AutoSpotterX – Privacy Policy

Last Updated: March 16, 2026

1. Introduction

AutoSpotterX ("we," "our," or "us") values your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use the AutoSpotterX Application (including our mobile app available on Google Play, and our web application). It applies to all users and covers the data collected through our applications.

2. Information We Collect

We collect the following types of information:

Account & Profile Data: Username, optional profile photo, account creation date, and AutoXP points (which determine your public XP rank badge displayed to other users). Authentication is handled by Firebase Authentication (email/password or Google sign-in). We also store a unique account identifier (Firebase UID) and whether you accepted our Terms of Service and Privacy Policy (including the current version). Your email address is used only for authentication.

User Content: We collect the following user-generated content:

  • Photos & Videos: Vehicle photo upload depends on originality and rarity. Non-original photos (screenshots, downloads or photos that detected as non original) and common cars are saved only on your device (never uploaded). Original uncommon cars upload to Firebase only (hidden from feed). Original rare+ cars upload to Firebase and Cloudinary (visible in feed unless hidden). Secondary photos and videos never leave your device.
  • Car Details: Make/model, captions/notes, timestamps, and country name/code (derived from location).
  • Privacy Settings: Your sharing preferences for the public feed, Country Spots, and Car Explorer.
  • Social Interactions: Likes, friend connections/requests, and in-app notifications.
  • Moderation: Reports you submit for content moderation.
  • AI Usage: Service usage counts to enforce rate limits.
  • Photo Metadata: We analyze EXIF data (location, camera info, timestamps, editing software) locally on your device for originality detection. Non-original photos are automatically saved locally only. Precise location stays on your device only. We only collect country name/code for uploaded cars.
  • Photo Processing: Car photos are processed on-device (watermarking, privacy blurring, manual blurring) before upload decision. We upload only processed versions. Low-quality versions stored in Firebase (uncommon+); high-quality versions stored on Cloudinary only for rare+ cars shared publicly. Secondary photos and videos never leave your device.

Device & Usage Data: Technical data from your device, such as IP address, browser type, device model, and operating system version, to ensure compatibility and diagnose issues. For security purposes, Firebase App Check generates device integrity tokens (via Google Play Integrity on Android, or reCAPTCHA on the Web) to verify that requests come from genuine devices or browsers running the authentic application. These tokens are temporary and do not contain personal information.

App & Browser Permissions: Camera (to take photos), Location (for mapping features), Internet (for cloud sync), and Network State (to check connectivity). The application does not request broad external storage permissions; any necessary local caching or saving of photos and data is handled safely within the application's own sandboxed storage (such as SharedPreferences or IndexedDB). You can change or revoke permissions through your device or browser settings.

3. Third-Party Services and Partners

AutoSpotterX uses third-party services (each has its own privacy policy):

  • Firebase (Google): User accounts, database storage, and backend services. (Firebase Privacy Policy)
  • Firebase App Check (Google): To protect our backend resources from abuse, we use App Check with Play Integrity (on Android) to verify that requests originate from our authentic app. This service may analyse device integrity tokens but does not retain personal data. (Firebase Privacy Policy)
  • Google ML Kit (Android) & ONNX Runtime Web (Web): On-device detection used for privacy blurring (best-effort). Processing happens 100% locally on your device or in your browser. The application also provides an on-device/in-browser manual blur tool.
  • Google Gemini API: Optional cloud-based car identification. (Google Privacy Policy)
  • Google Play In-App Review (Android Only): Used to request app ratings within the app. (Google Privacy Policy)
  • Google Play In-App Updates (Android Only): Used to check for and notify users of app updates. (Google Privacy Policy)
  • Android Geocoder (Android) & Nominatim (Web): Used to derive country name/code from coordinates (see Section 5.4). We only send raw coordinates; no personal identifiers are attached. Only the resulting country info is stored in our database.
  • Cloudinary: High-quality photos of original rare+ cars (not hidden) are stored on Cloudinary for public feed and Country Spots. Non-original photos, common cars, and hidden photos are never uploaded to Cloudinary. (Cloudinary Privacy Policy)
  • Appwrite: Helps securely delete photos when you delete a car or your account. Hosted in Frankfurt, Germany. (Privacy Policy)
  • OpenFreeMap: Free, open-source map tiles for displaying locations. We do not share personal data, only anonymous map tile requests. (OpenFreeMap)
  • MapLibre GL: Open-source map rendering library.

