Privacy Policy

Effective: 20 June 2026 · Specter ("we," "us")

The short version: your actual GPS route never leaves your device in a form anyone — including us — can read. Specter is also a social app, so some of what you do (activities you publish, comments, kudos, who you follow) is visible to others. This page explains exactly what we collect, what we don't, what's public, and what rights you have.

1. What we collect

When you use Specter, we receive and store:

• Account data. Your OAuth provider's user ID (Google or Apple), your email address (encrypted at rest), a username, an optional display name, and a randomized public alias that is the only identity shown on public surfaces.
• Profile fields. Optional age, weight, height, gender, avatar, measurement and locale preferences, and your chosen cover-city defaults. These are visible only to you.
• Activity stats. Type, time, duration, distance, pace, elevation, heart rate, power, cadence, calories, and other workout metrics. Biometric fields (heart rate, power, cadence, calories, elevation) are visible only to you; only coarse fields (type, time, distance, pace, cover-city) appear publicly.
• Encrypted, rotated route files. Before your phone uploads a GPS track, it rotates every coordinate by a per-user key that exists only on your device. We strip device metadata and encrypt that already-rotated file at rest. We never see your real coordinates and have no way to recover them.
• Cover routes. A decoy version of your track, transposed onto the streets of a different city, generated from the rotated data. This — not your real route — is what any social view shows.
• Health-derived data you opt into. If you connect Apple Health or Health Connect, we receive heart-rate variability, resting heart rate, and sleep aggregates. You can revoke this anytime in OS settings and the values stop syncing.
• Social & user-generated content. Comments you write, kudos you give, the accounts you follow and who follows you, clubs you join, and challenge/segment participation. See section 5 for what's public.
• Avatars you upload (image metadata is stripped on processing), and device push tokens if your device provides them (see below — we currently do not send push notifications).
• Private records. Gear and goals you create are visible only to you.
• Beta program data. If you join the beta, we additionally store the IP address used to accept the beta agreement and any feedback you submit (see section 11).

2. What we do not collect

• Your real GPS coordinates in any form we can decrypt into a real location.
• Third-party advertising or analytics identifiers. We do not embed Google Analytics, Facebook Pixel, Mixpanel, Segment, Amplitude, a crash-reporting SDK, or any other third-party tracker. There are none in the app.
• Address book contacts, photos beyond what you explicitly select, or any system data outside the permissions you granted.

3. How we protect what we collect

• Per-user on-device rotation. On first sign-in, your device generates a random rotation key and stores it only in your device's secure storage (Keychain on iOS, EncryptedSharedPreferences on Android). It is never transmitted. Every GPS point is rotated by this key before upload, which preserves distance and shape but destroys location.
• Encryption at rest. Route files and your email address are encrypted at rest using Fernet (AES-128-CBC with HMAC-SHA256). This protects data on our servers; it is separate from, and in addition to, the per-user GPS rotation above — which is what makes your real location unrecoverable even to us.
• Cover routes are what others see. Our Cover Location Engine takes the rotated track and lays it onto a different city's roads. Leaderboards, challenges, clubs, and any social view show this cover route — never your real data.
• Recovery phrase. The rotation key is shown to you once as a 12-word phrase. Save it offline. Re-entering it on a new device reconstructs the key and unlocks your prior activities. We do not store the phrase or the key. Lose it and your historical routes are permanently unreadable — by anyone.

4. Push notifications

We store the device push token your operating system provides so we can send notifications in the future. At this time Specter does not send any push notifications; no notification data is transmitted to Apple or Google push services. We will update this policy before that changes.

5. What's public, and what others can see

Specter is social. By default, the activities you record are published and globally visible — but only ever as the cover route, with biometric fields removed, attributed to your public alias (never your username, real name, or email). You can mark any activity private at any time.

• Comments and kudos you post on published activities are visible to anyone who can see that activity.
• Follows are public: your followers and the accounts you follow can be seen by other signed-in users (filtered by your blocks).
• Clubs, challenges, and segment leaderboards show your public alias and aliased results.
• Goals and gear are always private.

6. Automated and AI-generated accounts

Specter may include automated accounts ("synthetic athletes") operated by the service. These accounts can follow you, give kudos, and post comments on your activities, and they appear with an alias and avatar alongside human members. Comments from these automated accounts are generated by a third-party AI language model (Anthropic's Claude). No real-user personal data is sent to generate them — only the synthetic athlete's persona and the public, aliased activity metadata. We are working to make automated accounts and AI-generated comments clearly identifiable in the app.

7. Moderation, reporting, and blocking

You control who you interact with. You can report any comment or activity and block any account; blocking makes you and that account mutually invisible across feeds, comments, and profiles. Reports are reviewed by our team. When moderation review is enabled, the text of reported content may be sent to a third-party AI provider (Anthropic) to assist human triage — it is never used to automatically remove content. We do not tolerate harassment or objectionable content.

8. Who we share data with, and why

We share data with the following processors, only as needed to run the product:

• Google and Apple — OAuth sign-in (identity verification only).
• Mantis (our Cover Location Engine vendor) — receives the already-rotated route to generate a cover route. It cannot reverse the rotation.
• Anthropic — generates synthetic-athlete comments (no real-user PII), and, where moderation AI is enabled, assists triage of reported content text.
• An elevation data service — receives rotated (location-meaningless) coordinates to compute elevation profiles.
• DiceBear — generates synthetic-athlete avatar art (no user data).
• GitHub — if you submit beta feedback, your feedback text and beta handle are filed as an internal issue.
• Our hosting provider — operates the encrypted database and servers.

We do not sell, rent, or lease your data to advertisers or data brokers. No business model depends on exposing your activity data.

9. Your rights

• Export. Profile → Export Data produces an archive of your profile, activity stats, and route files (decrypted but rotated — i.e. location-meaningless without your recovery phrase).
• Delete. Profile → Delete Account permanently and immediately removes your account. Encrypted route data is first overwritten with random bytes, then your activities, routes, health metrics, comments, kudos, follows, blocks, clubs, device tokens, and avatars are deleted.
• Revoke OS permissions. Location, Health, and Bluetooth permissions are managed in your device settings and take effect immediately.
• Contact. Reach us at privacy@specter.fit for any privacy question.

10. Children

Specter is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

11. Beta program

If you participate in the beta, we additionally store the IP address used to accept the beta agreement (for audit) and any feedback you submit. Beta feedback may be filed to our internal issue tracker as described in section 8.

12. Changes

We will update this page when our practices change; the effective date above reflects the latest revision. Material changes will be communicated in-app before they take effect.

← Back to Specter