Privacy Policy
Last updated: 2026-05-17
Spotter is an offline-first gym workout tracker built by a small indie team. This policy explains exactly what data Spotter collects, why, and how you can control or delete it. If you have questions, email hello@devalab.app.
Spotter has no user accounts. There is no sign-in, no sign-up, no password, and no profile stored on our servers. Your workout history lives on your device.
1. What we collect
| Data | Why | Where it lives |
|---|---|---|
| Workout plans, sessions, sets, body measurements, settings | Core app function | On-device only — local Room database. Never uploaded to our servers. |
| AI Planner usage log (timestamps of plan generations) | Enforce the local weekly cap (default 10 plans / 7 days per device) | On-device only — local Room database. |
| AI workout-plan questionnaire answers | Sent to Google Gemini to generate the plan | Not stored by Spotter — discarded after the Gemini API call returns. |
| Workout summary (counts, volume, recent PRs) for AI insights | Sent to Google Gemini to produce the dashboard feedback note after each workout | Not stored by Spotter — discarded after the Gemini API call returns. |
| Photos you take or pick for the share feature | Used as the backdrop of the share image you compose in the app | Only used in-memory to build the share image. Never uploaded. |
We collect nothing else. No email, no name, no phone, no location, no contacts, no device identifiers, no advertising IDs.
2. Backup (iCloud / Google Drive)
Spotter relies on your operating system's built-in backup so your workout data survives an uninstall or device migration:
- iOS — Spotter's local database is included in your device's iCloud Backup if you have iCloud Backup enabled. Restoring an iCloud backup to a new iPhone restores your Spotter history.
- Android — Spotter participates in Auto Backup to Google Drive (per the Android system default). The local database is copied to the Google Drive account associated with your device, in the hidden Auto Backup area not visible to other apps.
Backups are managed entirely by Apple and Google. Spotter cannot read, write, or otherwise access your backup contents. You can turn backups off in your device's system settings.
3. AI features (Google Gemini)
Two features call Google Gemini, both free for everyone (rate-limited to roughly 10 plan generations per device per rolling 7 days, configured via Firebase Remote Config):
- AI Workout Planner — your questionnaire answers (training experience, goal, equipment, time per session, frequency, focus areas) are sent to Gemini, which returns a structured workout plan. The request and response are not retained by Spotter.
- AI Performance Insights — aggregated workout metrics for the past few weeks (streak, weekly volume, recent personal records, suggestions accepted) are sent to Gemini, which returns a short feedback paragraph shown on the dashboard. The request and response are not retained by Spotter.
Gemini's privacy and data-handling terms apply to both calls — see ai.google.dev/gemini-api/terms.
4. Camera and photo library
The "Share" feature lets you compose an Instagram-story-ready image of a personal record or workout recap. You can use a sample photo, take a new one with the camera, or pick one from your library. Photos chosen this way are used only in-memory to render the share image and are never uploaded to our servers. You may revoke camera and photo-library access at any time in your device's system settings.
5. Sharing your workout image
When you tap Share, Spotter hands the rendered image to your operating system's native share sheet. From that point on, anything you do with the image (post to Instagram, save to Photos, AirDrop, etc.) is governed by the privacy policy of whichever app you pick. Spotter does not see what you do with the image after handing it off.
6. How we use data
- To run the app: store and display your workout history on this device.
- To rate-limit AI calls: store local timestamps so a single device cannot exceed the weekly cap.
- To produce AI plans and insights: send the inputs above to Google Gemini and discard them after the response is rendered.
- We do not use your data for advertising, profiling, or any purpose beyond operating the app.
7. Third-party services
| Service | Purpose | Their privacy policy |
|---|---|---|
| Google Gemini API | AI workout planning + AI insights | ai.google.dev/gemini-api/terms |
| Firebase Remote Config (Android only) | Tune the AI Planner weekly cap remotely. No personal data is sent. | firebase.google.com/support/privacy |
| Apple iCloud Backup (iOS) | Optional system backup of the app's local database | apple.com/legal/privacy |
| Google Drive Auto Backup (Android) | Optional system backup of the app's local database | policies.google.com/privacy |
No analytics services, no ad networks, no Firebase Auth, no Firestore, no Play Billing, no third-party SDKs beyond the services listed above.
8. Data sharing
We never sell or share your data with anyone outside the services listed above, and the data we share with those services is limited to what each section above describes.
9. Data retention
Workout history lives on your device only and is removed when you uninstall the app (unless you previously enabled iCloud Backup / Google Drive Auto Backup, in which case a copy may persist in your backup until you delete it via your device's system settings). Spotter retains no server-side user record because there are no user accounts.
10. Your rights and controls
- Edit or delete workouts — directly in the app at any time.
- Wipe all Spotter data — uninstall the app. If you want to remove the backed-up copy as well, also delete the app's backup from iCloud (iOS) or Google Drive Auto Backup (Android) via your device's system settings.
- Revoke camera or photo access — in your device's system settings.
- Data export — workout history is local to your device; a built-in export is on the roadmap.
11. Children
Spotter is not directed at children under 13. We do not knowingly collect data from children under 13.
12. Changes to this policy
If we make material changes we will update the "Last updated" date above. Continued use of the app after changes take effect constitutes acceptance of the revised policy.
13. Contact
Questions, deletion requests, data exports, or anything else:
hello@devalab.app