Privacy Policy

Effective date: March 11, 2026  ·  Last updated: March 11, 2026

1. About This Policy

Spot LLC ("Spot," "we," "us," or "our"), a Florida limited liability company, operates the Spot mobile application for iOS ("App") and the Spot Partner Dashboard website (collectively, the "Services"). This Privacy Policy describes what personal information we collect, how we use and share it, and the choices and rights available to you.

By downloading the App, creating an account, or using the Services in any way, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the Services.

2. Age Restriction

The Services are intended solely for individuals who are 21 years of age or older. We do not knowingly collect personal information from anyone under 21. If we learn that we have collected information from a person under 21, we will delete that information promptly. If you believe a minor has submitted personal information to us, please contact us immediately at the address in Section 18.

The Spot App is rated 17+ on the Apple App Store in accordance with Apple's content rating guidelines for applications that reference or depict alcohol-related content.

3. Information We Collect

We collect information you provide directly, information generated automatically when you use the Services, and information from third parties. The table below aligns with Apple's App Privacy Nutrition Label disclosures.

3.1 Information You Provide

  • Contact information — first and last name, email address, phone number.
  • Profile data — username, profile photo, bio, date of birth (used only to verify age; we store only that you are 21+, not the exact date).
  • User-generated content — photos, check-in posts, venue reviews, comments, RSVPs, and other content you submit or share.
  • Venue & business information (Partners) — business name, address, operating hours, photos, event details, drink specials, and other listing content submitted through the Partner Dashboard.
  • Communications — messages you send to us via email, support forms, or in-app feedback.

3.2 Information Collected Automatically

  • Location data — with your permission, we collect precise GPS location to show nearby venues and to enable check-ins. You can revoke location access at any time in your iOS Settings. Coarse location (city-level) may be inferred from IP address even without explicit permission.
  • Device identifiers — device model, operating system version, unique device identifiers (e.g., IDFV assigned by iOS), and advertising identifier (IDFA) only if you grant App Tracking Transparency (ATT) permission.
  • Usage and interaction data — features you access, venues you view, searches you perform, RSVPs and check-ins, session duration, and in-app navigation patterns.
  • Log and diagnostic data — IP address, crash reports, performance data, error logs, and timestamps. This data is used solely for debugging and service improvement.
  • Push notification tokens — a device token generated by Apple used to deliver push notifications when you opt in.
  • Cookies and similar technologies — the web dashboard uses session cookies and local storage for authentication and preferences. See Section 9 for details.

3.3 Information from Third Parties

  • Sign in with Apple / social login — if you choose to sign in with Apple or another provider, we receive a unique identifier and, at your option, your name and email address from that provider.
  • Payment processors — Stripe provides us with a transaction confirmation, last-four card digits, and billing zip code. We do not receive or store full card numbers, CVVs, or full account numbers.

4. Device Permissions We Request

The Spot iOS app may request the following system permissions. All permissions are optional unless noted:

  • Location (While Using / Always) — to show nearby bars, enable check-ins, and surface relevant venues. "Always" access is only requested for background venue discovery features, which you may decline.
  • Camera — to take photos for your profile, check-ins, or venue posts.
  • Photo Library — to upload existing photos from your device to your profile or posts.
  • Push Notifications — to send you alerts about venue events, friend activity, and promotions. You may disable notifications at any time in iOS Settings.
  • Contacts — optionally, to help you find friends who are already on Spot. We transmit phone numbers in hashed, one-way encrypted form only. We do not store your contact list.
  • App Tracking Transparency (ATT) — if you grant permission, we may use your IDFA to measure advertising campaigns. If you decline, we do not track you across other apps or websites.

You can review and change all permissions at any time via iOS Settings → Privacy & Security.

5. How We Use Your Information

  • Create and manage your account and authenticate your identity.
  • Display nearby venues, events, and drink specials relevant to your location.
  • Enable social features including check-ins, RSVPs, friend activity feeds, and posts.
  • Process payments and manage Partner subscriptions and promotions.
  • Send transactional notifications (account activity, booking confirmations) and, with consent, promotional messages. You may opt out of marketing at any time.
  • Analyze usage patterns to improve app performance, fix bugs, and develop new features.
  • Detect and prevent fraud, abuse, spam, and security incidents.
  • Comply with applicable laws and respond to lawful requests from authorities.
  • Enforce our Terms of Service and protect the rights and safety of Spot and its users.

We process your data on the legal bases of contract performance (to provide the Services), legitimate interests (security, fraud prevention, service improvement), consent (location, ATT, marketing communications), and legal obligation.

6. How We Share Your Information

We do not sell your personal information. We share information only as described below:

Publicly visible information

Your username, profile photo, public posts, check-ins, and RSVPs are visible to other Spot users. Venue listings, events, and specials submitted by Partners are publicly accessible. Think carefully before posting information you want to keep private.

