Privacy Policy

Last updated: May 14, 2026

1. Who we are

The Spot (“we”, “us”, “the app”) is operated by Summit Capital LLC, located in Las Vegas, Nevada, USA. The Spot is an in-person-first dating app: matches see each other’s “going out tonight” status and can send time-limited location pins. The app does not allow direct messaging between users.

Contact us at hello@onthespotdating.com.

2. Scope

This policy covers both onthespotdating.com (the waitlist site) and the The Spot iOS app. Where there is a difference between what is collected on the website versus inside the app, we call it out below.

3. Eligibility

You must be 18 years of age or older to create an account or join the waitlist. We do not knowingly collect information from anyone under 18. If we learn we have collected data from someone under 18, we will delete it immediately.

4. What we collect

From the website:

  • Your email address (waitlist signup only)
  • Sign-up timestamp
  • Your browser’s user-agent string (used to detect bot signups)

We do not use cookies, third-party analytics, or marketing trackers on the website.

From the iOS app:

  • Authentication. Facebook profile (name, photo, Facebook user ID) and/or Apple ID, used to sign you in and prevent duplicate accounts.
  • Profile content. Photos you upload, name, birthdate, hometown, gender, pronouns, preferences, prompts and answers, meet-up spot preferences.
  • Identity verification. A selfie matching a specific pose. Reviewed by our team (or a third-party verification provider, once integrated) to confirm you are a real person and at least 18.
  • Location. Only the static location pin you choose to share with one specific match when you send an invite. The pin is valid for 30 minutes and does not move with you. We do not collect continuous location.
  • Activity. Matches, likes, passes, “going out tonight” posts, and invites sent or received.
  • Device. iOS version, device model, app version, IP address. We request App Tracking Transparency permission only because Facebook’s SDK needs it to sign you in via Classic Login.
  • Subscription. RevenueCat subscriber ID, plan, and billing status. We do not see your full payment card — Apple handles billing.
  • Safety reports. When you report another user, we store the report reason and your free-text details for moderation review.

We do not collect: precise continuous location, your contacts, your calendar, microphone audio, or your camera roll outside the photos you choose to upload.

5. How we use your information

  • Match you with other users who match your preferences
  • Show your “going out tonight” status only to your mutual matches
  • Process invites (location pins valid for 30 minutes)
  • Verify your identity and prevent fake or banned users from re-registering
  • Provide customer support
  • Detect fraud, abuse, and violations of our community rules
  • Comply with legal obligations

6. Who we share information with

  • Authentication providers — Facebook (Meta Platforms) and Apple — to sign you in.
  • Firebase (Google LLC) — backend storage, authentication, and push notifications. Firebase’s practices: firebase.google.com/support/privacy.
  • Identity verification provider — pending vendor selection — to verify your selfie and ID. They retain records per their own retention policy.
  • RevenueCat — to manage subscriptions.
  • Apple App Store — to process payments for subscriptions.
  • Law enforcement — when legally required, with appropriate process.

We do not sell your personal information.

7. Your rights

  • Delete your account at any time — in-app: Profile → Settings → Account → Delete account. See the Data Deletion page for details and the email path for users who can’t access the app.
  • Request a copy of your data by emailing us.
  • Correct inaccurate data in the Profile tab.
  • Withdraw consent by deleting your account.
  • Opt out of App Tracking Transparency in iOS Settings → Privacy → Tracking → The Spot. This disables Facebook sign-in but the rest of the app keeps working if you use Apple sign-in.

If you live in California, the EU/UK, or another jurisdiction with specific privacy laws (CCPA/CPRA, GDPR, etc.), you may have additional rights. Contact us and we will honor them within the legal timeframe.

8. Data retention

  • Active account. As long as your account exists.
  • After deletion. Most data is removed immediately; backup snapshots are purged within 90 days.
  • Identity verification record. Retained per our verification provider’s policy (typically 1–2 years) to prevent banned users from re-registering.
  • Legal/compliance records. Up to 7 years where required by law.

9. Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, Firebase security rules, and role-based access controls. However, no system is perfectly secure. If a breach affects your personal data we will notify you within 72 hours of discovery.

10. Location pin behavior

When you send an invite, your location is pinned at the time you send it and shared with one match for 30 minutes. The pin does not move with you — if you leave the venue, the pin stays where you originally dropped it. After 30 minutes the pin expires and is no longer visible.

We never track your continuous location.

11. Changes to this policy

We will notify you in-app of any material changes. Continued use of The Spot after a change means you accept the updated policy. The “Last updated” date at the top will always reflect the most recent revision.

12. Contact

Summit Capital LLC
Las Vegas, Nevada, USA
hello@onthespotdating.com