Spotter

Privacy Policy

Last updated: April 19, 2026

This Privacy Policy describes how Arrow Studio LLC, a Wyoming limited liability company doing business as Spotter (“Spotter”, “we”, “us”, or “our”), collects, uses, and shares your personal information when you use our mobile application and related services (collectively, the “Service”).

We are committed to transparency. The summary below highlights the most important things you should know — read on for the full details.

Quick summary

  • Health & fitness data stays on your device whenever possible. We never sell it.
  • We don't show ads and we don't share your data with advertisers.
  • You can delete your account and all associated data directly from the app.
  • Apple Health is only accessed after you grant explicit permission.

1. Definitions

  • “Account” — the unique account you create to access and use the Service.
  • “Personal Data” — any information that relates to an identified or identifiable individual.
  • “Service” — the Spotter mobile application and any related websites or services operated by us.
  • “Device” — any device that can access the Service, such as a smartphone or tablet.
  • “Usage Data” — data collected automatically when using the Service, such as feature usage patterns, session duration, and crash logs.
  • “Service Provider” — a third-party company or individual that processes data on our behalf to facilitate or improve the Service.

2. Information We Collect

We collect the following categories of information:

  • Account information — name, email address, authentication credentials.
  • Workout data — exercises, sets, reps, weights, programs, and progression you log.
  • Health & fitness data — body measurements and optional Apple Health integration data (only with your permission).
  • Device information — device model, OS version, app version, crash logs.
  • Usage data — analytics about how the app is used, collected through Amplitude Analytics, to improve the product.

3. How We Process Data

We use your information to:

  • Provide and maintain the Service
  • Personalise your training experience and AI recommendations
  • Improve and develop new features
  • Communicate with you about updates and support
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your Personal Data under the following legal bases:

  • Contract performance — to provide the Service you signed up for and manage your Account.
  • Consent — when you explicitly opt in, such as granting access to Apple Health data or subscribing to communications.
  • Legitimate interest — to improve the Service, fix bugs, and understand usage patterns through analytics, where these interests do not override your rights.
  • Legal obligation — to comply with applicable laws, regulations, or court orders.

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. If you are in the EEA, you also have the right to lodge a complaint with your local Data Protection Authority.

5. Sharing Personal Information

We do not sellyour personal information. We don't share it with advertisers or third-party marketing companies. We share information only in the following limited cases:

  • With Service Providers who help us operate the Service, under strict data protection agreements. These currently include Supabase (hosting and database), RevenueCat (subscription management), OpenAI (AI-powered features), and Amplitude (analytics)
  • To comply with legal obligations or court orders
  • To protect our rights, safety, and the safety of our users
  • In connection with a merger, acquisition, or sale of all or a portion of our assets — in such case, your Personal Data may be transferred to the acquiring entity, and we will notify you before your data becomes subject to a different privacy policy
  • With your explicit consent, for any other purpose disclosed to you

6. Cookies & Tracking Technologies

Our mobile app uses local storage to remember your preferences and keep you signed in. We use Amplitude Analytics to understand how features are used and improve the product. We do not use third-party advertising trackers.

7. Sign in with Apple

If you sign in using Apple, we receive only the information you choose to share — typically your name and either your real or anonymised email address. We never receive your Apple ID password.

8. Data Security

We take the security of your data seriously. We implement appropriate technical and organisational measures to protect your Personal Data, including:

  • Encryption of data in transit (TLS) and sensitive data at rest
  • Restricted access to Personal Data on a need-to-know basis
  • Regular security reviews of our infrastructure and dependencies

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. If we become aware of a security breach affecting your data, we will notify you in accordance with applicable law.

9. International Data Transfers

Your information may be processed in countries outside your own, including the United States and the European Union. We ensure appropriate safeguards are in place when data is transferred internationally.

10. Data Retention

We retain your personal information as long as your account is active or as needed to provide the Service. When you delete your account, we permanently delete your data from our systems within 30 days, except where we are required to retain it for legal reasons.

11. Children's Privacy

Spotter is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can promptly delete it.

12. Your Privacy Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your personal information
  • Object to or restrict certain processing
  • Receive a copy of your data in a portable format
  • Withdraw consent at any time

To exercise any of these rights, contact us at the address below.

13. Do-Not-Track Signals

Our app does not currently respond to Do-Not-Track browser signals, as we do not engage in cross-site tracking.

14. California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete it, and the right to opt out of any sale of personal information. We do not sell personal information.

15. Updates to This Notice

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email. The “Last updated” date at the top reflects the most recent version.

16. Contact Us

If you have questions or concerns about this Privacy Policy or your data, contact us at contact@spotterlift.com.

Data controller: Arrow Studio LLC, a Wyoming limited liability company.

17. Data Access & Deletion

You can request access to or deletion of your personal data directly within the app under Settings → Privacy → Manage your data, or by emailing us at the address above. We will respond to all requests within 30 days.