Your fishing spots are your business. Here is exactly how we collect, use, and protect your data.
Effective Date: February 10, 2026 • Last Updated: April 26, 2026
Data Security
Complete Data Isolation
Every database query is enforced with Row-Level Security (RLS) — a PostgreSQL feature that guarantees you can only access your own data. This isn't application-level filtering that can be bypassed; it's enforced at the database engine itself. No other user can ever see your waypoints, catches, trips, or routes.
Encrypted at Rest & In Transit
All data stored in our database is encrypted at rest using AES-256 encryption. Every connection between your browser and our servers uses TLS (HTTPS), so your data is encrypted in transit as well. No one can intercept or read your information.
Optional Client-Side Encryption
For maximum protection, you can enable client-side encryption from Settings > Security. Your waypoint names, coordinates, and notes are encrypted in your browser using AES-256-GCM before they ever leave your device. Only you hold the passphrase — we never see it and cannot decrypt your data. Even if our database were compromised, your encrypted waypoints would be unreadable without your passphrase.
When you share a list, waypoints in that list are automatically stored as plaintext so recipients can view them. They are re-encrypted if you later remove all guests.
We Don't View Your Data
We do not browse, analyze, or mine your waypoints or any other personal data. We have no interest in where you fish.
Built on Trusted Infrastructure
Fishmarks runs on enterprise-grade infrastructure that we trust with our own data:
Supabase handles our database, authentication, and edge functions. Supabase is independently audited for SOC 2 Type 2 and HIPAA compliance.
Stripe processes payments. Stripe is PCI DSS Level 1 certified — we never see or store your card details.
Resend delivers transactional email (verification, sharing, password resets). Resend is SOC 2 Type 2 certified.
Fishmarks itself is not SOC 2 audited. We’re a small team that prioritizes reasonable, transparent security over compliance theater. If you have questions about how we handle your data, please get in touch.
Sharing is Always Opt-In
Your data is private by default. Nothing is ever shared unless you explicitly choose to share a list with another user. You control who has access and can revoke it at any time.
Your Data, Your Control
You can export all of your data at any time in GPX or CSV format. If you ever want to leave, you can delete all of your data permanently from Settings. We don't hold your data hostage.
Secure Payments
All payment processing is handled by Stripe, a PCI Level 1 certified payment processor. We never see or store your credit card number. Stripe handles billions of dollars in transactions annually for companies like Amazon and Google.
The data security features described above — including database encryption, row-level security, cloud storage, and client-side encryption — apply to paid subscriptions (Angler and Captain). Free accounts store data locally in the browser and do not use cloud-based security infrastructure.
This Privacy Notice describes how Fishmarks™ ("we", "us", "our"), operated by Techlogic Advisors, LLC, collects, uses, and protects your personal information when you use our Service. The "Service" includes both the Fishmarks web application at app.fishmarks.com and the Fishmarks Connect mobile companion app available on the Apple App Store and Google Play. Where a practice differs between platforms, this Notice will say so explicitly.
1. Information We Collect
Information you provide:
Account information: name and email address are required; mobile number and postal address are optional
GPS waypoints, lists, trip logs, catch records, tracks, and route data you create
Profile photo (avatar) you upload, including via your device’s photo library when using Fishmarks Connect
Catch and mark photos you take or pick when logging fishing activity. The copy uploaded to our servers is automatically resized and embedded with a Fishmarks watermark; the unmodified original remains on your device.
Communications you send to us (contact form submissions, support requests)
Information collected automatically:
Login history (timestamps, browser/device information, login method)
Usage data (features accessed, subscription changes)
Browser type and user agent string (web application)
Device model, operating system version, and app version (Fishmarks Connect)
Information collected by third parties:
Stripe collects and processes payment information for subscriptions purchased on the web. We do not store credit card numbers or full payment details on our servers.
Apple, Inc. collects and processes payment information for subscriptions purchased through Fishmarks Connect via the App Store In-App Purchase system. We receive a transaction receipt and tier entitlement from Apple but do not see your Apple ID credentials, full payment details, or transaction-level financial data.
If you Sign in with Google, we receive your name, email, and profile picture from Google.
If you Sign in with Apple on Fishmarks Connect, we receive a stable user identifier and, only on first sign-in if you choose to share it, your name and either your real or a private relay email address generated by Apple.
If you use the address autocomplete in your profile, the text you type is sent to the Google Places API to fetch suggestions and the selected place’s address components. Google may log these queries per its own privacy policy.
Mobile device permissions (Fishmarks Connect):
Camera — used only when you tap to take a photo from inside Fishmarks Connect (catch photos, mark photos, or your profile avatar). Camera access is requested at the moment of capture and is never used in the background.
