Privacy Policy — Piscary

Publisher: Piscary Contact: contact@piscary.app Last updated: June 16, 2026 App version: 1.0.0

Piscary is a bilingual (French / English) mobile fishing logbook. This policy describes, honestly and specifically to this app, what data we process, why, where it is stored, and what your rights are. We are established in the European Union and apply the General Data Protection Regulation (GDPR).

Core principle: the app works offline

Piscary is fully usable without an account. If you do not create an account, no personal data leaves your device for social or sync features. The species catalog, your catch journal, your photos, your statistics, your challenges and badges, and your gear all stay stored locally on your phone.

The only data that leaves the device without an account is the coordinates of a fishing spot you look up, sent to the Open-Meteo weather service to compute fishing conditions (see “Third-party services”).

Data we process

1. Data stored locally on your device (no account required)

This data is kept in the app’s private storage (the app sandbox Piscary folder) and is not sent to our servers unless you sign in to an account:

Catch journal: species, fish name, date and time, notes, length, weight, technique, place name (private and public), and the location privacy setting.
Catch photos: saved as files in the app’s photos/ folder.
Catch location: GPS coordinates (latitude / longitude) attached to a catch when you add them.
Gear: rods, reels and combos you enter (names and optional photos).
Settings: language, display preferences, challenge and badge progress, local alert setting.

2. Location

Catch location: with your permission, the app reads your current position (“balanced” accuracy, ~100 m) to pre-fill a catch’s place. These coordinates are stored locally. If you are signed in and share the catch, they are transmitted according to the catch’s privacy setting (see below).
Fishing-spot location: the coordinates of a point you look up are sent to Open-Meteo to retrieve weather, tides and river flow, in order to compute the fishing-conditions score.
Reverse geocoding: to turn coordinates into a human-readable place name (city, region), the app uses the device operating system’s geocoder (via Apple / Google depending on platform), processed locally by the OS. No place name is sent to our servers without an account.

Catch location privacy — for each catch, you choose a level:

Hidden: location is not shared.
Approximate: only a coarse public place (city / region / country) is attached.
Exact: precise coordinates are attached.

3. Data processed only if you create an account (optional)

Creating an account is optional and only required for cross-device sync and social features. It is powered by Supabase (see “Third-party services”).

Account: email address and password (authentication is handled by Supabase; the password is hashed server-side and we never have access to it in plain text).
Profile: display name / username, avatar (profile photo), total points.
Synced catches: the catches you sync (species, name, date, notes, length, weight, technique, place name, and coordinates according to each catch’s chosen privacy setting) are stored in the Supabase database.
Catch photos: uploaded to Supabase Storage (bucket catch-photos) only when you are signed in. Photos are resized (max 1920 px) and compressed before upload.
Synced gear: rods, reels and combos.
Social features: if you publish a catch as “public” or “friends”, your username, avatar and the catch become visible to the chosen audience. We also process likes, comments, and friendships (requests / acceptances).
Moderation: if you report content or block a user, we record your identifier, the identifier of the targeted content or user, and the reason you give, in order to handle the report.
Account deletion: see “Your rights” (immediate and permanent erasure).

4. Advertising (free users)

The app shows advertising via Google AdMob, in the “App Open” format (open screen), only to free users: Piscary Pro subscribers see no ads.

Ads are non-personalized only: no profile-based ad targeting, no cross-app tracking (in the sense of Apple’s “App Tracking Transparency” feature), no access to the IDFA on iOS, and no App Tracking Transparency prompt.
To serve these ads, the Google AdMob SDK may process device / advertising identifiers and technical information (device model, IP address, diagnostics and anti-fraud signals). This data is processed by Google as the advertising provider (see Google’s privacy policy: policies.google.com/privacy).
Consent (GDPR): if you are in the EEA or the UK, a consent form (Google UMP / consent management platform) is presented before any ads are loaded.

5. Piscary Pro subscription (optional)

The app offers a Piscary Pro subscription, managed via RevenueCat on top of the App Store (Apple) or Google Play.

RevenueCat processes purchase / subscription data and an anonymous app identifier to manage your entitlements and to restore your purchases.
The payment itself is handled by Apple or Google depending on your platform: we never have access to your card details.