4. How We Use Your Information

We use your information to:

  • Account & Features: Create and authenticate your account (via email/password or Google sign-in), manage your car collection, calculate stats and XP, and provide AI-powered car identification (with usage tracking to enforce rate limits).
  • Social Features: Enable friends, public feed sharing, Country Spots, Car Explorer, likes, and notifications.
  • Privacy & Control: Respect your privacy settings, including hiding cars from the public feed, Country Spots, and Car Explorer, and controlling location attachment.
  • Maps & Location: Display your private map with spot locations (stored only on your device; only you have access to exact locations). Country names are stored on our servers to display the country in the public feed, Country Spots, and Car Explorer.
  • Photo Processing & Upload: Process photos on your device (EXIF analysis, watermarking, privacy blurring). Non-original and common cars saved locally only, never uploaded. Original uncommon cars upload to Firebase only (hidden from feed). Original rare+ cars upload to Firebase and Cloudinary (for public display unless hidden). Secondary photos and videos remain on your device only.
  • Support & Safety: Provide app updates, troubleshoot issues, moderate reported content, and enforce our Terms of Service. We use Firebase App Check to verify that requests to our backend services (including Appwrite for photo deletion) come from authentic app installations, protecting against abuse and unauthorized access.
  • Compliance & Legal: Track your acceptance of our Terms of Service and Privacy Policy (including version numbers) to ensure legal compliance.

5. Data Sharing

We share specific data in limited scenarios as described below:

5.1 Service Providers

We engage third-party service providers to facilitate our services:

  • Firebase (Google):For user authentication, database storage, and backend services. As our primary backend, Firebase stores all app data described in Section 2, except for GPS coordinates and secondary photos/videos which remain on your device only. Email is stored in Firebase Authentication only for login purposes.
  • Cloudinary: For high-quality photo storage and delivery in the public feed and Country Spots. We only upload high-quality versions of original rare+ cars not hidden from public sharing. Non-original photos, common cars, uncommon cars, and hidden cars are never uploaded to Cloudinary.
  • Appwrite: Securely processes photo deletions when you delete content. We verify it's really you before deleting anything.
  • Google Services (ML Kit, Gemini API) and Android Geocoder: For on-device processing, optional AI identification, and country derivation via device geocoding. Data shared is limited to what is necessary for each service (see Section 3 for details).
  • OpenFreeMap: For map tile services. We do not share personal location data, only anonymous map tile requests.

5.2 Public & Social Features

Information shared with other users through the app's social features:

  • Public Feed: Only original rare+ cars appear in the public feed, unless you enable "Don't Upload to Feed, Country Spots & Car Explorer" or hide individual spots. Non-original photos, common cars, and uncommon cars are automatically excluded (saved locally only or hidden). The feed displays: car photos, profile photos, usernames, car names, likes, rank badges, country, and optional captions. Content shared publicly may be used for promotional purposes. Exact location is never shared, only country (see Section 5.4).
  • Country Spots: Users can browse rare+ cars by country. Only original rare+ cars not hidden from public sharing appear here. Non-original photos, common cars, and uncommon cars are automatically excluded. Displays only car photos and car names: no username or profile info. Only country name shown, no exact location.
  • Car Explorer: A searchable database where users can find specific car models to view technical specifications and community-spotted photos. Only original rare+ cars not hidden from public sharing appear here. This section displays only the car photo and the date it was spotted: no usernames, profile photos, or exact locations are shown.
  • Leaderboard: Public leaderboard shows top 50 users by AutoXP (username, AutoXP points, profile photo).
  • Friends: Friends can see all cars in your collection (car photos and make/model) but not exact locations.
  • Friend Requests: When you send a friend request (via feed or leaderboard), the recipient can see your display name and profile photo in the Friends screen and may receive a notification (e.g., "[Your username] sent you a friend request"). User IDs are internal only.
  • Like Notifications: When you like someone's car, they may receive an in-app notification showing your username and the car details (e.g., "[Your username] liked your Ferrari F40").

