Privacy Policy
Spotted ("we", "us") helps you verify whether someone you've matched with online is who they claim to be, by searching public web sources for a face you submit. Your privacy — and the privacy of the people in the photos you search — matters to us. This policy explains what we collect, why, and your choices.
Spotted is a safety tool. It is intended for verifying people you are personally interacting with (e.g. a dating match) and checking your own online presence. It must not be used for stalking, harassment, surveillance, or any unlawful purpose. See our Terms of Use.
What we collect
- Photos you submit for a search. When you run a scan, the image you provide is uploaded to our secure storage and sent to our search provider to look for matching public images.
- Search results. The public profile links, source URLs, thumbnails, and confidence scores returned for your scans, saved to your scan history.
- Account information. When you sign in with Apple, we receive an identifier and, if you allow it, your email. We do not receive your Apple password.
- Subscription status. Managed by RevenueCat and Apple; we receive whether your subscription is active. We never see your card details.
- Basic app/device data. Standard technical data needed to operate the app (e.g. app version, crash diagnostics).
How we use it
- To perform the face search you request and show you the results.
- To save your scan history so you can review it and sync it across your devices.
- To operate your account, subscription, and support requests.
We do not sell your data. We do not use your photos to build or train a facial-recognition database. We do not use your data for advertising or cross-app tracking.
Who we share it with (processors)
We share the minimum necessary with service providers who process data on our behalf:
- FaceCheck.id — performs the reverse image search on the photo you submit.
- Supabase — hosts our database, authentication, and secure file storage.
- RevenueCat & Apple — process subscriptions and payments.
- Apple — provides Sign in with Apple.
These providers are bound to use the data only to provide their service to us.
Retention & deletion
- Uploaded photos are stored only as long as needed to provide the service and are automatically deleted from our servers within 30 days.
- Deleting your account (Profile → Delete account) permanently removes your account, scan history, matches, and any stored photos immediately. This cannot be undone.
- You can also email hello@spottedapp.net to request access to or deletion of your data.
Your rights
Depending on where you live (including under GDPR and CCPA/CPRA), you may have the right to access, correct, delete, or export your personal data, and to object to certain processing. To exercise these rights, use in-app account deletion or contact hello@spottedapp.net. Because searches can involve biometric/face data, we process it only to fulfill the search you request, with your instruction, and delete it as described above.
Children
Spotted is not intended for anyone under 17. We do not knowingly collect data from children.
Changes
We'll update this policy as the app evolves and post the new effective date here. Material changes will be surfaced in-app.
Contact
Questions or requests: hello@spottedapp.net