Privacy Policy

Current Spot – Wear OS, watchOS, iOS and macOS app. Last updated: 12 June 2026.

1. Data Controller

Controller in terms of the EU General Data Protection Regulation (GDPR) and other national data protection laws:

Ivan Kablar
Carl-Sonnenschein-Straße 31
65936 Frankfurt am Main
Germany
E-Mail: [email protected]

2. Data Collection and Storage in the App

The Current Spot app stores the following data locally on your devices:

• Tibber Access Token: Your personal Tibber API token, stored on your phone and synchronized to your Wear OS watch.
• Home ID: Your Tibber Home identifier used to retrieve electricity prices.
• Electricity Price Data: Current and forecasted prices received from the Tibber API.
• App Preferences: Your selected settings, e.g. price interval (hourly / 15-minute).
• CarPlay Home Location (iOS, optional, opt-in): If you enable CarPlay home detection in the app settings, the GPS coordinates and radius of your home are stored locally in iOS system settings. This feature is off by default. See section 3.4 for details.

All data is stored exclusively on your devices. No personal data is transmitted to the app developer. No analytics or tracking services are used.

3. Third-Party Services

3.1 Tibber API

The app connects to the official Tibber API (api.tibber.com) to retrieve electricity prices and, optionally, live power data from your Tibber Pulse.

• Data transmitted: Access token, Home ID.
• Data received: Electricity prices, price levels, home information, live power measurements.
• Purpose: Display current and forecasted prices on your smartwatch.
• Legal basis: Art. 6 (1) (b) GDPR — processing necessary for the performance of a contract / requested service.
• Provider: Tibber AS, privacy policy at tibber.com/en/privacy-policy.

3.2 Phone-Watch Synchronization

On Wear OS, the Google Play Services Data Layer is used to synchronize your access token and settings between phone and watch over a local channel. No user data is shared with Google beyond what is required for app functionality.

On iOS / watchOS, the equivalent synchronization uses Apple WatchConnectivity (WCSession) and, optionally, iCloud Key-Value Storage. Both are local Apple frameworks; no synchronization data is transmitted to the developer.

3.3 In-App Purchases

On Wear OS, if you choose to make an optional donation, the payment is processed by Google Play Billing. Current Spot never sees your payment details; the developer only receives an anonymous confirmation that a purchase took place. Privacy information: policies.google.com/privacy.

On iOS, no in-app purchases are offered at this time.

3.4 CarPlay & Location (iOS, optional)

The optional CarPlay features process additional data exclusively locally on your iPhone. No location or address data is transmitted to the developer, to Tibber, or to third parties.

• CarPlay in-car display: When your iPhone is connected to CarPlay, the app shows electricity prices and cheapest charging blocks on the car display, sourced from the local Tibber cache. No additional network requests are made for the CarPlay display.
• Home geofence (opt-in, off by default): If you enable the "cheap charging window at home arrival" notification in app settings, the app processes the GPS coordinates and radius of your home (manually entered by you or derived from your Tibber address via reverse geocoding). This data is stored exclusively locally in iOS system settings (UserDefaults) and never leaves your device. iOS monitors the home region via the Region Monitoring API (CLCircularRegion) — the app only receives a "region entered" event and does not know your location outside the home region.
• "Always" location permission: iOS requires this permission level for region monitoring to work in the background (app closed). The app uses it exclusively for this purpose — no continuous location tracking takes place.
• Reverse geocoding of the address: If you enter your address as text, the app passes it to Apple's CLGeocoder. Apple processes the request according to the Apple Privacy Policy. The result (coordinates) is stored only locally.
• Push notifications: Generated locally by the iOS device. No APNs token is transmitted to a server, no server-side push infrastructure is used.
• Deleting data: In App Settings → CarPlay → "Delete home" immediately removes all stored location data and stops region monitoring. Uninstalling the app permanently deletes all data.
• Legal basis: Art. 6 (1) (a) GDPR (consent — opt-in in app settings) or Art. 6 (1) (b) GDPR (performance of the function you activated).

3.5 Server push: Live Activity auto-start & tomorrow-prices notification (iOS)

This optional, opt-in feature (off by default) lets the "cheap electricity block" banner (Live Activity / Dynamic Island) start automatically at the right time and disappear again when the block ends, even when the app is not open. This requires minimal server-side processing. In addition, the “tomorrow's prices” notification (settings switch, can be turned off at any time) can be delivered via the same server — faster and more reliable than the local background fetch.