6. What we do NOT do

No personalized advertising and no cross-app tracking: the ads shown are strictly non-personalized and are not used to track you from one app to another.
No third-party behavioral analytics (no Google Analytics, Firebase Analytics, Facebook SDK, etc.) embedded in the app.
No selling of data, no data brokers.
No remote “push” notifications: the only notifications are local (an ideal-fishing-window alert scheduled on the device); no notification token is sent to any server.

Purposes of processing

Data	Purpose	Legal basis (GDPR)
Journal, photos, gear (local)	Provide the fishing logbook	Service provision / legitimate interest
Spot location	Compute fishing conditions (weather, tides)	Consent (location permission)
Catch location	Locate your catches	Consent
Email + password	Create and secure your account	Contract performance (the account you request)
Synced profile, catches, photos	Sync and sharing you enable	Contract performance / consent
Likes, comments, friendships	Social features you use	Consent
Reports / blocks	Community safety and moderation	Legitimate interest
Non-personalized advertising (free users)	Fund the free version of the app	Legitimate interest; consent (UMP form) in the EEA / UK
Purchase / subscription data	Manage the Piscary Pro subscription and restore purchases	Contract performance

Third-party services

Piscary communicates with four families of external services:

Open-Meteo (open-meteo.com) — weather, marine and hydrology service. Receives only geographic coordinates of a point you look up, in order to return weather, tides and river flow. No account identifier and no direct personal data is transmitted to it. See Open-Meteo’s policy on their site.
Supabase — database, authentication and file-storage host, used only if you have an account. Piscary’s Supabase project is hosted in the European Union (EU) region.
Google AdMob — advertising network, used only for free users, to serve non-personalized ads. May process device / advertising identifiers and technical information (see “Advertising”). See Google’s privacy policy (policies.google.com/privacy).
RevenueCat — management of the Piscary Pro subscription (entitlements, purchase restoration), on top of the App Store / Google Play. Processes purchase / subscription data and an anonymous app identifier (see “Piscary Pro subscription”).

Attribution — weather, marine and hydrology data is provided by Open-Meteo under the CC BY 4.0 license and is credited within the app.

Storage location and retention

Local data: kept on your device until you delete it in the app or uninstall the app. Uninstalling clears the app’s local storage.
Account data (Supabase): kept in the EU region for as long as your account exists. When you delete a catch in the app and sync, the deletion is propagated to the server.
Account deletion: when you delete your account, erasure is immediate and permanent server-side (see “Your rights”).

Your rights

Under the GDPR, you have the rights of access, rectification, erasure, restriction, objection and portability of your data.

Edit your data: your profile, catches and gear can be edited directly in the app.
Delete your account: in the app, Profile → Settings → Danger zone → Delete account. This triggers a server function (Supabase Edge Function delete-account) that immediately and permanently erases your authentication account, profile, catches, photos, comments, likes, friendships and reports. You may also write to contact@piscary.app to exercise this right. Note: any Piscary Pro subscription is not cancelled by deleting your account; you must manage or cancel it directly through your store (App Store or Google Play).
Access / portability: write to contact@piscary.app; we will provide the account data concerning you.
Complaint: you may lodge a complaint with the CNIL (the French supervisory authority) or the authority in your country of residence.

Transparency note: account deletion is immediate and permanent: it runs directly in the app (Profile → Settings → Danger zone → Delete account) via a server function, with no manual intervention or processing delay. Emailing contact@piscary.app remains an option if you prefer. Your local data (on the device) is erased as soon as you delete the relevant items or uninstall the app.

Children

Piscary is not directed at children under 13 and does not knowingly collect data about them. If you believe a child has provided us with personal data, contact contact@piscary.app for its removal.

Security

Exchanges with Supabase and Open-Meteo use HTTPS (encryption in transit). Access to account data is protected by Supabase Row Level Security: you can only access your own data and content shared with you. The authentication session is stored locally on the device.

Changes

This policy may be updated. The “Last updated” date at the top of this document indicates the version in force. For any question: contact@piscary.app.