Privacy Policy
Last updated: 2026-04-26
Spotter is an offline-first gym workout tracker built by a small indie team. This policy explains exactly what data Spotter collects, why, and how you can control or delete it. If you have questions, email hello@devalab.app.
1. What we collect
| Data | Why | Where it lives |
|---|---|---|
| Email + Firebase Auth UID | Identify you across devices, gate premium features | Firebase Auth (Google-managed) |
| Workout plans, sessions, sets | Core app function | On-device only — local Room database; never uploaded |
| Premium entitlement flag | Unlock unlimited AI plans + AI feedback for paid users | Firestore (read-only for client; written by Play purchase verifier) |
| AI workout-plan questionnaire answers | Sent to Google Gemini to generate the plan | Not stored — discarded after the API call returns |
| Workout summary (counts, volume) for AI insights | Sent to Gemini to produce the dashboard feedback note | Not stored on our servers — discarded after the API call |
We collect nothing else. No location, no contacts, no device identifiers beyond what Firebase Auth manages.
2. AI features (Google Gemini)
Two features call Google Gemini:
- AI Workout Planner — your questionnaire answers (training experience, goal, equipment, time per session, frequency, focus areas) are sent to Gemini, which returns a structured workout plan. The request and response are not retained by Spotter.
- AI Performance Insights (Premium) — aggregated workout metrics for the past few weeks (streak, weekly volume, suggestions accepted) are sent to Gemini, which returns a short feedback paragraph. The request and response are not retained by Spotter.
Gemini's privacy and data-handling terms apply to both calls — see ai.google.dev/gemini-api/terms.
3. How we use data
- To run the app: store and display your workout history on this device.
- To authenticate: Firebase Auth manages sign-in so your premium entitlement follows you across reinstalls.
- To gate premium features: we read your Firestore entitlement doc on launch and after a purchase.
- We do not use your data for advertising, profiling, or any purpose beyond operating the app.
4. Third-party services
| Service | Purpose | Their privacy policy |
|---|---|---|
| Firebase Auth (Google) | Sign-in, email verification | firebase.google.com/support/privacy |
| Firebase Firestore (Google) | Premium entitlement flag only | firebase.google.com/support/privacy |
| Firebase Remote Config | Tier-based feature limits (no personal data) | firebase.google.com/support/privacy |
| Google Play Billing | Subscription purchases | policies.google.com/privacy |
| Google Gemini API | AI workout planning + AI insights | ai.google.dev/gemini-api/terms |
No analytics services, no ad networks, no third-party SDKs beyond the Google services listed above.
5. Data sharing
We never sell or share your data with anyone outside the Google services listed above. Spotter has no social or sharing features that publish your workout data.
6. Data retention
Workout history lives on your device only and is removed when you uninstall the app. Your Firebase Auth account and entitlement doc are retained for as long as the account exists. Email us to request account deletion (see below).
7. Your rights and controls
- Edit or delete workouts — directly in the app at any time.
- Sign out — Settings → Sign out. Local data stays on this device.
- Cancel subscription — manage via Google Play (Subscriptions). Premium drops to free at the end of the billing period.
- Delete your account — email hello@devalab.app with the subject "Account deletion". We will remove your Auth record and entitlement doc within 30 days.
- Data export — workout history is local to your device; export support is on the roadmap.
8. Children
Spotter is not directed at children under 13. We do not knowingly collect data from children under 13.
9. Changes to this policy
If we make material changes we will update the "Last updated" date above. Continued use of the app after changes take effect constitutes acceptance of the revised policy.
10. Contact
Questions, deletion requests, data exports, or anything else:
hello@devalab.app