Privacy Policy

Spottle is a cloud-spotting game made for kids. We take privacy — especially children's privacy — seriously. This policy explains what Spottle does and does not collect, and how the information your child creates inside the app is handled.

The short version

• Spottle does not require an account, a sign-in, or an email address.
• Spottle does not sell or share personal information with advertisers.
• Spottle does not contain third-party ads or tracking SDKs.
• Profile information (name, avatar, age bracket, score, found shapes) is stored only on your device.
• When your child scans the sky, the photo is sent to our AI partner (Anthropic) to identify the shape, and then discarded. It is not used to train models.

1. Who we are

Spottle is published by the Spottle team. If you have questions about this policy or your child's data, contact us at support@spottle.app.

2. Information stored on the device

Spottle stores the following locally on your device (in the app's private storage). It never leaves your device unless you back up your phone through Apple.

• Player profile: first name or nickname, chosen avatar, favorite color, age bracket (4–6, 7–9, or 10–13).
• Game progress: score, streak, best streak, total scans, rainbows found.
• A list of shapes your child has spotted (emoji, shape name, fun fact, date).
• App preferences (sound on/off, tutorial completed, EULA accepted).

You can delete all of this at any time by deleting the profile inside the app, or by deleting the app from your device.

3. Camera and photo use

Spottle uses the camera so your child can point it at the sky and scan clouds.

• Photos are captured only when your child taps the Scan button.
• Each scan image is sent securely (HTTPS, TLS 1.2+) to Anthropic's Claude API for shape recognition.
• Anthropic processes the image to return a cloud description and shape guesses, then the image is discarded. Per Anthropic's API terms, API inputs are not used to train their models.
• Spottle does not save scan photos to your camera roll or to any Spottle server.
• Spottle does not use facial recognition. The AI is looking at the sky, not at people.

If the camera accidentally captures a person or identifying detail, that image still is not retained by Spottle or used for training.

4. Location

Spottle does not request or collect location data.

5. Accounts, advertising, and analytics

• No accounts. There is nothing to sign up for. Profiles live on the device.
• No advertising. Spottle shows no ads and uses no ad networks.
• No third-party analytics or tracking SDKs. We do not use Google Analytics, Firebase Analytics, Facebook SDK, or similar.
• No in-app purchases aimed at kids. Any paid features are behind a parental gate.

6. Children's privacy (COPPA / GDPR-K)

Spottle is designed for children under 13 and complies with the U.S. Children's Online Privacy Protection Act (COPPA) and similar rules in other regions (including GDPR-K in the EU and the UK Age Appropriate Design Code).

• We do not knowingly collect personal information from children beyond what is stored locally on the device for gameplay.
• We do not require a child to disclose more information than is reasonably necessary to play the game.
• Parents can review, delete, or refuse further collection of their child's in-app data at any time by deleting the profile or the app.

If you believe your child has provided us with information and you want it removed, email support@spottle.app or submit a data deletion request. We will respond within 7 days.

7. Third-party services we use

• Anthropic (Claude API) — receives scan images to identify cloud shapes. Data is transmitted over HTTPS and not used to train Anthropic's models. See anthropic.com/legal/privacy.
• Apple — Spottle runs on iOS and relies on Apple system services (camera, photo permission prompts, iCloud device backup if the user has it enabled). See apple.com/legal/privacy.

No other third parties receive data from Spottle.

8. Data security

Network traffic between the app and Anthropic is encrypted in transit using TLS 1.2 or higher. iOS App Transport Security is enforced app-wide; plaintext HTTP is blocked. Profile data is stored in the app's sandboxed storage on the device, protected by iOS. No system is perfectly secure, but we limit risk by not collecting data we don't need.

Security researchers: see our security.txt.

9. Parental controls

• Sensitive actions (such as leaving the kid-safe area of the app or opening external links) are placed behind a parental gate that requires an adult-style tap pattern.
• Parents can delete any profile, clear all progress, or uninstall the app at any time.

10. Your rights

Depending on where you live, you may have the right to access, correct, or delete personal data about your child. Because Spottle keeps personal data on the device, most requests are handled by simply opening the app and deleting the profile. If you need additional help, email support@spottle.app or use our data deletion form.

11. Changes to this policy

If we make meaningful changes, we will update the "Last updated" date above and, where appropriate, show a notice inside the app the next time it is opened. Continued use of Spottle after an update means you accept the revised policy.