Privacy Policy

Effective date: April 9, 2026

Spotter ("the App") is developed by Damien Lutrin ("we", "us", "our"). This policy explains what data the App collects, how it is used, and your rights.

1. Data We Collect

Information you provide

• Account information — email address and password when you create an account.
• Photos — images you capture or select for identification. Photos are uploaded to our servers for AI processing and stored with your spot.
• Chat messages — text you send in conversations about your spots.

Information collected automatically

• Location — latitude, longitude, and reverse-geocoded place name when you take a photo, if you grant location permission. Location is never collected in the background.
• Device identifier — a random identifier stored locally on your device, used to associate spots with anonymous users. This is not an advertising ID.
• Subscription status — managed by RevenueCat (see Third-Party Services below).

2. How We Use Your Data

• To identify subjects in your photos using AI models.
• To provide AI-powered chat responses about your spots.
• To save your spots (photo, location, synopsis) as a personal travel journal.
• To enforce usage limits (free tier: 3 identifications/day).
• To manage your subscription and account.

We do not sell your data. We do not use your data for advertising. We do not train AI models on your photos or conversations.

3. Third-Party Services

• Supabase — database hosting, authentication, and file storage. Data is stored in Supabase-managed PostgreSQL with row-level security. Supabase Privacy Policy.
• Google Gemini — AI model used for photo identification and chat. Photos and text are sent to Google's API for processing. Google AI Terms.
• RevenueCat — subscription management. RevenueCat receives your anonymous app user ID and purchase receipts. RevenueCat Privacy Policy.
• Apple / Google — in-app purchases are processed by the respective platform's payment system.

4. Data Retention

Your spots, photos, and messages are retained as long as your account exists. If you delete your account, all associated data is permanently removed within 30 days. Anonymous user data is retained for 90 days of inactivity, then deleted.

5. Your Rights

• Access — your spots and profile are visible in the App at all times.
• Deletion — you can delete individual spots from the App or request full account deletion by contacting us.
• Portability — contact us to request an export of your data.

6. Children's Privacy

The App is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us and we will delete it.

7. Security

Data is transmitted over HTTPS. Database access is protected by row-level security policies. Photos are stored in access-controlled buckets. Passwords are hashed by Supabase Auth and never stored in plaintext.

8. Changes to This Policy

We may update this policy from time to time. The effective date at the top of this page will be updated accordingly. Continued use of the App after changes constitutes acceptance.

9. Contact

Questions or requests? Email us at automata.labs.acct@gmail.com.