Privacy Policy

Last updated: March 24, 2026

Spotted App ("Spotted!", "we", "our", "the app") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

Data We Collect

When you use Spotted!, we collect the following data:

• Sighting data: Species type, sighting type (squished, spotted, or egg mass), lifecycle stage, and timestamp
• Location: GPS coordinates of the sighting location, stored internally as a geohash
• Photos: If you take a photo when reporting a sighting, the image is uploaded to Firebase Storage and may be sent to the iNaturalist API for species identification
• Anonymous user ID: Generated automatically via Firebase Anonymous Authentication -- no email, password, or personal information required
• Display name: Only if you choose to set one in your profile
• Usage data: Basic app functionality data such as sighting counts, XP, streaks, and badge progress

Data We Do NOT Collect

• No email addresses, phone numbers, or real names (unless you voluntarily set a display name)
• No contacts, browsing history, or data from other apps
• No advertising identifiers or tracking data
• No third-party analytics -- we do not use Firebase Analytics or any other analytics service

How We Use Your Data

• App features: Display sightings on the map, compute leaderboards, track your stats, streaks, and badges
• Species identification: Photos may be sent to the iNaturalist API (api.inaturalist.org) for AI-assisted species identification. iNaturalist processes the image and returns a prediction. See iNaturalist's privacy policy for their data handling practices.
• Invasive species research: Aggregated, anonymized sighting data may be shared with government agencies and academic researchers to help combat spotted lanternfly spread

Third-Party Services

Spotted! uses the following third-party services:

• Firebase Authentication: Anonymous sign-in to associate your sightings with a device-generated ID. No personal credentials are collected.
• Firebase Firestore: Cloud database for storing sighting data, leaderboard entries, and user profiles. Data is encrypted at rest and in transit.
• Firebase Storage: Stores sighting photos that you upload when reporting.
• Firebase Crashlytics: Collects anonymous crash reports to help us fix bugs. No personally identifiable information is included.
• iNaturalist API: Photos may be sent for species identification. We do not control iNaturalist's data retention.

Data Sharing

We may share aggregated, anonymized sighting data with:

• Virginia Department of Agriculture and Consumer Services (VDACS)
• USDA Animal and Plant Health Inspection Service (APHIS)
• Virginia Cooperative Extension and Virginia Tech researchers
• County-level environmental agencies
• Global Biodiversity Information Facility (GBIF) for open-access research

Shared data contains only sighting metadata (species, geohash location, timestamp, lifecycle stage) and anonymous user IDs. No personal information is ever shared.

Location Data

We request "When In Use" location permission to tag your sightings and center the map on your area. Location is stored as a geohash (an approximate area, not precise coordinates). In data exports, a 6-character geohash (~1.2 km precision) is used instead of raw coordinates to protect your privacy. We do not track your location in the background.

Camera and Photos

We request camera permission for the Spot screen viewfinder. When you submit a sighting report with a photo, the image is compressed and uploaded to Firebase Storage. Photos may also be sent to the iNaturalist API for species identification. Photos are associated with your anonymous user ID and sighting data only.

Local Storage

The app stores preferences and cached data locally on your device using UserDefaults and local JSON files. This data never leaves your device except when synced to Firebase as part of normal app operation.

Notifications

If you grant notification permission, we send local notifications for streak reminders and weekly progress summaries. These are generated on your device, not pushed from a server. You can disable notifications at any time in iOS Settings.

Data Retention

Sighting data is retained indefinitely to support long-term invasive species research and tracking. Photos in Firebase Storage are retained as long as the associated sighting exists. You can delete all of your data at any time (see Your Rights below).

Your Rights

• Data export: You can export all your sighting data as a CSV file from the Me tab in the app. Exports use geohashed locations rather than precise coordinates.
• Data deletion: You can delete all your data (sightings, stats, and progress) directly within the app from the Me tab. This action is permanent and cannot be undone.
• Opt out: You can stop using the app at any time. No data is collected when the app is not in use.

Data Security

Your data is stored in Google Firebase with encryption at rest and in transit. The app uses Firebase Anonymous Authentication, so there are no passwords or credentials to protect. Access to the database is restricted to authorized personnel only.

Children's Privacy

Spotted! does not knowingly collect personal data from children under 13. The app does not require an account and collects minimal data by design. If you believe a child under 13 has provided personal data through the app, please contact us so we can take appropriate action.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the app after changes constitutes acceptance.

Contact

Questions about this privacy policy? Email feedback@getspotted.com