Product scope. This Privacy Policy applies only to the SpotPin app, offered by Asetral. It is not the general privacy policy for our company website or for other products unless we say otherwise on those pages.

Privacy Policy — SpotPin

Effective date: 9 May 2026

This Privacy Policy explains how Asetral collects, uses, stores, shares, and otherwise processes information in connection with SpotPin and related services. Asetral operates asetral.com and may appear in product and storefront materials under the trade names Asetral Studios and Asetral Software; those names refer to the same operator. Asetral is an online software studio with a distributed remote team. Day-to-day operations are coordinated from Türkiye, while SpotPin is offered to users in Türkiye, the United States, the European Economic Area, the United Kingdom, the Asia–Pacific region, and other countries.

1. Data controller and contact

The data controller for personal data processed through SpotPin is Asetral (also referred to as Asetral Studios or Asetral Software). For privacy requests and inquiries, contact contact@asetral.com.

2. Scope

This Policy covers the SpotPin mobile application and the online services Asetral operates to support it (including hosting, authentication, synchronisation, analytics, crash diagnostics, and advertising delivery as described below). It does not govern third-party applications or websites you open from SpotPin (for example external map, routing, or satellite apps), which are subject to their own terms and privacy notices.

3. Information we collect

• Account information. If you create an account, identifiers are processed through Firebase Authentication, including your email address for email sign-in and, when you choose it, data received through Google Sign-In.
• Content you provide. Places you save, titles, notes, categories, coordinates, favourites, archive status, styling or display preferences, duplicate relationships, photos you attach, reminder and countdown settings (including optional custom notification title and body text), timer-related data associated with countdowns, and data you include when you export or import backups.
• Location information. With your permission, precise or approximate device location is used to place pins, show distance, position maps, and open supported navigation links. Map display may use OpenStreetMap community data, CARTO raster basemaps, Mapbox raster map tiles (which can involve a Mapbox access token embedded in the application build when that map style is enabled), and Google Maps platform components when included in your build, according to your settings and configuration.
• Notifications and alarms. Information needed to schedule and deliver reminders, including where the operating system allows use of exact alarms or similar scheduling features after any required consent.
• Photos and media. Camera and gallery (or file picker) content only when you choose to capture or attach images to saved places.
• Diagnostics, performance, and security signals. App events, aggregated usage metrics, device and app identifiers permitted by the platform, integrity or attestation signals where the app or store uses them for abuse prevention, and crash or error reports via Firebase Analytics and Firebase Crashlytics.
• Advertising-related data. Google AdMob and its partners may process device identifiers (including advertising IDs where available and permitted), IP address, coarse location, app interaction events, fraud-prevention signals, and similar technical data needed to serve and measure ads subject to regional and platform restrictions.
• Communications you send us. The content of emails or other messages you voluntarily send to contact@asetral.com or related support channels.

SpotPin is not designed to require access to unrelated sensitive device categories such as your contacts list, microphone, calendars, SMS, payment card numbers, government ID stored on the device, or health data solely to provide the features described in store listings.

4. How we use information

• Provide SpotPin features, including saved places, maps, reminders, optional cloud sync for signed-in users, and backup or import flows you initiate.
• Authenticate users and protect accounts.
• Maintain reliability and security, prevent abuse, and debug issues.
• Measure aggregate product use and advertising performance.
• Comply with law and respond to lawful requests when permitted and required.
• Enforce our terms and defend our legal position where necessary.

Asetral does not use personal information to make solely automated decisions that produce legal effects or similarly significant effects concerning you within the meaning of the EU General Data Protection Regulation beyond routine operational checks (such as blocking clearly invalid sign-in attempts).

5. Legal bases for processing

Where EU, UK, or similar laws require a legal basis, processing may rely on: performance of a contract (providing SpotPin features you request, including optional account-backed sync); legitimate interests that are not overridden by your rights (for example securing the service, proportionate analytics, product improvement, and fraud prevention); consent where consent is required (for example certain optional tracking or ads settings governed by platform controls); and compliance with legal obligations.

6. Guest use, accounts, and synchronisation

• Guest or local mode. You may use SpotPin without an account. In that mode, primary data ordinarily remains on your device until you delete it, clear app data, uninstall the application, or replace it using your own backups.
• Signed-in mode. If you sign in, SpotPin may store and synchronise eligible data using Firebase Cloud Firestore and Firebase Cloud Storage associated with your account, subject to Firebase security rules and your account credentials.

