← Back to Home

Privacy Policy

Effective date: September 23, 2025
App: Fishing Buddy (Android, iOS)
Controller/Publisher: IMS HandmadeLures Doo, Vojvode Stepe Stepanovica 44v, Serbia
Contact: info@fishingbuddy.io
Data Protection Officer (if applicable): [Name/Email]

This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have. It applies to the Fishing Buddy mobile application and related services. If anything here conflicts with in‑app notices or consents, those specific notices/consents prevail.

1) What we collect

We collect the following categories of information:

A. Account & Profile

• Email address, display name, and authentication identifiers (via Supabase Auth).
• Profile metadata you add (e.g., gear preferences, avatar URL).

B. Content you create

• Fishing spots (title, notes, latitude/longitude, visibility), trips, catches (species, metrics, time, optional photo), gear lists, and achievements.

C. Location data

• Precise location (GPS) when you use map or location‑based features (e.g., nearby spots, logging a catch at a location, location‑based recommendations). You can disable sharing precise location in OS or within the app, but core map features may require it.
• Approximate location (derived from IP or coarse sensors) for weather/tides and analytics.

D. Device & app info

• Device model, OS version, app version, language/locale, and basic diagnostics/crash logs.
• Pseudonymous identifiers (e.g., installation ID) used for session management, analytics, and fraud prevention.

E. Usage data

• Screens/events you interact with; timestamps; feature flags; subscription status (if you subscribe in the future).

We don't intentionally collect sensitive categories (e.g., health, contacts, SMS). If you upload photos, those may include EXIF metadata you choose to remove before upload.

2) Sources of data

• You: data you provide directly in the app.
• Your device: sensors (GPS), OS‑level identifiers, and network signals.
• Third‑party APIs: we query external providers to show tides, weather, maps, and similar content.

3) Why we use your data (purposes)

• Core functionality: authenticate you; save and sync your spots, catches, trips, and preferences; render maps and weather; power recommendations.
• Analytics & quality: measure performance, fix bugs, prevent abuse.
• Communication: send account/security notices and service messages. (Marketing emails only if you opt in.)
• Legal & security: comply with law; enforce terms; protect users and our services.

4) Our legal bases (EU/UK)

• Contract: to provide the app and features you request.
• Legitimate interests: analytics, security, service improvement (balanced against your rights).
• Consent: precise location, notifications, and any optional data where required. You can withdraw consent in OS settings or in‑app.

5) Sharing & disclosures

We don't sell your personal data. We disclose data only as described:

Service providers (processors)

We use reputable vendors to operate the app. They process data under our instructions:

• Supabase (auth, database, realtime, storage).
• Map tiles & geospatial: Mapbox (maps/imagery; may receive your IP and coordinates when maps load).
• Weather & environmental data: OpenWeatherMap, Stormglass, Open‑Meteo/USGS, Solunar.org (requests include coordinates/region to fetch relevant data).
• Crash/diagnostics: (if enabled) e.g., Sentry/Firebase Crashlytics.

Other disclosures

• Legal: to comply with lawful requests, protect rights, or prevent harm.
• Business transfers: as part of a merger, acquisition, or asset sale (with notice where required).

6) International transfers

We host data in the region configured for our Supabase project. Where laws require, we rely on approved transfer mechanisms (e.g., Standard Contractual Clauses) for any cross‑border processing by our providers. You can contact us for current hosting region and transfer details.

7) Retention

We keep personal data only as long as needed for the purposes above:

• Account/profile and created content: retained while your account is active; deleted or anonymized within 90 days after deletion request or account closure (subject to legal holds).
• Diagnostics/logs: up to 12 months unless we need longer to investigate security or abuse.
• Backups: follow rolling retention cycles.

8) Your choices & controls

• Location: control in your device's OS settings and in‑app prompts.
• Notifications: enable/disable in OS settings.
• Spot visibility: choose private/public for each spot.
• Data access & export: contact us to request a copy of your data in a portable format.
• Deletion: you can delete spots/catches/trips in‑app and/or request full account deletion.

9) Your rights

EU/UK residents

You may request: access, correction, deletion, restriction, portability, and objection to certain processing. You may also withdraw consent where processing is based on consent. You can lodge a complaint with your local data protection authority.

California residents

You may request to know, delete, or correct personal information; opt out of "sale"/"sharing" (as defined by law); and be free from discrimination for exercising your rights. We do not sell your personal information. We use personal information for "business purposes" with service providers. Sensitive personal information (if any) is used only as permitted by law.

10) Children

Fishing Buddy is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us and we will take appropriate action.

11) Security

We use industry‑standard safeguards (encryption in transit, access controls, least‑privilege) and review vendors for comparable protections. No method is 100% secure; please use strong credentials and keep them confidential.

12) Changes

We may update this Policy to reflect changes to the app, our practices, or laws. We will post updates here with a new effective date and, when appropriate, provide additional notice.

13) Contact

Questions or requests about privacy?
Email: info@fishingbuddy.io
Postal: IMS Handmade Lures doo, Vojvode Stepe Stepanovića 44v, Serbia]

Appendix: Google Play Data Safety mapping (guide)

This guide helps you complete Play's Data Safety form. Update it if features change.

Data type (Play categories)	Do we collect?	Shared with third parties?	Purpose(s)	Data handling
Location – Precise	Yes (when features need GPS)	Yes (map/weather APIs receive coords to return tiles/data)	App functionality (maps, nearby spots), personalization (recommendations)	Not sold; user‑controlled; retained while needed
Location – Approximate	Yes	Yes (weather/tides APIs)	App functionality	Not sold; retained minimal time
Personal info – Email	Yes (account)	No (processors only)	Account, authentication, support	Stored with Supabase; delete on account closure
User content – Photos	Optional	No (processors only, e.g., Supabase Storage)	User content	User‑initiated deletion supported
App activity (in‑app interactions)	Yes	No (aggregated analytics only)	Analytics, improvement	Pseudonymous; retention ≤12 months
App info & performance (crash logs, diagnostics)	Yes	Yes (crash/analytics vendor)	Diagnostics	Pseudonymous; retention ≤12 months
Device or other IDs	Yes (install ID)	No (processors only)	Analytics, fraud prevention	Pseudonymous; resettable