Privacy Policy | FISHMARKS GPS Fishing App Data Protection

Effective Date: February 10, 2026 • Last Updated: April 10, 2026

Data Security

Complete Data Isolation

Every database query is enforced with Row-Level Security (RLS) — a PostgreSQL feature that guarantees you can only access your own data. This isn't application-level filtering that can be bypassed; it's enforced at the database engine itself. No other user can ever see your waypoints, catches, trips, or routes.

Encrypted at Rest & In Transit

All data stored in our database is encrypted at rest using AES-256 encryption. Every connection between your browser and our servers uses TLS (HTTPS), so your data is encrypted in transit as well. No one can intercept or read your information.

Optional Client-Side Encryption

For maximum protection, you can enable client-side encryption from Settings > Security. Your waypoint names, coordinates, and notes are encrypted in your browser using AES-256-GCM before they ever leave your device. Only you hold the passphrase — we never see it and cannot decrypt your data. Even if our database were compromised, your encrypted waypoints would be unreadable without your passphrase.

When you share a list, waypoints in that list are automatically stored as plaintext so recipients can view them. They are re-encrypted if you later remove all guests.

We Don't View Your Data

We do not browse, analyze, or mine your waypoints or any other personal data. We have no interest in where you fish. Our database infrastructure is managed by Supabase, an open-source platform with SOC 2 Type II compliance, meaning their security practices are independently audited.

Sharing is Always Opt-In

Your data is private by default. Nothing is ever shared unless you explicitly choose to share a list with another user. You control who has access and can revoke it at any time.

Your Data, Your Control

You can export all of your data at any time in GPX or CSV format. If you ever want to leave, you can delete all of your data permanently from Settings. We don't hold your data hostage.

Secure Payments

All payment processing is handled by Stripe, a PCI Level 1 certified payment processor. We never see or store your credit card number. Stripe handles billions of dollars in transactions annually for companies like Amazon and Google.

The data security features described above — including database encryption, row-level security, cloud storage, and client-side encryption — apply to paid subscriptions (Angler and Captain). Free accounts store data locally in the browser and do not use cloud-based security infrastructure.

AES-256 Encryption SOC 2 Type II (Supabase) PCI Level 1 (Stripe) Row-Level Security Client-Side Encryption

Privacy Notice

This Privacy Notice describes how Fishmarks™ ("we", "us", "our"), operated by Techlogic Advisors, LLC, collects, uses, and protects your personal information when you use our Service. The "Service" includes both the Fishmarks web application at app.fishmarks.com and the Fishmarks Connect mobile companion app available on the Apple App Store. Where a practice differs between platforms, this Notice will say so explicitly.

1. Information We Collect

Information you provide:

Account information: name and email address are required; mobile number and postal address are optional
GPS waypoints, lists, trip logs, catch records, tracks, and route data you create
Profile photo (avatar) you upload, including via your device’s photo library when using Fishmarks Connect
Communications you send to us (contact form submissions, support requests)

Information collected automatically:

Login history (timestamps, browser/device information, login method)
Usage data (features accessed, subscription changes)
Browser type and user agent string (web application)
Device model, operating system version, and app version (Fishmarks Connect)

Information collected by third parties:

Stripe collects and processes payment information for subscriptions purchased on the web. We do not store credit card numbers or full payment details on our servers.
Apple, Inc. collects and processes payment information for subscriptions purchased through Fishmarks Connect via the App Store In-App Purchase system. We receive a transaction receipt and tier entitlement from Apple but do not see your Apple ID credentials, full payment details, or transaction-level financial data.
If you Sign in with Google, we receive your name, email, and profile picture from Google.
If you Sign in with Apple on Fishmarks Connect, we receive a stable user identifier and, only on first sign-in if you choose to share it, your name and either your real or a private relay email address generated by Apple.
If you use the address autocomplete in your profile, the text you type is sent to the Google Places API to fetch suggestions and the selected place’s address components. Google may log these queries per its own privacy policy.

