Privacy Policy — FishFolio
Last updated: 8 June 2026
This Privacy Policy explains how Vladyslav Openko ("we", "us", "our"),
the developer of the FishFolio mobile application (the "App"), collects,
uses, and protects your information. It also describes your rights under the EU General
Data Protection Regulation (GDPR) and other applicable data protection laws.
If you have any questions, contact us at fishfolio.app@gmail.com.
In short
- FishFolio works offline and locally first. Your catches, fishing spots, lures, and photos are stored on your device. You can use almost the entire App without an account.
- An account is optional and is only needed if you want cloud backup and syncing across devices.
- We do not sell your data, and we do not use third-party advertising or tracking/analytics SDKs.
- Precise location is used only to tag your catches and saved spots and to fetch local weather — only when you choose to, and never in the background.
- You can delete your account and all cloud data at any time from within the App.
1. Who is responsible for your data (Data Controller)
Vladyslav Openko
Ukraine
Email: fishfolio.app@gmail.com
2. The data we process
2.1 Data you create in the App (your content)
- Catch entries: fish species, weight, lure, date/time, notes, and (optionally) the weather at the time.
- Fishing spots: a name, color, and map coordinates you choose.
- Lures: names you add to your lure box.
- Photos: images you attach to catches or spots.
- Precise location (GPS): the coordinates of a catch or spot, only when you add location to an entry.
2.2 Account data (only if you sign in)
- Email address and an authentication credential (a securely hashed password, or a one-time code used for password reset). We never store your password in plain text.
2.3 Data processed to provide features
- Coordinates sent for weather: to show the bite forecast and local weather, the App sends the relevant coordinates to our weather data provider (see Section 5). These requests are not linked to your account.
2.4 Technical data
- Basic technical information necessary for the App and our backend to function (e.g., connection metadata and error logs). We do not use advertising identifiers and do not run third-party analytics or advertising SDKs.
We do not intentionally collect any special categories of data (e.g., health, religion, political views).
3. Where your data is stored (local-first)
By default, all content described in Section 2.1 is stored locally on your device.
- If you do not sign in, your data never leaves your device through the App, except coordinates sent to the weather provider as described above.
- If you sign in, your catches, sessions, spots, and lures are synced to and backed up in our cloud database so you can restore them and use multiple devices.
- Photos you attach are stored on your device. If you sign in and use cloud sync, your photos are also uploaded to our secure cloud storage (Supabase Storage) so you can restore them on another device. Deleting your account also deletes your photos from the cloud.
4. How we use your data and legal bases (GDPR)
| Purpose | Data used | Legal basis (GDPR Art. 6) |
| Provide core App features (diary, map, lures, stats) | Your content (local) | Contract / legitimate interest |
| Show bite forecast and weather | Coordinates | Legitimate interest |
| Create and secure your account | Email, credentials | Contract |
| Cloud backup and multi-device sync | Your content + account ID | Contract |
| Send transactional emails (e.g., password reset) | Email | Contract |
| Keep the service secure and working | Technical data | Legitimate interest |
| Comply with legal obligations | As required | Legal obligation |
We rely on consent where required (for example, the operating system's permission prompt for location and photos). You can withdraw permissions at any time in your device settings.
5. Service providers (processors) and recipients
- Supabase — cloud database, authentication, file storage (your photos), and backend services used for account sign-in, cloud backup/sync, and transactional emails (such as password reset).
- Open-Meteo — weather and forecast data. The App sends coordinates to retrieve a forecast; these requests are not associated with your account or identity.
- Apple — the App Store, and the Apple Maps service used to render maps on iOS. If you purchase a subscription, payment is processed by Apple; we receive transaction status but never your full payment card details.
- RevenueCat — manages and validates subscriptions. It receives your purchase/transaction data and a pseudonymous app user identifier to determine your subscription status. It does not receive your payment card details.
We may change or add sub-processors over time (for example, we may use a dedicated email delivery provider for password-reset and other transactional emails). When we make such changes, we will update this Policy and the list above. We do not sell your personal data or share it for third-party advertising.
6. International data transfers
Our backend is hosted by Supabase in the EU (eu-west-1, Ireland). Where data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or an adequacy decision. You may contact us for more information about these safeguards.
7. Data retention
- Local data remains on your device until you delete the entries, clear the App's data, or uninstall the App.
- Cloud data (if you use an account) is retained for as long as your account is active.
- When you delete your account (see Section 8), your account and all associated cloud data are permanently deleted. We may retain limited records where required to comply with legal obligations.
8. Your rights
Subject to applicable law (including the GDPR), you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data ("right to be forgotten");
- Restrict or object to certain processing;
- Data portability (you can also export your catch history to CSV from within the App);
- Withdraw consent at any time (e.g., revoke location or photo permissions in your device settings).
You can exercise the most important rights directly in the App:
- Delete your account and all cloud data: Settings → Account → Delete Account.
- Sign out without deleting data: Settings → Account → Sign Out.
- Export your data: Settings → Data Management → Export History (CSV).
To exercise any other right, contact us at fishfolio.app@gmail.com. You also have the right to lodge a complaint with your local data protection authority.
9. Security
We use industry-standard measures to protect your data, including encrypted connections (HTTPS/TLS), access controls, and row-level security that ensures each account can access only its own records. No method of transmission or storage is 100% secure, but we work to protect your information using appropriate safeguards.
10. Children
FishFolio is not directed to children under the age of 16 (or the minimum age required in your country). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.
11. Third-party links and services
The App may rely on or link to third-party services (such as the providers in Section 5). Their use of data is governed by their own privacy policies, which we encourage you to review.
12. Changes to this Policy
We may update this Privacy Policy from time to time, including when we change our infrastructure or service providers. We will revise the "Last updated" date above and, for material changes, provide a notice within the App or by other appropriate means. Continued use of the App after an update constitutes acceptance of the revised Policy.
13. Contact
Vladyslav Openko
Email: fishfolio.app@gmail.com