• Transmitted & stored: up to three anonymous Apple push tokens (a start token for the installation, per banner an end token used to dismiss it automatically, and a notification token for the tomorrow-prices notification — all device identifiers issued by Apple), a scheduled time, the public electricity-block data (block start/end, average price), your electricity price zone (e.g. DE-LU or SE3 — a coarse region, not an address), two calculation constants derived from your tariff (to estimate the block price server-side) and your chosen lead time. No Tibber token, no Home ID, no identity, no consumption data.
• Where: stored on a Cloudflare Worker + D1 database (Cloudflare, Inc.); the start signal is delivered via Apple Push Notification service (APNs).
• Public price data: to compute the block, the server fetches public spot prices — Energy-Charts/SMARD.de (Bundesnetzagentur, CC BY 4.0) for DE/AT/NL and elprisetjustnu.se (ENTSO-E) for Sweden. No user data is transmitted in the process.
• Anonymity: neither the developer nor Cloudflare can link the token to your identity — only Apple can resolve it to a device. No email, name or account is involved.
• Retention: block entries are kept for up to 36 hours after the block ends (technical diagnostics) and then deleted automatically. The zone registration (price zone, calculation constants, lead time) is stored until you turn the feature off — at which point it is deleted server-side together with all entries. Uninstalling without turning it off: entries expire as soon as the tokens become invalid. The same applies to the notification registration (notification token): switch off → deleted server-side.
• Legal basis: Live Activity auto-start: Art. 6 (1) (a) GDPR (consent — opt-in). Tomorrow-prices notification via server: Art. 6 (1) (b) GDPR (delivery of the notification requested via the switch; switch off = server-side deletion of the registration). Cloudflare: Privacy Policy; Apple/APNs: Privacy Policy.

4. Website Hosting

This website is hosted on Cloudflare Pages (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). When you visit the site, Cloudflare automatically processes technical information (e.g. IP address, browser, timestamp) for the purpose of delivering the site and preventing abuse. Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure operation). International transfer is covered by the EU-U.S. Data Privacy Framework. Cloudflare's privacy policy: Cloudflare Privacy Policy.

5. Cookies and Analytics

This website does not set any cookies and does not use any analytics, tracking pixels, third-party advertising or social plug-ins. No consent banner is required because no personal data is processed beyond the technically necessary server logs described in section 4.

6. Data Retention

In-app data is retained only while the app is installed. Uninstalling permanently deletes all data from your device. The developer does not retain any user data on its servers (there are none).

7. Your Rights (GDPR)

You have the following rights with regard to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)

To exercise these rights, please contact [email protected]. Because the app stores all data locally, you can also exercise most rights yourself: export your token from app settings, change your home selection, or uninstall the app to delete everything.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The authority responsible for the controller is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany
Website: datenschutz.hessen.de

9. Children

The app is not intended for children under 16. We do not knowingly collect personal data from children.

10. Tracking (Apple App Tracking Transparency)

The app does not use the Apple Identifier for Advertisers (IDFA), does not track users across apps or websites owned by other companies, and does not request the App Tracking Transparency permission. No advertising or analytics SDKs are integrated.

11. Voluntary Email Submission (TestFlight Beta & Product Updates)

If you voluntarily sign up as a TestFlight tester or share your email address with us by other means (e.g. via social media), we process it to provide beta access and to keep you informed about the app.

• Data processed: your email address (and, where applicable, the name or display name you provide).
• Purpose: sending the TestFlight invitation, notices about new versions, the heads-up for the official App Store launch, and occasional product updates about Current Spot.
• Legal basis: Art. 6 (1) (a) GDPR (your explicit consent).
• Use: exclusively by the data controller named in Section 1. No sharing or sale to third parties, no use for advertising of third-party products.
• TestFlight note: the beta runs via Apple TestFlight. Apple processes the tester data involved as an independent controller under the Apple Privacy Policy.
• Withdrawal: you can withdraw your consent at any time, informally (e.g. by email or a brief "stop" reply). We will delete your address promptly. The lawfulness of processing carried out before withdrawal remains unaffected.
• Retention: until withdrawal or until the purpose no longer applies (e.g. end of the beta program).

12. Changes to This Policy

We may update this privacy policy from time to time. The date at the top of this page reflects the last update. Material changes will be announced in the app.