Privacy Policy

Effective Date: February 14, 2026

Blue Dot Labs, LLC ("Spotlist," "we," "our," or "us") operates the Spotlist mobile application and website at spotlist.io (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your choices.

We designed Spotlist to be a curation tool, not a data collection platform. We collect only what we need to make the Service work and never sell your personal information.

1. Information We Collect

1.1 Information You Provide

• Account information: Name, email address, username, and optionally a profile photo and bio when you create an account
• Profile details: Home city, cuisine preferences, and other taste profile information you choose to share
• User content: Restaurant lists, spot notes, dish recommendations, and photos you upload
• Check-in data: When you check in at a spot, including any notes, photos, and the privacy setting you select
• Social interactions: Who you follow, which lists you follow, and kudos you send or receive
• Import data: Text or screenshots you provide when importing existing restaurant lists
• Communications: Messages you send to us for support or feedback

1.2 Information Collected Automatically

• Device information: Device model, operating system version, unique device identifiers, and app version
• Usage data: Features you use, screens you visit, actions you take, and timestamps of activity
• Location data: With your permission, we collect precise location data (GPS) to power nearby recommendations, check-ins, and distance-based sorting. We access your location only while you are actively using the app ("when in use"), not in the background. You can revoke location access at any time through your device settings.
• Log data: IP address, browser type (for web previews), and error/crash reports

1.3 Information from Third Parties

• Social login: If you sign in with Apple or Google, we receive your name and email address (and only what you authorize)
• Google Places: Restaurant details (name, address, coordinates, cuisine type) retrieved when you search for or add spots

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service, including list creation, discovery, and social features
• Generate taste match recommendations based on your preferences and list overlap with other users
• Display nearby spots and power map-based discovery
• Process your list imports (text and screenshot parsing)
• Send push notifications you have opted into (such as new followers, kudos, and recommendations)
• Respond to your support requests and communications
• Analyze usage patterns to improve the Service (in aggregate, not individually)
• Enforce our Terms of Service and protect against fraud or abuse
• Comply with legal obligations

3. AI and Machine Learning

Taste matching. Spotlist uses algorithms to calculate taste similarity between users based on shared spots, cuisine preferences, and related signals. These algorithms run on our own systems using data you have provided to the Service.

List import parsing. When you import a restaurant list via text or screenshot, we send that content to a third-party large language model (LLM) API to extract and match restaurant names. The AI provider processes your input solely for this parsing task. We use providers that do not retain input data or use it for model training. No other personal data (your name, email, profile, or social connections) is sent to AI providers.

AI-powered recommendations. The Find tab may use algorithmic recommendations to surface lists and users that match your taste. We aim to be transparent about why content is recommended to you.

4. How We Share Your Information

We do not sell your personal information. We share information only in these circumstances:

With other users. Your public profile, public lists, and public check-ins are visible to other Spotlist users. You control the visibility of your content through privacy settings on each list and check-in.

Service providers. We work with third-party companies that help us operate the Service:

• Cloud hosting and storage (for your data and photos)
• Google Places API (restaurant search and data enrichment — subject to Google's Privacy Policy at https://policies.google.com/privacy)
• Mapbox (map display — Mapbox may collect limited telemetry data; see Mapbox Privacy Policy at https://www.mapbox.com/legal/privacy)
• AI/LLM providers (list import parsing only, as described in Section 3)
• Analytics (aggregated usage data to improve the Service)
• Push notification services (to deliver notifications you have opted into)

Legal and safety. We may disclose information if required by law, legal process, or government request, or if we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Spotlist, our users, or the public.

Business transfers. If Spotlist is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Photos

You may optionally attach photos when creating notes on spots or checking in. Photos are stored on secure cloud servers with encryption in transit and at rest. We strip EXIF metadata (including embedded GPS coordinates) from uploaded photos before storage. Photos you attach to public lists or public check-ins are visible to other users. You may delete your photos at any time through the app.

6. Location Data

Location data is central to Spotlist's nearby discovery and check-in features, but we handle it carefully:

• We request location permission through the standard iOS system prompt
• We access location only while the app is in active use ("when in use"), never in the background
• Location is used for: nearby spot recommendations, check-in verification, and distance-based list sorting
• Location data is shared with Google Places (for nearby search) and Mapbox (for map display)
• You can disable location access at any time in your device's Settings > Privacy > Location Services

7. Push Notifications

With your permission, we send push notifications for new followers, kudos received, list updates from people you follow, taste match suggestions, and nearby spot alerts. You can manage or disable notifications at any time through your device settings or in-app notification preferences.

8. Data Retention and Deletion

Account deletion. You can delete your account at any time through the in-app settings. When you delete your account:

• Your profile, lists, notes, photos, and check-ins are removed within 30 days
• Backup copies are purged within 90 days
• Aggregated, anonymized data (such as spot popularity counts) may be retained indefinitely
• Kudos you sent to others will no longer display your name

Content deletion. You can delete individual lists, notes, and photos at any time. Deletions are processed within the same timeframes as account deletion.

Data retention. We retain your personal information for as long as your account is active or as needed to provide the Service. We may retain certain information as required by law or for legitimate business purposes (such as resolving disputes or enforcing our Terms).

9. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, secure authentication, and access controls. However, no method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us at security@spotlist.io.

10. Children's Privacy

Spotlist is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@spotlist.io and we will promptly delete it.

11. Your Rights and Choices

11.1 All Users

Regardless of where you live, you can:

• Access, update, or correct your profile information at any time through the app
• Delete your account and all associated data
• Control the privacy of your lists and check-ins
• Opt out of push notifications
• Disable location access
• Request a copy of your data by emailing privacy@spotlist.io

11.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to: know what personal information we collect and how we use it; request deletion of your personal information; opt out of the sale of personal information (we do not sell your data); and not be discriminated against for exercising your rights. To exercise these rights, email privacy@spotlist.io.

11.3 European Users (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal basis for processing your information is: your consent (for location data and push notifications), contract performance (to provide the Service), and legitimate interests (to improve the Service and ensure security). You have the right to access, rectify, delete, restrict processing, data portability, and object to processing. To exercise these rights, email privacy@spotlist.io.

12. International Data Transfers

Spotlist is based in the United States. If you use the Service from outside the US, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We implement appropriate safeguards for international data transfers.

13. Third-Party Links

The Service may contain links to third-party websites or services (such as Google Maps for directions). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email at least 14 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at:

Blue Dot Labs, LLC
Email: privacy@spotlist.io
Website: https://spotlist.io