Privacy Policy
1. Who we are
CleanSpot is operated by an individual sole trader based in Portugal.
For the purposes of EU data-protection law, the operator of CleanSpot is the data controller of personal information collected through the CleanSpot citizen mobile app, the CleanSpot municipal dashboard, and the cleanspot.cc website. We are subject to Portuguese data-protection law and the supervisory authority of the Comissão Nacional de Proteção de Dados (CNPD).
Contact:
- General privacy questions:
privacy@cleanspot.cc - Postal correspondence is available on request via the same email — we will provide the operator's full identity and postal address to data subjects on request, in line with GDPR Article 13.
2. Scope
This policy covers personal data we collect and process when you:
- Create and use a CleanSpot citizen account on the mobile app
- Use the CleanSpot municipal dashboard as part of a paying customer's team
- Visit cleanspot.cc
It does not cover the privacy practices of third-party services we link to (e.g. App Store, Play Store), each of which has its own policy.
3. What we collect
We collect the minimum data needed to deliver the product and its core features. Categories:
3.1 Account information
When you sign up:
- Email address
- Password (stored only as a one-way cryptographic hash; we cannot recover your original password)
- Display name (your chosen name shown to other users)
- Username (lowercase, used for
@mentions) - Optional: profile photo (avatar)
- Account creation timestamp
- Date of birth — not collected (we do not currently ask for this; if we ever introduce age verification, this section will be updated)
For municipal dashboard users, we additionally collect:
- Job title and department (optional, in profile)
- Phone number (optional, in profile)
3.2 Content you create
- Spots you report: location coordinates, severity, photos, title, description, timestamps, status
- Public issues you report: same fields as spots, plus category
- Cleanup events you create: location, date, description, cover photo, attendees
- Comments and reactions you post on any spot, event, or public issue
- Group memberships and participation
- Cleanups you complete or claim
3.3 Location data
- Precise GPS location: collected only when you actively use the map tab or place a pin. Required to position a spot accurately.
- We do NOT collect location in the background. The app does not track you when it isn't open or being used.
- Last-known location: cached locally on your device for performance; not transmitted to our servers as a separate record.
- Reverse-geocoded address: derived from your spot's coordinates and stored on the spot record (e.g. "Calle Mayor 12, Madrid").
3.4 Device information
- A push notification token (per device, used to deliver notifications)
- Operating system and version (for crash reports)
- App version (for crash reports and feature gating)
- Device model (for crash reports and to diagnose platform-specific issues)
- IP address (collected by our hosting providers for security and abuse prevention)
3.5 Usage and crash data
- Crash reports: stack traces and device info when the app crashes. We strip request bodies and user identifiers.
- Server access logs: API requests, response codes, timestamps, IP address — retained for 90 days for security and debugging.
- Aggregate counters: number of spots reported, cleanups completed, etc. — used for our own statistics and to populate the leaderboard. Not third-party analytics.
3.6 Communications you initiate
If you contact us by email, phone, or in-app support, we keep the correspondence for as long as needed to resolve the matter and a reasonable period thereafter.
4. Why we collect this data (legal basis)
Under the EU General Data Protection Regulation (GDPR), we need a legal basis for each category of processing:
| Category | Legal basis |
|---|---|
| Account info, content, location | Performance of contract — we need this to deliver the product you signed up for |
| Push tokens | Consent — you can revoke at any time via the OS or in-app Settings |
| Crash reports | Legitimate interest — operating reliable software |
| Server access logs | Legitimate interest — security and abuse prevention |
| Aggregate stats | Legitimate interest — running a viable business |
| AI suggestion processing | Legitimate interest — the AI suggestion feature is opt-in via tapping the button |
| Marketing emails | Consent (opt-in only) |
We do not rely on consent for anything you cannot easily opt out of (e.g. you can't refuse account-related processing while still having an account — but you can delete your account at any time, see Section 7).
5. How long we keep it
| Data type | Retention |
|---|---|
| Account | Until you delete the account, or until 24 months of inactivity |
| Content (spots, events, public issues, comments) | Until you delete the content or your account |
| Push tokens | Until your device unregisters or your account is deleted |
| Crash reports | 90 days |
| Server access logs | 90 days |
| Aggregate stats | Indefinitely (anonymised; cannot be tied back to you) |
| Marketing email subscription | Until you unsubscribe |
| Support correspondence | 36 months from last contact |
When you delete your account (Section 7), we anonymise rather than fully delete any record we are required to retain under a legal obligation. Anonymised data cannot be traced back to you.
6. Who we share it with
We don't sell your data. We don't share your data with advertisers. We do use a small number of third-party processors to deliver the product. Each is contractually bound by data protection terms. The processors:
| Processor | Purpose | Region | Data shared |
|---|---|---|---|
| Apple Push Notification Service | iOS push delivery | Global | Push token, notification payload |
| Firebase Cloud Messaging | Android push delivery | Global | Push token, notification payload |
| Vercel | Dashboard hosting | Global edge network | IP address, requested URLs (for SSR) |
| Nominatim (OpenStreetMap) | Reverse geocoding | EU | Spot coordinates (no user identifiers) |
We share data with municipal customers under specific, limited circumstances:
- Spots, events, and public issues you submit in their territory are visible in their dashboard (this is the core product mechanic — your reports reach the municipality)
- Your username, prestige rank, and avatar are visible alongside your reports (the same as they appear to any other CleanSpot user)
- Your email and other personal details are NOT shared with municipalities
We may also share data when legally required (court order, valid law-enforcement request) — we will challenge requests we consider overbroad.