5.3 Legal & Administrative

  • Administrators: Administrators may access user data (photos, profile info, content) for moderation and support. They can delete content that violates our Terms of Service. Deleted content is permanently removed from our servers (Firestore and Cloudinary), and users are notified via in-app notification.
  • Law and Safety: We may disclose your information if required by law or to protect our rights, safety, or property.

5.4 Map and Location Privacy

Your location privacy is fully protected:

  • Device-Only Storage: GPS coordinates are stored only on your device (in SharedPreferences on Android, or IndexedDB on the Web). They are designed to reside only on your device and are not uploaded to our servers. Deleted when you clear your browser data, uninstall the app, or delete your account.
  • Location Attachment Control: You can control whether location data is attached to your spots through Settings → Privacy → "Attach Location by Default". When disabled, the app will not extract or store location data from your photos. This setting is enabled by default but can be turned off at any time.
  • Country Data Only: To enable Country Spots and Car Explorer browsing and show which country a car was spotted in inside the feed, we extract country name/code from coordinates using Android Geocoder (on mobile) or Nominatim/OpenStreetMap (on the web). Only the extracted country name/code is stored on our servers; exact coordinates are not.
  • Completely Private: Only you can see exact locations on your personal map. Friends can see your car photos/details but not locations or map markers.

6. Your Rights and Controls

You have control over your personal data and account. You can view and update your profile information, delete your photos or entries, request data export, manage friends, control app permissions through device settings, choose not to upload your spots to the public feed, Country Spots, and Car Explorer, and manage optional features (such as location attachment and cloud AI identification).

Data Export:You can export your data through app settings in a ZIP file, including your profile, cars and media (with location, photos, and videos), friends, notifications, and AI usage counts.

7. Account and Data Deletion

You can delete your entire account through app settings (processed promptly, typically within minutes) or by emailing us at zernoxi6@gmail.com with "Account Deletion" in the subject line (processed within 7 working days). Upon deletion, all personal data will be permanently removed, including your profile, photos, videos, car collection details, friend connections, and activity logs.

Deleting individual photos or entries removes that content from our servers immediately.

Administrative Deletion: Content may also be deleted by administrators if it violates our Terms of Service. When administrators delete your content for policy violations, it is permanently removed from our servers (Firestore and Cloudinary). You will be notified via in-app notification if your content is deleted for policy violations.

8. Additional (Optional) Features

AutoSpotterX offers several optional features with extra privacy considerations:

Local Video Storage: If you record car videos within the app, they are stored only on your device in encrypted form. These videos are designed to remain on your device and are not uploaded or shared externally. Deleting the associated car entry or your account will erase these videos.

Cloud AI Identification: As mentioned in Section 3, the optional Google Gemini service can analyze car photos. This is an opt-in feature: you must choose to send a photo to Google for identification. Only the image is sent (no personal data). Data handling is subject to Google's Privacy Policy. We track your usage count in Firebase to enforce free usage limits.

Social Sharing: Friends, the public feed, Country Spots, and Car Explorer sharing are described in Section 5. You can stop sharing cars to the public feed, Country Spots, and Car Explorer at any time by enabling the global privacy setting in Settings ("Hide from Feed, Country Spots & Database"). You can also hide individual spots from public sharing when saving a car ("Hide from Feed").

