Privacy Policy

This Privacy Policy describes how Fishing Codex ("we", "the app", "Fishing Codex") handles your information. Fishing Codex is an iOS app for personal recording of fishing spots. It is operated by FISHINGCODEX LIMITED (NZ Companies Office NZBN 9429053662774), an Aotearoa New Zealand limited company ("the operator", "we", "us"). Contact: hello@fishingcodex.com.

What we collect

Fishing Codex collects only the minimum necessary to run the app. Specifically:

• Apple Sign-In identifier (optional) — if you sign in with your Apple ID, we receive a stable anonymous identifier and your email (which may be a private relay address that Apple generates). We never see your real Apple ID password.
• Spots you create — the name, optional notes, GPS coordinates, region tag, capture time, and any photos you attach. This information stays on your device unless you have signed in with Apple, in which case it also syncs to our cloud backend so you can access it from other devices.
• Photos you attach — captured via the device camera. Photos are stored locally and (if signed in) uploaded to private cloud storage scoped to your account.
• Crash and error reports — when the app crashes or hits an unhandled error, we send a diagnostic event to Sentry. Reports include stack traces, JavaScript error messages, the app version, and the iOS version. They do not include your spot data, GPS coordinates, photos, or identifying information beyond your Apple Sign-In identifier (if applicable).

Fishing Codex does not collect: contacts, calendar, microphone audio, ad identifiers, browsing history, third-party tracking signals, behavioural analytics, or your location outside the GPS coordinates you choose to attach to a spot.

How we use your information

• To save your spots and let you view them on your device.
• To sync your spots and photos across your devices if you are signed in.
• To diagnose crashes and fix bugs (via Sentry crash reports).
• To comply with the law if required (we do not voluntarily share data with third parties).

We do not use your information for advertising, profile building, or sale to third parties.

Where your information lives

• On your device — every spot you create is saved in a local database. Photos are saved to the app's private storage.
• Supabase (our cloud backend, hosted on AWS in the ap-southeast-2 region) — if you are signed in, your spots and photo metadata are also stored in your private account row, protected by row-level security.
• Cloudflare R2 (our private photo storage bucket) — uploaded photos live here, scoped under users/<your-account-id>/spots/<spot-id>/<photo-id>.webp and accessed via signed URLs.
• Sentry (our error reporting provider) — crash reports stay in our private Sentry project, retained per Sentry's default policy.

Your rights

You have the following controls inside the app:

• Delete a single spot — Pin detail → Delete. Soft-deleted immediately, fully removed during the next purge.
• Clear all local data — Settings → Data → Clear all local data. Empties the on-device database, deletes local photos, and clears app preferences.
• Export all your spots — Settings → Data → Export all spots (GPX). Generates a standards-compliant GPX file with every spot, sharable via Files / Mail / AirDrop.
• Delete your account — Settings → Danger Zone → Delete account. Permanently removes your cloud profile, spots, photos, and Apple Sign-In connection. Local data on the current device stays unless you also use Clear all local data or uninstall.
• Revoke Apple Sign-In — iCloud Settings → Apple ID → Password & Security → Apple ID Sign-In → Fishing Codex → Stop using Apple ID. Apple will notify our backend, which automatically deletes your account.

Children

Fishing Codex is not directed at children under 13 (or the equivalent age in your jurisdiction). We do not knowingly collect information from children. If you believe a child has used the app, please contact us and we will delete the relevant account.

Third parties

Fishing Codex relies on the following third-party services. Their privacy practices govern any data they process on our behalf:

• Supabase — authentication, database, edge functions.
• Cloudflare — photo storage (R2), DNS, network edge.
• Sentry — error and crash reporting.
• Apple — Sign in with Apple, TestFlight, App Store distribution.

Changes to this policy

If we change this Privacy Policy materially we will update the "Last updated" date above and, where appropriate, surface a notice in the app.

Contact

Questions or requests: hello@fishingcodex.com