Photo library access (read) — requested when you tap to pick a photo from your existing library to attach to a catch, mark, or profile avatar. We only access the specific photo you select. We do not browse, scan, or upload your library otherwise.
Photo library access (write / add-only) — when the “Save photos to camera roll” preference is enabled (default on, configurable in Settings → Preferences → Photos), the original full-resolution photo you take from inside Fishmarks Connect is also written to your phone’s photo library. You retain the unmodified, watermark-free original on your device; Fishmarks keeps a separate resized + watermarked copy on our servers. This is an add-only capability — we cannot read, browse, or modify other photos in your library through this permission. You can disable the feature at any time in Preferences.
Location — used only to display your current position as a marker (the “blue dot”) on the map while the app is in the foreground. Your location is not transmitted to our servers, not stored, and not tracked in the background.
Monitor usage for abuse prevention and security purposes
Generate anonymized, aggregate statistics to improve the platform
We do not use your data for advertising purposes. We do not build advertising profiles from your fishing data or waypoint information.
3. Data Storage & Security
Your data is stored securely using industry-standard practices:
Cloud data is stored in a PostgreSQL database hosted by Supabase with Row-Level Security (RLS) ensuring users can only access their own data
Data is encrypted in transit (TLS/SSL) and at rest
Authentication is managed through Supabase Auth with secure token-based sessions
Free account data stored in browser localStorage (web) is subject to the security of the user's device and browser
Fishmarks Connect maintains an on-device cache using React Native AsyncStorage so you can view your data offline. This cache lives inside the app's sandboxed container, protected by iOS and Android application sandboxing, and is removed when the app is uninstalled or you sign out.
While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
4. Data Sharing
We do not sell, rent, or trade your personal information to third parties.
We share your information only with the following service providers, solely for the purpose of operating the Service:
Stripe — Payment processing for web subscriptions (name, email, payment details)
Apple, Inc. — In-App Purchase processing and Sign in with Apple authentication for Fishmarks Connect (your Apple ID transaction details remain with Apple; we receive only the entitlement)
Supabase — Cloud database, authentication, and avatar file storage infrastructure
Google — Sign-In with Google authentication (only if you use it); Google Places API (only the address text you type for autocomplete in your profile)
Expo / Expo Application Services — Mobile app distribution and over-the-air updates for Fishmarks Connect (build artifacts and crash logs only; no personal user data is sent)
We may also share data if required by law, legal process, or to protect the rights, property, or safety of Fishmarks™, our users, or the public.
5. Your Rights
You have the right to:
Access your data: View all data associated with your account through the Service
Export your data: Download your waypoints, lists, and other data in GPX or CSV format at any time
Correct your data: Update your account information and waypoint data through the Service
Delete your data: Request deletion of your account and all associated data by contacting support at [email protected]
Cancel your subscription: Manage or cancel your subscription through your account settings
6. Cookies, Local Storage & Device Storage
The web application uses browser localStorage to store:
Free account waypoint and list data
User interface preferences (map layer, display settings, sidebar state)
Authentication session tokens
Fishmarks Connect uses on-device AsyncStorage (the React Native equivalent of localStorage) to store:
An offline cache of your waypoints, lists, tracks, routes, and catches so the app works without a network connection
App preferences such as units of measurement and last-visible group
Authentication session tokens (managed by Supabase Auth)
This device-level storage lives inside the app's sandboxed container and is removed when the app is uninstalled or you sign out.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not participate in cross-site or cross-app tracking networks. Fishmarks Connect does not use Apple's Advertising Identifier (IDFA) and does not present an App Tracking Transparency prompt.
7. Children's Privacy
The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].
8. Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. The "Last Updated" date at the top of this document indicates when the most recent changes were made. For material changes, we will provide notice through the Service or via email. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Notice.
Contact
If you have questions about this Privacy Policy, please contact us:
Fishmarks™, a Techlogic Advisors, LLC solution
Based in Florida, United States of America
Email: [email protected]
Stripe® is a registered trademark of Stripe, Inc. Apple®, App Store®, and Sign in with Apple are trademarks of Apple Inc. Google® is a registered trademark of Alphabet Inc. Supabase™ is a trademark of Supabase, Inc. Expo™ is a trademark of 650 Industries, Inc. OpenStreetMap® is a registered trademark of the OpenStreetMap Foundation. Bing™ is a trademark of Microsoft Corporation. Esri® is a registered trademark of Esri. All other trademarks, service marks, and trade names referenced herein are the property of their respective owners.