SpotBite ("we", "us", "our") provides a mobile application that scans food photos and estimates how meals may affect your skin. This Privacy Policy explains what data we handle and how. If you do not agree, do not use the app.
The short version: Your food photos and scan history stay on your device. The food image you scan is sent transiently to our server, forwarded to an AI provider for analysis, and not stored. We do not collect your name, email, or location. We do not sell your data. We do not advertise.
SpotBite is operated by an independent developer based in the Republic of Korea. For privacy questions, contact [email protected].
The following are stored locally on your device using Apple/Google's standard app storage. We never receive copies.
Uninstalling the app deletes all of the above permanently.
When you scan a meal, the food image is sent over HTTPS to our server (a Cloudflare Worker proxy at acne-snap-proxy.dmdghto.workers.dev), which immediately forwards it to our AI provider (Perplexity AI, which routes the request to a Google Gemini vision model) for nutrition recognition. The result is returned to your device. We do not write the image, the response, or your IP address to any database. The proxy may briefly log request metadata for abuse prevention but discards it within hours.
If you subscribe to SpotBite Pro, our payment infrastructure provider RevenueCat receives:
RevenueCat does not receive your name, email, or payment card details. The actual payment is processed by Apple App Store or Google Play and governed by their privacy policies.
If a crash or unhandled error occurs, a report may be sent to Sentry for diagnostic purposes. Reports include:
Reports do not include your photos, food data, or any content you entered. Sentry retains reports per their stated retention policy (typically 30–90 days).
| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Recognize food and estimate nutrition | Food image (transient) | Contract performance |
| Calculate your Skin Score and patterns | Local scan data on your device | Contract performance |
| Manage your subscription | Anonymous subscription state via RevenueCat | Contract performance |
| Diagnose crashes and improve stability | Anonymized error reports | Legitimate interest |
| Send you the local reminders you opt into | Notification settings on your device | Consent |
We share data only with the following service providers, strictly as needed to operate the app:
We do not sell or rent any data. We do not share data for advertising. We do not use third-party analytics SDKs (Google Analytics, Facebook SDK, etc.).
You can:
If you are in the EU/EEA, UK, or California, you have additional rights under GDPR/UK GDPR/CCPA, including access, rectification, portability, and the right to lodge a complaint with your local data protection authority. Because we collect almost no personal data, most of these rights are exercised by deleting the app. For any other request, contact us.
SpotBite is rated 12+ on the App Store and Google Play. We do not knowingly collect personal data from children under 13 (or the equivalent age in your jurisdiction). If you believe a child has used the app, contact us and we will delete any associated subscription record.
The service providers listed in Section 4 may process data in countries outside your own (primarily the United States). They contractually commit to providing protections equivalent to those required by GDPR via Standard Contractual Clauses or equivalent mechanisms.
All network requests use HTTPS (TLS 1.2+). On-device data is stored in app-private storage that requires device unlock to access. We do not operate user accounts or passwords, which eliminates an entire class of credential-related risks.
We may update this policy as the app evolves. The "Last updated" date at the top will reflect the most recent revision. Material changes will be highlighted in-app on next launch.
Questions, requests, or complaints: [email protected]