Privacy Policy

• We store your account, your profile (including health details like injuries and bodyweight that you choose to add), your training plans, and the workouts you log.
• To generate coaching, we send the relevant parts of that data — including profile, health, and anything you type — to our AI provider.
• We use product analytics and crash reporting that are linked to your account, and you can turn them off in the app.
• You can view and edit your data in the app, delete your account at any time, and ask us for a copy. We never sell your data.

The Spot app is operated by Fashizel, [company postal address]. For any privacy question or request, contact privacy@getspotapp.app.

Account & identity. When you sign in with Google, we store your authentication identifier, email address, and display name via Google Firebase Authentication. You can use the app anonymously first; if you later sign in, your existing data is linked to your account.

Profile & demographics. Details you add to tailor coaching: name, year of birth (used to derive your age), sex/gender, units, training goal, experience level, available equipment, and how many days per week you train.

Health & fitness data. Because Spot is a training app, you can provide health-related information: injuries or areas to work around and free-text notes about them (for example a recent surgery or a chronic issue), bodyweight, optionally height, a pre-session check-in (energy level and sore areas), and the workouts you perform (sets, reps, weights, effort, and any notes). In some regions this is treated as “special category” data, and we process it only with your consent and to provide the coaching you ask for. You don’t have to provide it, but some features work better when you do.

Content you create. The plans you build, import, paste as text, or upload as screenshots; per-exercise and end-of-session notes; and the messages you send to the in-app coach.

Usage & device data. Product analytics (screens viewed, features used, milestones such as a logged set) and crash/error diagnostics (device model, OS version, redacted error details). These are linked to your account identifier — they are not anonymous — and you can turn them off (see “Your choices and rights”).

• To provide the core app — logging, progression, history, and sync across your devices (to perform our contract with you).
• To generate your daily brief, progress read-outs, and set-by-set coaching, including the AI features below (to perform our contract, and — for health data — with your consent).
• To diagnose crashes and understand which features are useful so we can improve Spot (our legitimate interest, subject to your opt-out).
• To process subscriptions, if and when in-app purchases are enabled (to perform our contract).

Where the law requires consent — in particular for health-related data and for analytics — we rely on the consent you give in the app, which you can withdraw at any time.

Spot’s coaching features are generated by a large-language-model provider. To produce coaching, our servers send the model the information relevant to your request. Depending on the feature, this can include your name, age, and sex; your goal, experience, and equipment; your injuries and the free-text injury notes you wrote; your bodyweight; your plan and the sets you’ve performed; your pre-session check-in; and any free text or images you provide — coach messages, session and exercise notes, pasted plan text, and plan screenshots. In short, the parts of your training, profile, and health data needed to coach you leave your device and are processed by our AI provider.

The model only proposes; Spot’s own code validates and applies any change, and every suggestion is yours to keep or dismiss. We do not use your data to train our own models. The data we send is processed by our AI provider (OpenRouter, routing to Google Gemini) under their terms, and we do not control whether they retain it. Please avoid typing sensitive personal or health details into the coach that you would not want processed by a third-party AI service. Spot is not a medical service and its coaching is not medical advice — see our Terms of Use.

We rely on a small set of providers, each handling only what its function needs:

• Google Firebase — authentication, database (Firestore), serverless functions, and crash reporting (Crashlytics).
• Google Sign-In — the option to sign in with your Google account.
• OpenRouter & Google Gemini — the AI model that generates coaching from the data described above.
• PostHog — product analytics and error reporting, linked to your account identifier and (where applicable) your email and name.
• RevenueCat — subscription management, used only if and when in-app purchases are enabled in your build.

We do not sell your personal information, and we do not share it with advertisers or data brokers.

Our providers may process and store data in the United States and other countries, which may have different data-protection laws than where you live. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses for these transfers.

We keep your account and training data for as long as your account is active. When you delete your account in the app, we delete your associated data from our database and authentication system and wipe the copy stored on your device. Aggregated or de-identified diagnostics that can no longer be linked to you may be retained. Note that, because the app is local-first, a copy of your data is stored on your device — including before you sign in.

In the app you can view and edit your profile, plans, and history; turn analytics and crash reporting off (they are on by default) from Settings; and delete your account at any time, which removes your data as described above. To request a copy (export) of your data, email privacy@getspotapp.app and we’ll provide one.

Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA — to access, correct, delete, port, or restrict processing of your data, to withdraw consent, and to lodge a complaint with a regulator. California residents: we do not sell or share your personal information as those terms are defined under the CCPA. We honor these requests regardless of where you live; contact privacy@getspotapp.app.

Data is encrypted in transit. Access to your records in our database is restricted to your own account, our AI provider key never ships in the app, and diagnostic reports are redacted to a limited set of fields. The app also keeps a local-first copy on your device, so your logs are never at the mercy of a network. No system is perfectly secure, but we treat your data as if it were our own.

Spot is not directed to children under 13 (or the minimum age of digital consent in your country), and we do not knowingly collect their data. If you believe a child has provided us data, contact us and we will delete it.

We’ll update this page when our practices change and revise the date above. Material changes will be surfaced in the app.

Questions or data requests: privacy@getspotapp.app. See also our Terms of Use.