What kind of places does Spontai recommend?

We focus exclusively on local and independent businesses—cafés, restaurants, shops, and experiences that give a place its character. No chains, just the good stuff.

How does location work?

You can use your current location to discover what's nearby, or search for a specific area you want to explore. Either way, we'll build an itinerary tailored to that spot.

Why only same-day itineraries?

We're all about spontaneity! Spontai is built for those moments when you fancy getting out but don't have a plan. Same-day only keeps things fresh and doable.

Is Spontai affiliated with TikTok or Instagram?

Nope! Spontai is an independent product. We're not affiliated with, endorsed by, or connected to TikTok, Instagram, or any other social platform.

How accurate are the opening times?

We do our best to pull accurate info, but opening times can change. We always recommend double-checking before you rock up—especially for smaller spots or during holidays.

What data do you collect?

Minimal. If you sign up, we store your email. If you enable location, we use it to make itineraries more relevant—but it's totally optional. We don't sell your data. Ever.

Does Spontai have a public API?

Not currently. Spontai is a closed-source consumer iOS app. See https://spontai-app.com/developers for integration status and partnership contact.

Privacy Policy

Last updated: March 2026

This is developer-drafted legal language and is not a substitute for professional legal advice.

Overview

Spontai ("we", "our", or "us") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it. We've written this in plain English because legal jargon is boring.

Data Controller

The data controller responsible for your personal data is:

Name: Mihir Gandecha
Location: London, United Kingdom
Email: support@spontai-app.com

What Data We Collect

Account information — Your email address, display name, username, date of birth, and profile photo, collected when you create and manage your account.
Authentication data — Information received from authentication providers including Google Sign-In profile data, Apple Sign-In data, or email/password credentials.
Location data — Precise and approximate location data, collected only with your explicit consent. Used to power nearby activity discovery, map features, and location-relevant itineraries.
User-generated content — Trip itineraries you create or save, scrapbook photos you upload, and preferences you set within the app.
Social data — Friend connections, shared itineraries, and public trip posts you choose to share with other users.
Device and diagnostic data — Crash logs collected via Sentry, performance metrics, device model, and operating system version to help us identify and fix bugs.
Usage analytics — Feature usage patterns and in-app behaviour data to help us understand how the app is used and improve the experience.

How We Use Your Data

We process your personal data under the following legal bases:

Contract performance — Processing your account information and user-generated content is necessary to provide the Spontai service, including creating itineraries, managing your account, and enabling social features.
Consent — Location data is collected only with your explicit consent. You may withdraw consent at any time by revoking location permissions in your device settings.
Legitimate interest — We collect device diagnostics and usage analytics to maintain, improve, and secure the app. We balance our interests against your rights and only collect what is necessary.

AI-Powered Features

Spontai uses artificial intelligence to generate personalised trip itineraries. Itineraries are generated using OpenAI GPT models via server-side processing through our secure edge functions.

When you request an itinerary, your trip preferences (such as destination, interests, and activity types) are sent to the AI service to generate recommendations. No personal data beyond your trip preferences is sent to the AI service. Your name, email, location, or other identifying information is not included in AI requests.

Third-Party Services

We work with the following trusted third-party services to operate Spontai:

Supabase — Database hosting, user authentication, file storage, and real-time features.
OpenAI — Itinerary generation, accessed exclusively via server-side edge functions (your data is never sent directly from your device).
Sentry — Error tracking and performance monitoring to help us detect and fix issues.
Mapbox — Map rendering, geocoding, and directions within the app.
Foursquare — Place discovery and venue data to enrich itinerary recommendations.
Google Places — Location search and place information.
Unsplash — Destination cover images used throughout the app.
Apple — Authentication via Sign in with Apple.
Google — Authentication via Google Sign-In.

All third-party processors are bound by data protection agreements and only access data as needed to provide their services.

What We Don't Do

We never sell your personal data. Full stop.
We never sell your data to data brokers, ad platforms, or information resellers.
We don't share your data with advertisers.
We don't read your private social media accounts or messages.

Location Data

Location access is completely optional. If you enable it, we collect precise location data to:

Discover nearby activities and points of interest relevant to your current area
Render maps and provide directions via Mapbox
Sort stops and recommendations by proximity
Improve itinerary relevance based on your location

You can revoke location permissions at any time in your device settings. The app continues to function without location access — you can manually search for destinations instead.

Photos and Camera

Spontai may request access to your device's camera, photo library, and media library. This access is used for:

Profile photos — Setting or updating your profile picture.
Scrapbook albums — Uploading photos to your trip scrapbooks to capture and share your travel memories.

Photos you upload are stored securely via Supabase file storage. Camera and photo library permissions are requested only when needed and can be revoked at any time in your device settings.

Your Rights

UK GDPR Rights

Under UK data protection law, you have the right to:

Access — Request a copy of your personal data.
Rectification — Ask us to correct inaccurate or incomplete information.
Erasure — Request that we delete your personal data.
Portability — Receive your data in a structured, commonly used, machine-readable format.
Objection — Object to processing based on legitimate interests.
Restrict processing — Request that we limit how we use your data in certain circumstances.

CCPA Rights (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to know — You can request details about the personal information we collect and how it is used.
Right to delete — You can request deletion of your personal information.
Right to opt-out of sale — We do not sell your personal data, so there is nothing to opt out of.

Other US State Privacy Rights

If you are a resident of a US state with comprehensive privacy legislation (such as Colorado, Connecticut, Virginia, Oregon, Texas, and others), you may have similar rights to access, correct, and delete your personal data. We will honour valid requests from residents of any state with applicable privacy laws.

Exercising Your Rights

To exercise any of your data protection rights, please email us at support@spontai-app.com. We will respond to your request within 30 days.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

Cookies

Our website (spontai-app.com) uses essential cookies to keep things running smoothly. We may also use analytics cookies to understand how people use the site. You can manage cookie preferences in your browser settings.

The Spontai mobile app does not use cookies.

Do-Not-Track Signals

We do not currently respond to Do-Not-Track (DNT) browser signals as no uniform standard has been adopted. If a standard is established in the future, we will update our practices accordingly.

Data Retention

We keep your data only as long as necessary to provide the service. If you delete your account, we will remove your personal data within 30 days. Some anonymised analytics data may be retained for product improvement purposes, as it can no longer be linked back to you.

Data Security

We take the security of your data seriously and implement appropriate technical measures to protect it:

Encryption in transit — All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security).
Row Level Security — Our Supabase database enforces Row Level Security (RLS) policies, ensuring users can only access their own data.
PII protection — Personally identifiable information scrubbing is enabled in Sentry to prevent sensitive data from appearing in error reports.
Secure authentication — Authentication tokens are stored securely on your device and transmitted over encrypted connections.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

International Data Transfers

Your data may be processed in countries outside the United Kingdom, including the United States and the European Union, where our third-party service providers (such as Supabase, OpenAI, and Sentry) operate their servers.

Where data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions, to protect your personal data in accordance with applicable data protection laws.

Children's Privacy

Spontai is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe that a child under 13 has provided us with personal data, please contact us at support@spontai-app.com and we will take steps to remove that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. If we make material changes, we will notify you via the app or by email. We encourage you to review this policy periodically.

Contact Us

Questions about your privacy? We're happy to help.

Mihir Gandecha

Email: support@spontai-app.com