# Privacy Policy
*Last updated: 2026-01-17*
This Privacy Policy describes how **Musa Tasci** ("we", "us", "our") collects, uses, and protects information when you use the **AnyFish** mobile application and related services (the **"Service"**).
By using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
---
## 1. Data Controller
**Controller:**
Musa Tasci
**Contact:**
[email protected]
---
## 2. Data We Collect
### 2.1 Account and Authentication Data
- **Anonymous User Identifier (Firebase UID)**: Created automatically when you use the app
- **Email Address** (optional): If you choose to create an account with email/password authentication
- **Email Verification Status**: Whether your email has been verified
- **Account Creation and Update Timestamps**: When your account was created and last updated
### 2.2 Fish Identification Data
- **Photos for Identification**: Images you take or upload to identify fish species
- These photos are temporarily uploaded to Firebase Storage for AI processing
- Photos are automatically deleted from our servers after identification is complete
- **Fish Collection Data**: Your saved fish identifications, species information, and personal notes
- **Stored locally on your device only** (AsyncStorage)
- **Not uploaded to our servers or cloud storage**
- This data may be lost if you uninstall the app or lose access to your device
### 2.3 AI Chat Data
- **Chat Messages**: Conversations you have with the AI fish expert
- Chat history is stored locally on your device (AsyncStorage)
- Messages are sent to AI services for processing and generating responses
- Messages may be used to improve the Service and AI models
### 2.4 Subscription and Payment Data
- **RevenueCat/Superwall Identifiers**: Subscription status and purchase information
- **In-App Purchase Data**: Subscription type, purchase date, expiration date, renewal status
- **Device Information**: Device type (iOS/Android) for subscription management
### 2.5 App Preferences and Settings
- **Language Preferences**: Your preferred language for the app interface
- **Marketing Channel**: How you discovered the app (if provided)
- **Notification Preferences**: Whether you have enabled push notifications
### 2.6 Technical and Usage Data
- **Push Notification Tokens**: To send you notifications (if enabled)
- **Device Information**: Device type, operating system version
- **App Usage Data**: Operational logs and analytics for app functionality and improvements
- **Error Logs**: Technical information to diagnose and fix issues
> **Important Note:**
>
> Your fish collection data (saved identifications and species) and chat history are stored **only on your device** and are **not uploaded to our servers**. Photos uploaded for fish identification are temporarily stored in Firebase Storage and automatically deleted after processing.
---
## 3. Purposes & Legal Bases (GDPR Art. 6)
We process personal data based on the following legal grounds:
| Purpose | Legal Basis |
| --- | --- |
| Providing core app functionality (fish identification, AI chat) | Performance of a contract |
| Subscription management and billing | Performance of a contract |
| Storing photos temporarily for identification | Performance of a contract |
| Processing chat messages with AI services | Performance of a contract |
| Analytics, diagnostics, and security | Legitimate interest |
| Push notifications | Consent |
| Legal compliance | Legal obligation |
| Improving AI models and service quality | Legitimate interest |
You may withdraw your consent for push notifications at any time via your device settings.
---
## 4. Service Providers (Processors)
We use trusted third-party processors that may process data on our behalf:
- **Google Firebase**
- **Authentication**: Anonymous and email/password authentication
- **Firestore**: User account data, preferences, subscription information
- **Storage**: Temporary storage of photos for fish identification (deleted after processing)
- **Functions**: Server-side processing for fish identification and AI chat
- **RevenueCat / Superwall**: Subscription management, payment processing, paywall display
- **Expo**: Push notification services
- **AI/ML Services**: Fish identification and AI chat functionality (messages are processed but not permanently stored by these services)
These providers are contractually bound to comply with GDPR, CCPA, and other applicable data protection laws.
---
## 5. International Transfers
Data may be transferred to countries outside the EU/EEA, including the United States, for processing by our service providers.
Where required by law, we rely on **Standard Contractual Clauses (SCCs)** or equivalent safeguards to ensure adequate protection of your personal data.