Mobile device permissions (Fishmarks Connect):

Photo library — requested only when you tap to upload an avatar; we never access your photos otherwise.
Location — used only to display your current position as a marker (the “blue dot”) on the map while the app is in the foreground. Your location is not transmitted to our servers, not stored, and not tracked in the background.

2. How We Use Your Data

We use the information we collect to:

Provide, maintain, and improve the Service
Process subscription payments and manage billing
Send service-related communications (account confirmations, billing notifications)
Respond to your support requests and inquiries
Monitor usage for abuse prevention and security purposes
Generate anonymized, aggregate statistics to improve the platform

We do not use your data for advertising purposes. We do not build advertising profiles from your fishing data or waypoint information.

3. Data Storage & Security

Your data is stored securely using industry-standard practices:

Cloud data is stored in a PostgreSQL database hosted by Supabase with Row-Level Security (RLS) ensuring users can only access their own data
Data is encrypted in transit (TLS/SSL) and at rest
Authentication is managed through Supabase Auth with secure token-based sessions
Free account data stored in browser localStorage (web) is subject to the security of the user's device and browser
Fishmarks Connect maintains an on-device cache using React Native AsyncStorage so you can view your data offline. This cache lives inside the app's sandboxed container, protected by iOS and Android application sandboxing, and is removed when the app is uninstalled or you sign out.

While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We share your information only with the following service providers, solely for the purpose of operating the Service:

Stripe — Payment processing for web subscriptions (name, email, payment details)
Apple, Inc. — In-App Purchase processing and Sign in with Apple authentication for Fishmarks Connect (your Apple ID transaction details remain with Apple; we receive only the entitlement)
Supabase — Cloud database, authentication, and avatar file storage infrastructure
Google — Sign-In with Google authentication (only if you use it); Google Places API (only the address text you type for autocomplete in your profile)
Expo / Expo Application Services — Mobile app distribution and over-the-air updates for Fishmarks Connect (build artifacts and crash logs only; no personal user data is sent)
Resend — Transactional email delivery (name, email, message content)

We may also share data if required by law, legal process, or to protect the rights, property, or safety of Fishmarks™, our users, or the public.

5. Your Rights

You have the right to:

Access your data: View all data associated with your account through the Service
Export your data: Download your waypoints, lists, and other data in GPX or CSV format at any time
Correct your data: Update your account information and waypoint data through the Service
Delete your data: Request deletion of your account and all associated data by contacting support at [email protected]
Cancel your subscription: Manage or cancel your subscription through your account settings

6. Cookies, Local Storage & Device Storage

The web application uses browser localStorage to store:

Free account waypoint and list data
User interface preferences (map layer, display settings, sidebar state)
Authentication session tokens

Fishmarks Connect uses on-device AsyncStorage (the React Native equivalent of localStorage) to store:

An offline cache of your waypoints, lists, tracks, routes, and catches so the app works without a network connection
App preferences such as units of measurement and last-visible group
Authentication session tokens (managed by Supabase Auth)

This device-level storage lives inside the app's sandboxed container and is removed when the app is uninstalled or you sign out.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not participate in cross-site or cross-app tracking networks. Fishmarks Connect does not use Apple's Advertising Identifier (IDFA) and does not present an App Tracking Transparency prompt.

7. Children's Privacy

The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

8. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. The "Last Updated" date at the top of this document indicates when the most recent changes were made. For material changes, we will provide notice through the Service or via email. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Notice.

Contact

If you have questions about this Privacy Policy, please contact us:

Fishmarks™, a Techlogic Advisors, LLC solution
Based in Florida, United States of America
Email: [email protected]

Stripe® is a registered trademark of Stripe, Inc. Apple®, App Store®, and Sign in with Apple are trademarks of Apple Inc. Google® is a registered trademark of Alphabet Inc. Supabase™ is a trademark of Supabase, Inc. Expo™ is a trademark of 650 Industries, Inc. OpenStreetMap® is a registered trademark of the OpenStreetMap Foundation. Bing™ is a trademark of Microsoft Corporation. Esri® is a registered trademark of Esri. All other trademarks, service marks, and trade names referenced herein are the property of their respective owners.