Privacy Policy

1. Data Controller

Responsible for data processing under GDPR:

Bartos Gwozdz
building.vibes
Dortmund, Germany
Email: bartos@buildingvibes.de
Phone: +49 170 9649443

2. Overview

Spotbite is an AI-powered restaurant discovery app for iOS. The app uses your location and natural language to give you personalized restaurant recommendations. Your privacy matters to us — we do not store personal data on servers operated by us beyond what is necessary for app functionality.

3. Data Collection

Spotbite processes the following data for app functionality:

• Location data: Your current location is used to find nearby restaurants. Location is only accessed while the app is actively in use — no background tracking occurs.
• Search queries: Your natural language inputs are sent to Google Gemini for AI processing. These queries are not permanently stored on our servers.
• Restaurant data: Results from the Google Places API (name, address, ratings, photos) are temporarily processed for display.

Specifically, we do not collect:

• Usage analytics or tracking data
• Device identifiers or advertising IDs
• Browsing history
• Crash reports or diagnostics sent to us

4. Data Storage

App data is stored locally on your device and optionally synced via Firebase Cloud:

• Favorites: Saved restaurants in the app's local database
• Search history: Past search queries stored locally
• Dietary preferences: Your settings (vegan, vegetarian, allergies, budget) stored locally
• Search radius: Your preferred distance stored locally

4.1 Cloud Sync (Optional)

If you sign in with your account, Spotbite uses Firebase/Firestore to sync your data across devices. This includes favorites, dietary preferences, and search radius settings. You can disable cloud sync in the app settings. All cloud data is deleted when you delete your account.

5. Sign in with Apple (Optional)

• Your Apple ID email (or relay email) and display name are used for account creation
• We do not receive or store your Apple ID credentials on any server
• You can skip Sign in with Apple and use the app as a guest

6. Network Activity

1. Google Gemini API: Your search queries are sent to Google's AI service to determine the best restaurant recommendation. Context includes your query, approximate location, and dietary preferences.
2. Google Places API: Restaurant information (name, address, hours, ratings, photos) is retrieved from Google.
3. Apple MapKit: Map data and tiles are loaded from Apple to display the map view.
4. Firebase: If enabled, account data and favorites sync via Google Firebase.

Spotbite does not send any data about you to servers operated by us.

7. Third-Party Services

• Google Gemini: AI-powered search. Subject to Google's Privacy Policy.
• Google Places API: Restaurant data. Subject to Google's Privacy Policy.
• Firebase (Google): Optional cloud sync. Subject to Firebase Privacy Policy.
• Apple MapKit: Map display. Subject to Apple's Privacy Policy.
• Sign in with Apple: Optional auth. Subject to Apple's Privacy Policy.

Spotbite does not integrate with any third-party analytics, advertising, or tracking services.

8. Location Data

Spotbite uses Apple CoreLocation to determine your current location:

• Location is accessed only while the app is in use
• No background tracking occurs
• Your exact location is not stored on our servers
• Approximate location is temporarily sent to Google Gemini and Google Places to find nearby restaurants

You can revoke location permission at any time in iOS Settings > Privacy & Security > Location Services.

9. Permissions

• Internet access: Required for AI search, restaurant data, and maps
• Location (while using): Required for nearby restaurant recommendations
• No camera permission
• No contacts permission
• No calendar permission

10. Your Rights (GDPR Art. 15-21)

• Right of Access (Art. 15): Most data is on your device. With cloud sync, view your data in app settings.
• Right to Erasure (Art. 17): Delete the app for local data. Delete your account in settings for cloud data.
• Right to Data Portability (Art. 20): Your local data remains with you on your device.
• Right to Object (Art. 21): Disable location permission and cloud sync at any time.

11. Data Security

• Data is stored in an isolated iOS Sandbox
• With device protection enabled (Face ID/Touch ID), data is encrypted
• All API calls use secure HTTPS connections
• Firebase uses its own security rules and encryption

12. Children's Privacy

Spotbite does not intentionally collect data from children under 13. The app is rated 4+ and is safe for all ages.

13. Changes to This Privacy Policy

If this privacy policy is updated, the changes will be reflected here with an updated effective date.

14. Contact

Email: support@buildingvibes.de
Website: buildingvibes.de

App Store Connect — Privacy Nutrition Label

• Data Collection: Location (for app functionality)
• Data Linked to You: None
• Data Used to Track You: None
• Data Not Linked to You: Coarse Location (for restaurant search)
• Third-Party Data: Google may process search queries and location for restaurant results