode food lookup (queries not linked to your account)
  • PostHog — usage analytics (anonymised where possible)
  • Expo — push notification delivery

All providers are contractually obligated to protect your data and may not use it for their own purposes.

6.3 Legal Requirements

We may disclose data if required by law, court order, or to protect user safety.

6.4 Business Transfers

If Spotter Coach is acquired or merges with another company, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

7. Data Retention

We keep your data for as long as your account is active. If you delete your account, personal data is deleted within 30 days, except where legally required to retain it. Cached or backup copies may persist up to 90 days before full purge.

8. Your Rights

Depending on where you live, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated data
  • Export a copy of your data
  • Withdraw consent for health data processing
  • Object to processing based on legitimate interests
  • Request restriction of processing
  • Lodge a complaint with your local data protection authority (EU/EEA users)

To exercise any of these rights, visit the data request page in the app or contact us at [email protected]. We will respond within 30 days.

9. Data Security

Spotter Coach uses encrypted connections (HTTPS/TLS), row-level security (RLS) in our database so users can only access their own data, Supabase's AES-256 encryption at rest, and minimal data access principles. No system is 100% secure — if you believe your account has been compromised, contact [email protected] immediately.

10. Children's Privacy

Spotter Coach is not intended for users under 16. We do not knowingly collect data from children under 16.

11. International Data Transfers

Your data may be stored and processed in the United States and EU via Supabase and Google infrastructure. We ensure appropriate safeguards including Standard Contractual Clauses (SCCs) are in place for international transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the date at the top and notify you through the app. Continued use after changes take effect means you accept the updated policy.

13. Contact Us

Email: [email protected]

Data deletion: https://liftspotter.app/data-request

Data export: https://liftspotter.app/data-request