Privacy Policy

Last Updated: July 29, 2025

This Privacy Policy explains how Spotmark ("Spotmark," "we," "us," or "our") handles your information when you use our mobile application and related services (collectively, the "App"). We're committed to protecting your privacy and being transparent about how we use your data.

Please read this Privacy Policy carefully. By using the App, you agree to its terms. If you don't agree, please don't use the App.

1. What Spotmark Does

Spotmark helps you save and organize recommended places you find on social media. You can share content from social media platforms, and our App uses the Gemini API to find and extract place information from it. You can also create your own tags to keep your saved spots organized.

2. Information We Collect

We collect very little personal information from you.

2.1 Personally Identifiable Information (PII)

• Email Address: When you sign up or log in, you'll do so using either Google OAuth or Apple OAuth. We only collect and store your email address as your sole piece of identifiable information. We don't collect or store anything else like your name, birthdate, or physical address.

2.2 Non-Personally Identifiable Information

• Usage Data: We collect information about how you use the App, such as which features you access, screens you visit, and technical details about your device (like device type, operating system version, and crash reports). This data helps us with product analytics and error monitoring, and it's generally aggregated and anonymized.
• Place Data: When you share social media content, our App uses the Gemini API to extract place information from it. Important: We do not store any part of the original social media content or any personal information from it during this process. The Gemini API processes the content solely to identify and extract place details, and we don't keep this data after extraction.

3. How We Use Your Information

We use the limited information we collect for these purposes:

• To Provide and Operate the App: We use your email address to create and manage your account, let you log in, and give you access to all the App's features, including saving and organizing spots.
• App Improvement and Development: We use aggregated and anonymized usage data to understand how people use the App, find ways to improve it, and develop new features.
• Error Monitoring and Troubleshooting: We use error monitoring data to find and fix technical issues and crashes, making sure your experience is smooth and reliable.
• Communication: We might use your email address to send you important service-related announcements or updates about your account.
• Security and Fraud Prevention: To protect the App and our users from security threats and fraud.

4. How We Share Your Information

We do not sell your personal information. We only share your information in specific, limited situations:

• With Your Consent: If you give us explicit permission, we might share your information.
• Third-Party Service Providers: We work with other companies that help us run, improve, and analyze the App. These providers might access or process your data on our behalf, but only for the purposes explained in this Privacy Policy and under strict terms that require them to protect your data. These include:
  • Authentication:
    • Google OAuth: For signing up and logging in. We get your email address from Google. (Google Privacy Policy: https://policies.google.com/privacy)
    • Apple OAuth: For signing up and logging in. We get your email address from Apple. (Apple Privacy Policy: https://www.apple.com/legal/privacy)
  • Backend Services:
    • Supabase: Our backend services, including our database where your email address is stored, are hosted by Supabase. Your data is located on servers in North California. We follow Supabase's best security practices and pass their security checks.
  • Product Analytics:
    • PostHog: We use PostHog for product analytics to understand how you use the App. PostHog may process usage data. (PostHog Privacy Policy: https://posthog.com/privacy) Please note that you can't opt out of this analytics data collection as it's essential for improving the App.
  • Error Monitoring:
    • Sentry: We use Sentry to monitor errors and fix bugs and crashes. Sentry may process usage data and crash reports. (Sentry Privacy Policy: https://sentry.io/privacy/)
  • Payment Processing:
    • RevenueCat: If you subscribe to any premium features, we use RevenueCat to process your payments. We do not directly collect or store your full payment card details. (RevenueCat Privacy Policy: https://www.revenuecat.com/privacy/)
• Legal Requirements: We may disclose your information if required by law or in response to valid requests from public authorities (like a court order).
• Business Transfers: If we merge with another company, are acquired, reorganize, or sell some or all of our assets, your information might be transferred as part of that transaction.

5. Data Storage and Security

• Storage Location: Your email address, our only stored PII, is kept in our database hosted by Supabase, with servers in North California.
• Security Measures: We use reasonable administrative, technical, and physical security measures to protect the information we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. We follow Supabase's security best practices and have passed their security checks. However, no internet transmission or electronic storage method is 100% secure, so we can't guarantee absolute security.

6. Data Retention and Deletion

• Email Address: Your email address is kept as long as your Spotmark account is active.
• Usage Data (PostHog & Sentry): The retention periods for usage data processed by PostHog and Sentry are determined by their own privacy policies.
• User Deletion Feature: You can delete your account directly within the App. When you do this, your email address and all associated data stored in our Supabase database will be permanently removed.
• Deletion Requests (Manual): If you prefer, or if you have trouble with the in-app deletion, you can also ask us to delete your data by emailing us at trito.app@gmail.com.
• Third-Party Data: Please note that while we delete your data from our Supabase database, data processed by third parties (like PostHog or Sentry) may still exist according to their retention policies. You would need to contact these third parties directly for specific data deletion requests if they offer such options.

7. Your Privacy Rights

Depending on where you live, you might have certain rights regarding your personal information.

For Users in California (CCPA)

If you're a California resident, you have the right to:

• Know: Request to know the categories and specific pieces of personal information we've collected about you, where we got it from, why we collected it, who we shared it with, and what types of personal information we might have sold or disclosed for business purposes (though Spotmark does not sell your data).
• Delete: Request that we delete your personal information, with some exceptions. You can do this using the in-app deletion feature or by contacting us.
• Opt-Out of Sale: The CCPA gives you the right to opt out of the "sale" of personal information. Spotmark does not sell your email address or any other personal information.
• Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA rights.

For Users in the European Economic Area (EEA) and UK (GDPR)

If you're in the EEA or UK, you have these rights under GDPR:

• Right to Access: Ask for a copy of your personal data that we hold.
• Right to Rectification: Ask us to correct any inaccurate personal data about you.
• Right to Erasure ("Right to be Forgotten"): Ask us to delete your personal data under certain conditions. You can do this using the in-app deletion feature or by contacting us.
• Right to Restriction of Processing: Ask us to restrict how we process your personal data under certain conditions.
• Right to Data Portability: Ask us to transfer your data to another organization, or directly to you, under certain conditions.
• Right to Object: Object to our processing of your personal data under certain conditions.
• Rights in Relation to Automated Decision-Making and Profiling: We don't use automated decision-making or profiling that would significantly affect you.

How to Exercise Your Rights

To use any of these rights, you can either use the in-app deletion feature or contact us at: trito.app@gmail.com.

We'll respond to your request within the timeframe required by law. We might need to verify your identity before responding.

8. Third-Party Links and Services

The App might contain links to other websites or services. This Privacy Policy only covers information collected by Spotmark. We're not responsible for the privacy practices of other websites or services. We encourage you to read their privacy policies when you visit them.

9. Children's Privacy

The App is for a general audience and isn't aimed at children under 13. We don't knowingly collect identifiable information from children under 13. If we find out we've collected PII from a child under 13 without parental consent, we'll delete that information as quickly as possible. If you think we might have any information from or about a child under 13, please contact us at trito.app@gmail.com.

10. International Data Transfers

Since we aim to be a global app, your information, especially your email address stored on Supabase servers in North California, might be transferred to and processed in countries outside of your home country. These countries may have different data protection laws. We take appropriate steps to ensure your personal information is adequately protected when transferred outside your jurisdiction, such as using standard contractual clauses approved by the European Commission when needed.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. When we make changes, we'll post the new Privacy Policy on this page and update the "Last Updated" date at the top. We recommend reviewing this Privacy Policy regularly for any changes. Your continued use of the App after any changes means you accept the updated Privacy Policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: trito.app@gmail.com