SPOTLINK PRIVACY POLICY
 Last updated: 12 Dec, 2025

1. Introduction

Spotlink ("Spotlink," "we," "us," or "our") values your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and your rights.

By installing, accessing, or using Spotlink’s mobile apps, website, or APIs (the “Service”), you agree to the practices described here.

This policy applies to all platforms, including iOS, where certain disclosures are required under Apple App Store policies.

2. Data We Collect

Spotlink collects data needed to operate the platform, match drivers, prevent fraud, and comply with applicable law. Below is the full list of categories required for App Store disclosure.

2.1 Account Information

  • Phone Number — Verified at sign-up for fraud prevention and unique identification.

  • Email Address — Password recovery, support, receipts, and optional communication preferences.

  • Account Credentials — Salted and hashed; never stored in plain text.

2.2 Location Data

Spotlink is a real-time curb intelligence and matching platform. To operate:

  • Real-Time GPS: Used to show your position, enforce geofences, enable Auto-Link, and generate Ticket Guard alerts.

  • Location History (Short-Term): Stored up to 30 days for dispute resolution, safety investigations, and analytics, then anonymized.

  • Background Location: Only collected if you grant permission and only to enable core Spotlink features (e.g., seamless arrival detection).

Apple-required disclosure:

We do not use precise or background location data for advertising or tracking across apps.

2.3 Transaction & Usage Data

  • SpotCoin Wallet Activity: Purchases, top-ups, spends, refunds, withdrawals.

  • In-App Purchases (Apple): Apple provides billing identifiers and purchase confirmations; Spotlink does not store your Apple payment method.

  • Subscription Data: Plan selection, renewal status, cancellation status (sent from Apple).

  • Match History: Match IDs, timestamps, outcomes, dispute events.

  • Device Information: Device model, OS version, app version, crash logs (if you opt in).

  • Diagnostic Data: Error rates, latency, API call counts, and other performance metrics.

2.4 Automated System Data

  • CurbAI Logs: Sign detections, rule interpretations, 311 alerts.

  • Ticket Guard Alerts: Rule changes, hydrant proximity events, notification triggers.

  • Fraud Prevention Signals: GPS spoofing patterns, abnormal usage patterns, repeated match failures.

3. How We Use Your Data

3.1 Core Functionality

  • Enable Spotter–Seeker matches

  • Operate SpotCoins escrow

  • Detect arrival via geofence

  • Deliver CurbAI rule cards and Ticket Guard alerts

  • Provide navigation and map intelligence

3.2 Security & Fraud Prevention

  • Phone and email verification

  • Abuse prevention, detection of GPS manipulation

  • Dispute resolution involving location logs

3.3 Communications

  • Transactional notifications, receipts, payouts

  • Password resets and security confirmations

  • Optional promotions (opt-out available)

3.4 Improvement & Analytics

  • Routing optimization

  • Load balancing and performance monitoring

  • Feature usage metrics to improve reliability and safety

Important:

No mobile information or personal data is sold or rented to third parties for marketing.

3.5 SMS Communications & Consent

By verifying your phone number, you agree to receive transactional SMS messages (alerts, codes, confirmations).

  • Reply STOP to opt out.

  • Message/data rates may apply.

  • We do not sell or share phone numbers for promotional marketing.

4. Data Sharing & Disclosure

We may share data only with:

  1. Service Providers

    • Stripe/Braintree (payments), Apple (in-app purchases), AWS/Azure (hosting), Redis (queues), Vonage (SMS), analytics and crash reporting tools.

  2. Platform Integrations

    • Apple Maps, Google Maps, Apple Push Notification Service (APNs).

  3. Legal & Compliance Requirements

    • Courts, law enforcement, regulatory bodies when legally required.

  4. Business Transfers

    • Mergers, acquisitions, or reorganizations under confidentiality obligations.

Spotlink does not share your data with third parties for targeted advertising or cross-app tracking.


In limited cases, Spotlink may request identity documents and mailing information solely for verification and reimbursement purposes related to pilot programs. Such information is used only as necessary and retained for the minimum period required.

5. Your Choices & Rights

5.1 Access & Correction

You may update profile information in the app or by contacting support.

5.2 Data Portability

Request an export of your SpotCoin, transaction history, or match logs by emailing:
privacy@spotlink.com

5.3 Opt-Out Controls

  • Disable non-essential notifications

  • Disable crash reporting in settings

  • Limit background location (but this may disable core features)

5.4 Data Deletion

You may delete your account through:

  • App → Settings → Account → Delete Account, or

  • Emailing support@spotlink.app from the address linked to your account.

Upon deletion:

  • Personal data is deleted or anonymized within 30 days, except where law requires retention.

  • SpotCoin balances (base + bonus) are forfeited and cannot be restored.

  • Subscriptions purchased through Apple must be canceled separately via:
    Settings → Apple ID → Subscriptions

Certain logs may be retained up to 24 months for fraud detection, legal defense, and compliance.

6. Data Retention

  • Account Data: Kept until deletion request.

  • SpotCoin & Transaction Records: Retained at least 7 years (tax, accounting, anti-fraud laws).

  • Location History: Retained 30 days, then aggregated/anonymized.

  • Diagnostic Logs: Retained 90 days unless needed for technical improvement.

7. Security Measures

Spotlink implements industry-standard technologies:

  • Encryption: TLS for data in transit; AES-256 encryption at rest.

  • Access Controls: Role-based permissions, secure key rotation, MFA for administrative systems.

  • Monitoring: Continuous threat detection, audits, vulnerability scanning.

  • Secure Coding Practices: OWASP-aligned security guidelines.

No system is 100% secure, but we actively monitor and mitigate risks.

8. Children’s Privacy

Spotlink is not for individuals under 16 (or the legal driving age in your region).
We do not knowingly collect personal data from minors. If you believe a minor is using the service, contact us for deletion.

9. International Data Transfers

Your data may be processed in the U.S. or other jurisdictions where our providers operate.
We use Standard Contractual Clauses (SCCs) and equivalent mechanisms to protect data under GDPR and other laws.

10. Tracking, Advertising & Third-Party SDKs

  • Spotlink does not track users across third-party apps or websites.

  • Spotlink does not use cross-app advertising identifiers (IDFA) unless explicitly granted by the user under App Tracking Transparency (ATT).

  • Any analytics SDKs operate in privacy-preserving mode and do not link collected data with third-party datasets for advertising.

11. Changes to This Policy

We may update this Privacy Policy periodically.
We will notify you in-app or via email before major changes take effect.

Continued use of Spotlink after changes constitutes acceptance.

12. Contact Us

For privacy inquiries or data requests:

support@spotlink.app
privacy@spotlink.app (for exports & formal privacy matters)

© 2025 Spotlink LLC. All rights reserved.