Privacy Policy

Last updated April 15, 2026

IRONSPOT does not sell your data. We do not track you. We do not serve ads. This policy simply explains what data is collected and why.

1. Who we are

IRONSPOT is a collaborative mobile and web application dedicated to mapping street workout and calisthenics spots. The app is independently developed and maintained.

Data controller: IRONSPOT — contact: contact.ironspot@gmail.com

2. Data collected

IRONSPOT only collects data necessary for the app to function:

User account

Email address and display name — provided when signing in via Google or email/password
Profile photo — optional, pulled from your Google account if you use that sign-in method

Location

Precise GPS position — only when you explicitly grant permission, to center the map on your location or associate a spot with your position. Your movements are never recorded or continuously transmitted. The app does not use background location.

Community contributions

Spot photos — photos submitted when adding or verifying a spot are stored to enable automatic AI equipment detection and display on the community map
Spots added — name, GPS coordinates, equipment, characteristics, timestamp
Validations and confirmations — your identifier is linked to the confirmations you make on existing spots
Reports — when reporting an issue on a spot, the information transmitted includes the spot name, its GPS coordinates, the reason for the report and your user identifier

Preferences and favourites

Favourite spots — the spots you save and the associated reason (nature connection, urban vibe, equipment quality) are stored in your profile
Display preferences — chosen visual theme (Iron/Default or Neon Power), selected language, notification preferences

Training sessions

Performance data — repetitions (push-ups, pull-ups, dips), plank time, session date. This data is manually entered by you and stored in your profile. It is only accessible to you and is never shared or transmitted to third parties.

Meetups

Session organisation — when you create or join a meetup at a spot, your display name, date, time and chosen spot are shared only with the other participants invited to that meetup

3. What we do not collect

Your movement history or background location
Advertising identifier (AAID/IDFA)
Behavioural data for profiling or targeting purposes
Phone contacts
Biometric data
Payment information (the app is free)

4. Use of data

The data collected is used exclusively for:

Displaying and enriching the collaborative spot map
Enabling automatic equipment detection by artificial intelligence (Anthropic Claude API)
Collectively validating spots through user contributions
Organising and displaying training meetups between users
Sending you proximity notifications if you have enabled them
Displaying your performance history and personal statistics in your profile
Forwarding problem reports to the IRONSPOT team for moderation

5. Android app permissions

The Android app requests the following permissions:

Permission	Usage	Type
ACCESS_FINE_LOCATION	Center the map on your position and associate a spot with your location	Requise
Accès aux photos (sélecteur système)	Take or select a photo when adding a spot — via the native Android picker, without access to your full gallery	Optionnelle
POST_NOTIFICATIONS	Receive spot proximity alerts and meetup updates	Optionnelle
INTERNET	Access to map data and synchronisation of contributions	Requise

The app does not use ACCESS_BACKGROUND_LOCATION. Location is never accessed in the background.

6. Third-party services

IRONSPOT uses the following services, each subject to its own privacy policy:

Firebase (Google) — authentication, Firestore database, photo storage, hosting. Politique Firebase →
Stadia Maps — map tiles. Politique Stadia Maps →
Anthropic Claude API — AI analysis of submitted photos to detect sports equipment. Photos are sent to the API on a one-off basis and are not used to train models. Politique Anthropic →
EmailJS — transmission of bug reports and spot issues to the IRONSPOT team. Politique EmailJS →

7. Data retention

Your data is retained for as long as your account is active. Upon account deletion, your personal data (email, name, sessions, favourites, preferences) will be erased within 30 days.

Spots and contributions you have added may be retained in anonymised form to maintain the integrity of the community map, unless you explicitly request full deletion.

8. Your rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

Right of access — obtain a copy of your personal data
Right to rectification — correct inaccurate data
Right to erasure — delete your account and your data
Right to data portability — receive your data in a structured format
Right to object — object to certain processing activities
Right to withdraw consent — disable notifications or location at any time from the app or device settings

To exercise these rights: contact.ironspot@gmail.com

If your complaint is not resolved, you may contact the CNIL (French Data Protection Authority) or your local supervisory authority.

9. Security

Data is hosted on Google's Firebase infrastructure, with encryption in transit (HTTPS/TLS) and at rest. Data access is controlled by strict Firestore security rules ensuring that a user can only access their own data, except for public community contributions (spots, validations).

10. Community content moderation

IRONSPOT hosts community contributions (spots, photos, validations). An in-app reporting system allows any user to flag problematic content. Each report is handled manually within 15 days.

Learn more: Moderation Policy →

11. Changes to this policy

This policy may be updated to reflect changes to the app or legal requirements. In the event of a substantial change, users will be notified by in-app notification or email at least 15 days before the changes take effect. The update date at the top of this page always reflects the latest version in force.