Service providers & subprocessors

  • Google Firebase — authentication, Firestore database, and cloud storage. Data is processed in the United States.
  • Stripe, Inc. — payment processing. Subject to Stripe's own privacy policy.
  • Vercel, Inc. — web hosting and edge compute for the Partner Dashboard.
  • Cloudflare, Inc. — DDoS protection, CDN, and Turnstile CAPTCHA.
  • Apple, Inc. — push notification delivery via APNs; crash reporting via Xcode Organizer if you opt in to share diagnostics with developers.

All subprocessors are contractually bound to process data only for the purposes we specify and to maintain appropriate security measures.

Business transfers

If Spot LLC is acquired, merges with another company, or transfers substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent in-app notice before your information becomes subject to a different privacy policy.

Legal disclosures

We may disclose information when required by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Spot, our users, or the public.

Aggregated & de-identified data

We may share aggregated or de-identified information (e.g., "check-ins increased 30% on Friday nights") that cannot reasonably be used to identify you with partners, advertisers, or for research purposes.

7. Data Linked to You vs. Not Linked to You

In accordance with Apple's App Privacy requirements:

Data linked to your identity:

Name, email address, phone number, profile photo, user ID, location, user-generated content (posts, check-ins, RSVPs), purchase history, and device identifiers are associated with your account.

Data not linked to your identity:

Crash logs and diagnostic data are collected in aggregated, anonymized form and are not linked to your account.

Data used to track you (only with ATT permission):

IDFA may be used for advertising measurement if you grant App Tracking Transparency permission. You can withdraw this permission at any time in iOS Settings → Privacy & Security → Tracking.

8. Data Retention

We retain your personal information for as long as your account remains active or as needed to provide the Services. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain data longer for legal, tax, fraud-prevention, or regulatory compliance purposes (typically no longer than 7 years for financial records).

Content you have posted publicly (venue reviews, check-in posts) may persist in cached or archived form for a short period after deletion while our systems process the removal.

9. Cookies & Tracking Technologies

The Spot Partner Dashboard web app uses a session cookie (__session) solely to maintain your authenticated session. We do not use third-party advertising cookies or cross-site tracking cookies on the web dashboard. We do not use cookies in the iOS mobile app; authentication is managed via Firebase Authentication tokens stored securely in the iOS Keychain.

10. Security

We implement technical and organizational security measures appropriate to the risk, including:

  • TLS/HTTPS encryption for all data in transit.
  • Firebase Security Rules controlling database read/write access.
  • Rate limiting and CAPTCHA on sensitive endpoints.
  • Input validation and output encoding to prevent injection attacks.
  • Strict Content Security Policy and security headers on the web dashboard.
  • Credentials stored with bcrypt hashing; we never store plaintext passwords.
  • Restricted internal access to production data on a need-to-know basis.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify affected users as required by applicable law.

11. Account Deletion

In compliance with Apple App Store guidelines, you may request deletion of your account and all associated personal data at any time. To delete your account:

  • In the Spot app: go to Profile → Settings → Delete Account.
  • By email: send a request to privacy@spotapp.com from the email address associated with your account.

Deletion requests will be processed within 30 days. Certain data may be retained for up to 7 years where required for legal or financial compliance. Retained data will be isolated and not used for any other purpose.

12. Your Privacy Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that we correct inaccurate or incomplete information.
  • Deletion — request that we delete your personal information (see Section 11).
  • Portability — request your data in a structured, machine-readable format.
  • Objection / Restriction — object to or request restriction of certain processing activities.
  • Opt-out of marketing — unsubscribe from promotional emails at any time using the unsubscribe link or by contacting us.
  • Opt-out of tracking — withdraw App Tracking Transparency consent in iOS Settings → Privacy & Security → Tracking.

To exercise any of these rights, contact us at privacy@spotapp.com. We will respond within 45 days. We will not discriminate against you for exercising your privacy rights.

13. Florida Residents

Spot LLC is incorporated in the State of Florida. Florida residents have rights under applicable Florida privacy and consumer protection laws. We do not sell personal information. We do not share personal information for cross-context behavioral advertising without consent. To submit a privacy request, contact us at the address in Section 18.

14. California Residents (CCPA / CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used, the right to delete, the right to correct, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination.

We do not sell or share your personal information with third parties for cross-context behavioral advertising. To submit a CCPA request, email privacy@spotapp.com with the subject line "CCPA Request."

15. International Users

The Services are operated in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Services, you consent to this transfer.

16. Third-Party Links & Services

The Services may contain links to third-party websites, venue social media profiles, or other external content. We are not responsible for the privacy practices of any third party and encourage you to review their privacy policies before providing personal information.

17. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will notify you by email to the address on your account and/or by displaying a prominent notice in the App at least 14 days before the change takes effect. The updated policy will always be accessible at this URL with a revised effective date. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

18. Contact Us

For privacy questions, data requests, or concerns, please contact:

Spot LLC

Privacy & Legal

Florida, United States

Email: privacy@spotapp.com

We aim to respond to all privacy inquiries within 30 days.