Privacy Policy

We collect only what the app needs to work:

• Account — your email address and a password. Passwords are hashed by our authentication provider; we never see or store them in plain text.
• Profile & training context — your training goal, available equipment, anything you ask us to train around (e.g. injuries), and similar preferences you enter.
• Workout & body data — the exercises, sets, reps, weights, cardio, and notes you log; your bodyweight entries; and the dates and times of your sessions.
• Photos you upload (Pro) — images you send for analysis (e.g. a photo of a machine to identify an exercise). These are stored in your private storage and sent to an AI provider to produce the result.
• Voice input (optional) — if you use voice logging, the audio is sent for transcription and the resulting text is processed like any other message. We don’t retain the audio beyond producing the transcript.
• Coach messages — the messages you exchange with the in-app coach, which we process to generate replies, plans, and insights.
• Technical data — standard server logs (e.g. request metadata and errors) used to keep the service running and secure.

Your fitness, bodyweight, and related entries are health-related information. We treat this data carefully and never sell it.

We use the data above to:

• provide the core service — logging, history, and progress charts;
• power the AI coach, plan generation, and image/voice features;
• send you account and transactional emails you’ve enabled;
• process payments for Spotter Pro; and
• secure the service, prevent abuse, and fix problems.

We do not use your data for advertising, and we do not sell or rent it to anyone.

To deliver coaching, plan generation, exercise-video lookups, and image or voice features, relevant parts of your data (such as your messages, recent workout context, an uploaded photo, or a search term) are sent to the AI and data providers listed below to compute a response. AI output can be inaccurate or incomplete — see the disclaimer in our Terms of Service.

We use a small number of subprocessors to run Spotter. Each receives only what it needs for its function:

• Supabase — database, authentication, and file storage — hosts your account and logged data.
• Vercel — application hosting and delivery.
• Azure AI Foundry / OpenAI — large-language-model processing for the coach and plan generation, voice transcription, and image analysis.
• YouTube Data API (Google) — looks up exercise tutorial videos from search terms; no personal data beyond the query is sent.
• Stripe — payment processing for Spotter Pro. Stripe handles your card details directly — we never receive or store your full card number.
• Resend — sends transactional email, such as plan-share notifications.

We may also disclose data if required by law, or to protect the rights, safety, and security of our users and the service.

Spotter lets you share a workout plan with another person (a Pro feature). When you do, the plan’s contents become visible to the people you share it with. Sharing is always initiated by you.

• Access & export — you can download your workouts, body metrics, and profile at any time from Profile → Export my data (JSON and CSV).
• Correction — you can edit or delete individual entries directly in the app.
• Deletion — you can delete your account, which removes your associated data. To request deletion or any other data right, contact us at hakeemmfhanoun@gmail.com.

Depending on where you live (e.g. the EU/UK under GDPR, or California under the CCPA), you may have additional rights over your personal data; we honour applicable requests.

Access to your data is enforced at the database level so that you can only read your own records, and data is encrypted in transit. We keep your data for as long as your account is active, and remove it (or anonymise it) after deletion, except where we must retain limited records to meet legal or accounting obligations.

No method of storage or transmission is perfectly secure, so we cannot guarantee absolute security.

Spotter uses only the cookies needed to keep you signed in and to operate the app. We do not use advertising or third-party tracking cookies.

Spotter is not directed to children under 13 (or the minimum age in your country), and we do not knowingly collect their data. If you believe a child has provided us data, contact us and we will remove it.

We may update this policy as the app evolves. We’ll change the “Last updated” date above and, for material changes, make a reasonable effort to notify you.

Questions or requests? Email hakeemmfhanoun@gmail.com.