SpotterAI← Back to Home
Last updated: January 1, 2026

NaminalStack LLC ("we," "our," or "us") operates the SpotterAI mobile application (the "App"). We value your privacy and are committed to protecting your personal data, particularly your sensitive health information.

By using the App, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect data to provide personalized coaching, track your progress, and manage your account.

A. Personal Identity & Profile (Account Data)

  • Identity: Name, Email Address, and User ID (managed via Supabase Auth).
  • Physical Profile: Date of Birth, Biological Sex, Height, Weight, and Body Fat Percentage.
  • User Content: Profile photos (Avatars) and uploaded images.

B. Health & Fitness Data (Sensitive Information)

We collect specific health metrics to power the AI Coach recommendations. Under GDPR/CCPA, this is considered "Sensitive Personal Data":

  • Workout Logs: Exercises performed, sets, reps, weight lifted, duration, and Rate of Perceived Exertion (RPE).
  • Injury Data: Details regarding injuries (body area, severity, status) used to filter safe exercises.
  • Nutrition: Food logs, caloric intake, macronutrient targets, and dietary preferences.
  • Biometric Data: Food photos you upload for nutritional analysis.

C. Usage & Technical Data

  • AI Chat History: Your conversations with the "Spotter" AI, including questions about training and goals.
  • Device Information: Device model, OS version, and IP address.
  • Crash & Performance Logs: Error traces and performance metrics collected via Sentry.

2. Integration with Apple HealthKit

The App integrates with Apple’s HealthKit to sync your health data. This data is handled with the highest level of privacy standards.

Data We Read from HealthKit:

  • Steps, Sleep Analysis, Heart Rate (Resting & Active), Heart Rate Variability (SDNN), Active Energy Burned, Body Mass, Body Fat Percentage, Date of Birth, and Biological Sex.

Data We Write to HealthKit:

  • Completed workout sessions.

Strict Restrictions on HealthKit Data:
In accordance with Apple’s App Store Review Guidelines, data collected from HealthKit:

  1. Is never used for advertising, marketing, or use-based data mining.
  2. Is never shared with third parties (except for the specific service providers listed in Section 4 required for storage/hosting).
  3. Is used solely to visualize your progress and inform the AI Coach’s recommendations within the App.

3. How We Use Your Information

We use your data for the following legitimate business purposes:

  1. AI Coaching: To generate personalized workout plans and nutrition advice based on your profile, injuries, and goals.
  2. Photo Analysis: To analyze food photos and estimate nutritional content.
  3. Progress Tracking: To visualize your improvements in strength and body composition over time.
  4. Offline Functionality: We use PowerSync to cache data locally on your device (SQLite) so the App works without internet.
  5. App Stability: To monitor crashes and fix bugs using Sentry.

4. Disclosure to Third-Party Service Providers (Processors)

NaminalStack LLC shares data with trusted third-party vendors who assist us in operating our App. These partners are authorized to use your data only as necessary to provide these services to us.

Service Provider Purpose Data Shared Privacy Policy
Supabase Database & Auth User ID, Chat Logs, Photos, Health Data. Supabase Policy
OpenAI AI Intelligence Chat inputs, workout context, injury details. OpenAI Policy
Tavily Search Context Anonymized search queries (e.g., "calories in an apple"). Tavily Policy
RevenueCat Subscriptions Purchase history, subscription status, Anonymous User ID. RevenueCat Policy
Sentry Error Logging Stack traces, device info. We attempt to scrub PII from logs. Sentry Policy

AI Training Disclaimer:
We use the OpenAI API. According to OpenAI's business terms, data submitted via their API is not used to train their foundation models. NaminalStack LLC does not sell your data to third parties for model training.

5. Device Permissions

The App requests the following permissions to function:

  • Health (iOS): To sync data with Apple Health.
  • Camera: To capture food photos for analysis.
  • Photo Library: To upload existing food photos.
  • Notifications: For workout reminders.

You can revoke these permissions at any time in your device settings.

6. Data Retention & Deletion

  • Cloud Storage: Data is stored securely via Supabase.
  • Local Storage: Data is cached locally on your device via PowerSync.
  • Retention Period: We retain your data as long as your account is active.
  • Deletion: You may request full account deletion within the App settings. Upon deletion, your data is removed from Supabase and our third-party processors within 30 days.

7. Legal Basis for Processing (GDPR/UK)

If you are located in the EEA or UK, we process your data based on:

  1. Contractual Necessity: To provide the coaching service you subscribed to.
  2. Explicit Consent (Article 9): We require your explicit consent to process Health Data (injuries, biometrics) and HealthKit Data. You grant this consent upon signup. You may withdraw this consent by deleting your account.
  3. Legitimate Interests: For security (Sentry logs) and fraud prevention.

8. International Data Transfers

NaminalStack LLC operates with servers (Supabase/OpenAI) primarily located in the United States. By using the App, you acknowledge that your data will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

9. AI & Medical Disclaimer

NaminalStack LLC is NOT a Doctor.
The AI Coach provides information based on algorithms and is not a substitute for professional medical advice, diagnosis, or treatment. The AI may occasionally generate incorrect information ("hallucinations"). Always consult a physician before starting any exercise program.

10. Children's Privacy

The App is intended for users aged 18 and older. We do not knowingly collect information from children. If we discover we have collected data from a minor without parental consent, we will delete it.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

NaminalStack LLC
Email: legal@naminalstack.com

When you contact us to exercise your rights, please note that we will require you to verify your identity to protect your privacy and security.

Questions about your privacy?

Contact Legal