9. Children's Privacy

You must be at least 13 years old to use AutoSpotterX (age may vary by local law). We do not knowingly allow users under the minimum age to create an account. Age is verified locally on your device during signup; we do not collect or store your date of birth. If you are a parent or guardian and believe a child under 13 has created an account, contact us at zernoxi6@gmail.com to have it deleted.

10. Other Important Notes

Data Retention: We retain your personal data only as long as necessary to provide the app services or as required by law. When you delete your account, we will remove your data from our systems promptly (typically within minutes, and within 30 days at most), except for any data we are legally required to keep (such as anonymized logs).

AI Accuracy: Our AI features (car identification) are designed to assist you, but they are not 100% accurate. Results should be treated as probabilistic; always verify important information manually.

Local vs. Cloud Processing: Blurring (including manual blur) and watermarking happen on your device. Photos you upload or share are processed locally first (blurred/watermarked as applicable), and we receive/store the processed result. Automatic blurring is best-effort; if it misses something, you are responsible for reviewing your photos and using the in-app manual blur tool before uploading. Third-party servers are used for authentication, data storage, and optional AI identification if you opt in.

Originality Detection: During photo upload, we analyze photo metadata (EXIF data including camera information, GPS data, and timestamps) locally on your device to detect screenshots or downloaded images. Non-original photos are saved only on your device in encrypted storage and never uploaded to any server. They remain visible in your car collection but are not shared with anyone.

Rarity-Based Upload: Car rarity determines upload behavior. Common cars (original or not) are saved locally only and never uploaded. Original uncommon cars upload to Firebase only (hidden from feed, visible to friends). Original rare+ cars upload to Firebase and Cloudinary (visible in feed, Country Spots, or Car Explorer unless hidden via settings).

11. Data Protection and International Transfers

Data Protection: We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. This includes encrypted transmission (HTTPS/TLS), encrypted storage by our service providers (such as Firebase/Google Cloud), secure authentication, and access controls.

Security Limitation: While we implement reasonable and industry-standard security measures to protect your information, no method of transmission over the Internet or method of electronic storage is completely secure. Therefore, we cannot guarantee absolute security of your data.

International Transfers: Your data may be processed in countries other than your own (for example, on servers operated by Google or other service providers worldwide). In such cases, we ensure appropriate safeguards (such as compliance with EU Standard Contractual Clauses or similar measures) are in place to protect your data.

Legal Basis: If you are an EU resident (GDPR), we rely on the following legal grounds for processing:

  • Consent: When you give explicit permission (e.g., enabling location services).
  • Contract Performance: To perform the services you request (e.g., providing access to your account and collection).
  • Legitimate Interests: For app functionality, security, and improvement, balancing our interests against your privacy rights.
  • Legal Compliance: To comply with laws and regulatory obligations.

12. GDPR and CCPA Rights

We comply with applicable privacy laws, including GDPR and CCPA.

EU (GDPR) Rights: If you reside in the European Economic Area, you have rights under GDPR, including the right to access, correct, or delete your personal data; the right to restrict or object to certain processing; the right to data portability; and the right to withdraw consent at any time. You may also lodge a complaint with a data protection authority. To exercise these rights, please contact us (see below).

California (CCPA) Rights: California residents have the right to know what personal data is collected and how it is used, the right to request deletion of personal data, and the right to opt out of the sale of personal data. AutoSpotterX does not sell your personal information (ever) – this is a permanent, unchangeable policy. If you wish to request deletion or disclosure of your data, please contact us.

13. Developer and Contact Information

Developer: Zarnox2525 (app developer)

Contact Email: zernoxi6@gmail.com

Privacy Inquiries: For any privacy-related questions or requests (including data access or deletion), please email us at zernoxi6@gmail.com with "Privacy Request" in the subject line.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time (for example, when adding new features or services). When we make changes, we will update the "Last Updated" date at the bottom of this page and, where appropriate, provide a notice in the app. Continuing to use AutoSpotterX after changes are posted constitutes your acceptance of the updated Privacy Policy.

Last Updated: March 16, 2026