SweatShot.

Legal

PRIVACY POLICY

Last updated June 2026

Who we are

SweatShot is operated by Eugenio Bustamante, located in Spain (“SweatShot”, “we”). We are the data controller for the personal data described in this policy. Contact: hello@sweatshot.app.

Information we collect

Account: email address, password (stored as a hash by our authentication provider), username. Profile (optional): profile photo, bio, location (free text you type — we never access your GPS), profile links. Content: workout photos (front and back camera), captions, group messages, emoji reactions. Activity: circle memberships, daily streaks, reminder time preference. Diagnostics: crash reports and performance data (via Sentry) that may include your device model, OS version and app state at the time of a crash. If push notifications launch, we will also store a push notification token.

How we use your information

To provide the service (deliver your posts and messages to your circles, maintain streaks) — legal basis: performance of our contract with you. To keep the platform safe (reviewing reported content, enforcing blocks) — legal basis: legitimate interest. To fix crashes and improve stability — legal basis: legitimate interest. Reminders and notifications — legal basis: your consent, which you can withdraw at any time. We do not use your data for advertising and we never sell it.

Where your data lives

Your data is processed by: Supabase (database, storage and authentication — hosted in the EU, Ireland, eu-west-1) and Sentry (crash reporting — EU data ingestion, Germany). Workout photos are stored in a private bucket and served through expiring signed links available only to signed-in members of your circles.

Who sees your content

Posts and messages are visible only to members of the circles you share them with. Your profile (username, photo, bio, location text, links) is visible to other signed-in SweatShot users. Nothing is public.

Moderation

If content is reported, our team may review it to enforce our Terms of Service. Content reported multiple times may be hidden automatically pending review.

Data retention & deletion

We keep your data while your account is active. You can delete your account at any time in the app under Settings → Delete Account. This permanently removes your profile, photos, posts, messages, reactions, streaks and group memberships from our systems within 30 days.

Your rights

You have the right to access, correct, export and delete your personal data, to object to or restrict processing, and to lodge a complaint with your data protection authority. California residents have equivalent rights under the CCPA. To exercise any right, email hello@sweatshot.app — we respond within 30 days.

Children

SweatShot is not for children under 13. We do not knowingly collect data from under-13s; if we learn we have, we delete the account.

International transfers

Our infrastructure is EU-hosted. Where any processing involves a transfer outside the EEA, it is protected by Standard Contractual Clauses or an adequacy decision.

Cookies and tracking

The mobile app contains no advertising or tracking SDKs. This website uses no advertising trackers.

Changes

We will notify you in the app of material changes to this policy before they take effect.

Contact

Privacy questions and data requests: hello@sweatshot.app