7. Permissions

• Location for map, pin, and navigation hand-off features.
• Camera and photos for attaching images you choose.
• Notifications for reminders.
• Exact alarms or related scheduling permissions where the operating system separates them, to improve timely delivery of reminders when you enable such features.

You can review and change permissions in your device settings at any time. Some features require specific permissions to function.

8. Sharing and disclosure

Asetral does not sell your personal information for money. Information is shared with service providers that process data on our behalf to operate SpotPin, including Google (Firebase Authentication, Firebase Analytics, Firebase Crashlytics, Cloud Firestore, Cloud Storage, Google Sign-In, Google Mobile Ads / AdMob, and Google Maps platform services when included in a build), and mapping or tile infrastructure providers when you use corresponding features: OpenStreetMap data and tile CDNs, CARTO basemap services, and Mapbox (tile requests and related technical data when Mapbox raster maps are selected; Mapbox’s terms and privacy notice apply). Those providers may receive IP addresses, approximate location inferred from tile requests, and device technical data as part of delivering map imagery. Information may also be disclosed if required by applicable law, regulation, legal process, or governmental request; to protect the rights, property, or safety of Asetral, users, or others; in connection with a merger, acquisition, financing, or sale of assets where personal data may transfer as a business asset subject to appropriate safeguards; or with your direction or consent.

Advertising partners may process information under their own policies and may participate in industry programmes. You can use device and account settings, including advertising ID controls and platform privacy options, to limit certain forms of ad personalisation or measurement where available.

9. International data transfers

Because SpotPin uses global cloud providers, information may be processed in Türkiye, the United States, the European Economic Area, the United Kingdom, the Asia–Pacific region, and other countries. Where required by law, we rely on appropriate transfer mechanisms such as adequacy decisions, standard contractual clauses, the UK International Data Transfer Addendum or extension, and supplementary measures recommended by regulators.

10. Retention

• Local app data remains on your device according to your actions until removed by you, cleared, or lost on uninstall.
• Cloud-synced data remains linked to your account until you delete it through in-app means where available, delete your account, or we remove it in response to a verified request or policy, subject to legal retention requirements.
• Analytics, diagnostic, and advertising records are retained for periods defined by our agreements with providers and operational needs, then deleted or aggregated as permitted.

11. Security

Asetral uses technical and organisational measures appropriate to the nature of the service. No method of electronic storage or transmission is completely secure, and Asetral cannot guarantee absolute security.

12. Children’s privacy

SpotPin is not directed to children under 13 (or the minimum digital consent age in your jurisdiction). Asetral does not knowingly collect personal information from children in violation of applicable law. If you believe information was collected from a child in error, contact contact@asetral.com and Asetral will take appropriate steps.

13. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to certain processing, and to withdraw consent where processing is consent-based. You may lodge a complaint with a data protection supervisory authority in your country.

• European Economic Area and United Kingdom. You may exercise GDPR or UK GDPR rights by contacting contact@asetral.com. Contact details for EU supervisory authorities are published by national regulators and the European Data Protection Board. UK residents may contact the Information Commissioner’s Office.
• United States (state privacy laws). Residents of certain states may have additional rights regarding access, deletion, correction, and opt-outs related to targeted advertising or “sharing” of personal information as defined locally. For example, California residents may have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act, including rights regarding sensitive personal information where those categories apply to processing described in this Policy. SpotPin does not sell personal information for money; some ad measurement may nonetheless be regulated as sharing or targeted advertising under state laws. Requests can be submitted to contact@asetral.com. Depending on applicable law you may appeal a denied request as described in our response.
• Asia–Pacific and other regions. If you live outside the regions listed above, local privacy laws may still apply (for example the Personal Data Protection Act in Singapore or the Privacy Act in Australia). You may contact contact@asetral.com to exercise rights available to you under applicable law, and you may lodge a complaint with your local data protection or consumer authority where that is available.
• Türkiye (KVKK). Users in Türkiye may exercise rights available under Law No. 6699 and related regulation by contacting contact@asetral.com.

Asetral may need to verify your identity before fulfilling certain requests.

14. Automated decision-making

Beyond screening for abuse using technical signals, Asetral does not use personal information in a way that produces solely automated decisions with legal or similarly significant effects regarding you.

15. Changes to this Policy

Asetral may update this Privacy Policy. The Effective date will be revised when updates are published inside SpotPin or through other reasonable notice channels. Continued use after the Effective date constitutes acceptance unless applicable law requires a different acceptance mechanism.

16. Contact

Privacy enquiries: contact@asetral.com