---
## 6. Data Retention
- **Account-related data**: Retained as long as necessary to provide the Service or as required by law
- **Fish collection data**: Stored locally on your device; not retained by us after app uninstallation
- **Chat history**: Stored locally on your device; not retained by us after app uninstallation
- **Photos for identification**: Automatically deleted from Firebase Storage immediately after identification processing
- **Subscription data**: Retained as long as necessary for subscription management and legal compliance
- **Push notification tokens**: Retained until you disable notifications or delete your account
- **Operational logs and analytics**: Retained for a reasonable period for security and service improvement purposes
- **Anonymous identifiers**: May be retained for legal or compliance reasons
---
## 7. Your Rights (GDPR)
If you are located in the EU/EEA, you have the right to:
- **Access**: Request access to your personal data
- **Rectification**: Request correction of inaccurate data
- **Erasure**: Request deletion of your data ("right to be forgotten")
- **Restrict Processing**: Request restriction of processing in certain circumstances
- **Data Portability**: Receive your data in a structured, commonly used format
- **Object**: Object to processing based on legitimate interests
- **Withdraw Consent**: Withdraw consent at any time (for push notifications)
- **Lodge a Complaint**: File a complaint with a supervisory authority
You can exercise these rights by contacting us at **[email protected]**.
**Note**: Fish collection data and chat history stored locally on your device are not accessible to us and cannot be deleted remotely. You can delete this data by uninstalling the app or clearing app data through your device settings.
---
## 8. Your Rights (CCPA / CPRA – California)
California residents have the right to:
- **Know**: Know what personal information is collected, used, shared, or sold
- **Delete**: Request deletion of personal information
- **Correct**: Request correction of inaccurate personal information
- **Opt-Out**: Opt-out of the sale or sharing of personal information
- **Non-Discrimination**: Not be discriminated against for exercising these rights
> **We do not sell or share personal information as defined by the CCPA/CPRA.**
Requests can be made via **[email protected]**.
---
## 9. Children's Privacy
The Service is not intended for children under 13 years of age (or the minimum age in your jurisdiction).
We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at **[email protected]**.
---
## 10. Security
We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
These measures include:
- Encryption of data in transit and at rest
- Secure authentication mechanisms
- Regular security assessments
- Access controls and monitoring
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
**Important**: Fish collection data and chat history stored locally on your device are protected by your device's security measures. You are responsible for securing your device and backing up this data if desired.
---
## 11. Data Storage Locations
- **Firebase Services**: Data is stored in Firebase's secure cloud infrastructure
- **Local Device Storage**: Fish collection data and chat history are stored locally on your device using AsyncStorage
- **Service Provider Servers**: Subscription data may be stored on RevenueCat/Superwall servers
- **AI Service Providers**: Chat messages are temporarily processed by AI services but not permanently stored
---
## 12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
We will notify you of any material changes by:
- Posting the updated Privacy Policy in the app
- Updating the "Last updated" date at the top of this policy
- Providing notice through the app or other reasonable means
Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
---
## 13. Contact
For privacy-related questions, requests, or concerns:
**Email:** [email protected]
We will respond to your inquiry within a reasonable timeframe and in accordance with applicable law.
---
## 14. Additional Information
### 14.1 Third-Party Services
Your use of third-party services (Apple App Store, Google Play Store, payment processors) is subject to their respective privacy policies and terms of service.
### 14.2 AI Processing
When you use the AI chat feature, your messages are sent to AI service providers for processing. These providers may process your messages to generate responses but do not permanently store your conversations. Chat history is stored locally on your device only.
### 14.3 Photo Processing
Photos you upload for fish identification are:
1. Temporarily uploaded to Firebase Storage
2. Processed by AI services for identification
3. Automatically deleted from our servers after processing
4. Not used for any other purpose
### 14.4 Local Data
Fish collection data and chat history stored locally on your device:
- Are not accessible to us
- Cannot be synced across devices
- May be lost if you uninstall the app or lose access to your device
- Are your responsibility to back up if desired
---
*This Privacy Policy is effective as of the "Last updated" date shown above.*