Imprint & Privacy Policy

Last updated on March 31st, 2026

Imprint & Privacy Policy

Simply Concepts UG
Martin-Luther-Straße 88
67433 Neustadt

HRB 69125

Email: hello@spot-pin.com

Responsible for content according to Section 18, Paragraph 2 of the MStV (German Interstate Media Treaty):

Simply-Concepts UG
Tobias Oberländer
Martin-Luther-Straße 88
67433 Neustadt
Mobile: 0152 38562623

EU Dispute Resolution: The European Commission provides a platform for online dispute resolution (ODR): https://ec.europa.eu/consumers/odr/.

Consumer Dispute Resolution / Universal Arbitration Board:

We are neither willing nor obligated to participate in dispute resolution proceedings before a consumer arbitration board.

Welcome to SpotPin! This privacy policy describes how we collect, use, and disclose information when you use our app and website. By using our services, you agree to the data collection and usage described in this privacy policy.

1. Data Controller and Contact

The party responsible for data processing on this website and within the SpotPin app is:

Simply-Concepts UG
Tobias Oberländer
Martin-Luther-Straße 88
67433 Neustadt, Germany
Email: hello@spot-pin.de

A Data Protection Officer has not been officially appointed as it is not legally required for the current size of the company.

2. Our Philosophy: "Anti Doom Scrolling" & "Real-World First"

SpotPin is designed as an alternative to traditional social networks. Our core philosophy is "Anti Doom Scrolling":

No Algorithm:

We do not use automated systems to analyze your behavior to serve content.

No Feed:

There is no endless scrolling feed; the physical world and your current location are the only interface.

Real Experiences:

The app is designed to make real-world activities visible and encourage users to go outside.

3. Data Collection and App Permissions

3.1 Required Device Permissions

To provide its functions, the app requests access to the following resources:

Location (Precise GPS Data): Required because "Spots" can only be created on-site, and the map is the central UI element.

Camera & Microphone: Required to record authentic, maximum 60-second video spots.

Notifications: Required to receive push notifications via Firebase Cloud Messaging (FCM).

3.2 Processed Data Categories

We process the following personal data:

Account Data: Name, email address, and phone number for identification and account management.

Profile Content: Profile picture (via Cloudinary) and optional links to other social media platforms.

Media Content: The short videos you record, including an exact timestamp.

3.3 Visibility of Spots

When creating a Spot, the user determines its visibility by selecting a target audience (e.g., "Public," "Friends," or "Only me"). The processing of this data is strictly governed by the chosen setting. If the "Only me" option is selected, processing is limited to the storage and provision of the Spot within the user's personal account; no disclosure to other users or third parties will occur.

3.4 Sharing of Spots (Opt-out)

The functionality for recipients to share Spots is enabled by default. However, users have the option to manually deactivate this sharing feature for each individual Spot. Deactivating this feature disables the technical interface for sharing the respective Spot via in-platform functions, preventing further distribution by third parties.

4. Infrastructure and Third-Party Providers

We use specialized service providers to ensure security and performance. Data transfers to third countries (e.g., USA) are secured by the Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC):

Hosting & Cloud Infrastructure:

AWS (Amazon Web Services). Processing and monitoring take place in the Frankfurt, Germany region (eu-central-1).

Database:

MongoDB Atlas. Storage of profiles and pins occurs within the EU (Frankfurt/Ireland region).

Video Services:

Mux. This service is used for video hosting and streaming infrastructure; data processing takes place in the USA.

Notification Service:

Firebase Cloud Messaging (FCM). This Google service is used to send system notifications (USA/Global).

5. Security and Local Storage

Encryption:

All data transmissions are encrypted via TLS 1.2+.

Password Protection:

Passwords are saved securely using the bcrypt hashing method.

Local Storage:

Authentication tokens (JWT) and session data are stored locally on your device to ensure functionality.

Access Control:

We use a Role-Based Access Control (RBAC) system to minimize internal data access.

6. Retention and Deletion

Temporary Visibility:

Spots are visible for a limited time and disappear automatically upon expiration or through premature deletion of the spot by the creator.

Account Deletion:

When a deletion request is made, a soft-delete process is applied. Your data will be blocked for a 30-day grace period and then permanently deleted.

Web Deletion Option:

In accordance with Google requirements, you can also request the deletion of your account without installing the app at www.spot-pin.de/delete-account.

7. Your Rights and Withdrawal

You have the right to information, correction, deletion, and data portability of your data in accordance with the GDPR.

Withdrawal Rights and TDDDG (as of 2026):

Web Tracking: Access to information on your device on our website only occurs after your explicit consent in accordance with § 25 TDDDG.

Business Section: Currently, no paid services are offered. Should paid business subscriptions be introduced in the future, we will provide an easily accessible withdrawal button on the website starting in June 2026, as legally required.

FAQs

Answers to your questions