7. Your rights
If you are in the EU/EEA, the UK, or another jurisdiction with similar protections, you have the following rights regarding your personal data:
| Right | What it means | How to exercise |
|---|---|---|
| Access | Get a copy of the personal data we hold about you | Email privacy@cleanspot.cc with your account email |
| Correction | Fix inaccurate data | In-app: Settings → Profile. Otherwise email us. |
| Deletion ("right to be forgotten") | Have your account and content removed | In-app: Settings → Delete Account. The deletion is permanent. |
| Portability | Get your data in a machine-readable format | Email privacy@cleanspot.cc with your account email |
| Restriction | Have us pause processing while a dispute is resolved | Email privacy@cleanspot.cc |
| Objection | Object to processing based on legitimate interest | Email privacy@cleanspot.cc |
| Withdraw consent | For consent-based processing (e.g. push notifications) | Disable in OS Settings or in-app Settings |
| Complaint to a supervisory authority | If you believe we have violated data-protection law | Comissão Nacional de Proteção de Dados (CNPD) at geral@cnpd.pt, or your local Data Protection Authority if you live elsewhere in the EU |
We respond to verified requests within 30 days (extendable to 60 days for complex requests). We may need to verify your identity before acting on a request.
8. International transfers
Some of our processors operate facilities outside the EU/EEA. When personal data is transferred outside the EU/EEA, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- An adequacy decision (where applicable, e.g. UK), or
- Other safeguards as required by GDPR Article 46
A list of our current processors and their data-protection arrangements is available on request.
9. Cookies and tracking
Mobile app
The mobile app does not use cookies. It stores authentication tokens and user preferences locally on your device using the standard secure-storage facilities provided by iOS and Android.
Dashboard (web)
The dashboard uses strictly necessary cookies for:
- Maintaining your authenticated session (HTTP-only, secure)
- Remembering your language and dashboard layout preferences
We do not use:
- Advertising cookies
- Third-party tracking cookies
- Analytics cookies (Google Analytics, etc.)
- Social-media tracking pixels
No cookie consent banner is required because we use only strictly-necessary cookies, but the absence of such a banner is itself a deliberate signal: we don't track you.
For more detail, see our Cookie Policy companion document.
10. Children
CleanSpot is intended for a general audience. We do not knowingly collect personal data from individuals under 13. If we become aware that we have collected personal data from a child under 13 without verified parental consent, we will delete it as quickly as practicable. If you are a parent or guardian and believe your child has provided us with personal data, please contact privacy@cleanspot.cc.
We do not run targeted marketing or advertising of any kind, so the question of "marketing to minors" does not arise.
11. AI processing
The AI suggestion features (the ✨ Suggest title & description button on spot and public-issue reports) work as follows:
- When you tap the button, your photo and the spot's coordinates are sent to an AI model
- The model returns a suggested title, description, and severity guess
- We store the suggested text only if you accept it and submit the report
- The AI model does not retain your photo beyond the duration of the request (per their data-handling policy for the paid tier)
- The AI model is not used to train future models on your data (per the same policy)
- The API key never appears in the app — the request is proxied through our server
If you don't tap the AI button, no AI processing happens. The fallback flow uses only your location and a templated description.
For more detail on our use of AI, see our AI Use Disclosure companion document.
12. Security
We protect your data with:
- TLS 1.2+ encryption for all data in transit
- Encryption at rest for your database records and uploaded photos
- One-way hashing for passwords (bcrypt-derivative)
- Row-level security in our database, so a misbehaving client can't access data it shouldn't
- Two-factor authentication available for municipal dashboard accounts (where supported)
- Regular security reviews and dependency updates
- Crash and error monitoring with PII stripped
No security system is perfect. If you become aware of a security vulnerability in CleanSpot, please report it to security@cleanspot.cc. We aim to acknowledge within 48 hours.
13. Changes to this policy
We may update this policy from time to time. When we do:
- We post the updated policy at cleanspot.cc/privacy and link to it from in-app Settings
- For material changes, we notify active users via in-app announcement and email
- The "Last updated" date at the bottom reflects the most recent change
Continued use of CleanSpot after a change constitutes acceptance of the updated policy.
14. Contact
Questions about this policy or how we handle your data:
- General privacy questions:
privacy@cleanspot.cc - Security issues:
security@cleanspot.cc - Postal correspondence is available on request via
privacy@cleanspot.cc
We aim to respond within 5 business days, and within 30 days for formal GDPR rights requests (extendable to 60 days for complex cases, in which case we will inform you).
Last updated: 2026-04-28. Version: 1.0.