Spotlo

Privacy Policy

Effective June 8, 2026 · Last updated June 8, 2026

Spotlo is a place-journal app. You save places you have visited, rate them, and you can share them with people of your choosing. This document explains what data we process, why, and what your rights are.

1.Data controller

The app is published by Jean-Christophe Vermeersch, 14 cours Balguerie Stuttenberg, 33300 Bordeaux, France.

For any question about your data, write to jc.vermeersch@gmail.com.

2.Data we process

Category	Detail
Account	Email address and password. The password is managed and encrypted by our authentication provider. We never see it in clear text.
Profile	Display name and profile picture, if you provide them.
Content	Your visits: place, date, rating, comment, names of companions you enter freely, photos. Your albums.
Sharing	Share links you generate, and the list of accounts that have claimed a share.
Location	Your location is used occasionally, in the foreground, to suggest nearby places and center the map. The coordinates we store are those of places, not a record of your movements.
Technical data	Our host logs technical data (IP address, timestamp) for operation and security purposes.

Photos are re-compressed before upload. This removes most embedded metadata, including any GPS location.

3.Purposes and legal bases

• Providing the service: creating your account, saving your visits and albums, displaying the map. Basis: performance of the contract, that is the terms of use you accept.
• Sharing: passing content to the people you designate. Basis: performance of the contract, at your initiative.
• Security: preventing fraud and abuse, keeping the service running. Basis: legitimate interest.

4.What we do not do

No advertising. No selling of your data. No tracking of your activity across apps. No advertising tracker is embedded in the app.

5.Recipients and processors

• Supabase: hosting, database, photo storage and authentication. Data is hosted in the European Union, in Paris.
• Geoapify GmbH (Germany, EU): place search. When you search for a place, the text you type and an approximate location are sent to rank the results.
• Apple: map display through MapKit and distribution through the App Store. Apple may receive requests related to map display.
• The people you choose: when you share a visit, a place or an album, its content becomes visible to the recipients of the share.

6.Transfers outside the EU

Storage of your data and place search stay within the European Union. Apple may process some technical data outside the EU, under appropriate contractual safeguards.

7.Retention

Your data is kept for as long as your account exists. When you delete your account from within the app, your account, visits, albums, shares and photos are erased. The host's technical backups are purged according to its own schedule.

8.Your rights

Under the GDPR, you have the rights of access, rectification, erasure, restriction, objection and portability, as well as the right to withdraw your consent.

You can exercise some of these rights directly in the app: edit your profile, and delete your account. For other requests, write to jc.vermeersch@gmail.com.

You may also lodge a complaint with the French data protection authority, the CNIL: www.cnil.fr.

9.Security

Exchanges with our servers are encrypted in transit. Access to data is restricted by authorization rules at the database level. No system is infallible, but we apply reasonable measures to protect your data.

10.Minors

The app is not intended for people under 15. If you believe a minor has provided us with data without authorization, contact us so we can delete it.

11.Changes

This policy may change. In case of a significant change, we will update the date at the top of the page and, if necessary, notify you within the app.

12.Contact

For any question about this policy or your data: jc.vermeersch@gmail.com.