FishFinder Engine MN
← All legal documents

Privacy Policy

Version 0.1-draft · Effective 2026-04-29

Privacy Policy — FishFinder Engine™

Status: DRAFT — for attorney review. Effective Date: [Effective Date] Version: 0.1-draft Operator: [Company Legal Name — likely Bit Shift LLC, d/b/a FishFinder Engine] Contact: [Contact Email] — Mailing: 14200 Natalie Rd NE, Prior Lake, MN 55372, USA

This Privacy Policy describes how FishFinder Engine ("we," "us," "our") collects, uses, shares, and protects information when you use the FishFinder Engine website, iOS app, watchOS app, and SMS Trip Companion (together, the "Service"). It is incorporated into the End User License Agreement & Terms of Use.

If you do not agree, do not use the Service.

1. Information we collect

1.1 Information you provide directly

  • Account information: the email address, OAuth provider profile, and (if you choose) the phone number you provide through our identity sub-processor, Clerk. We never see your Clerk password.
  • Subscription information: when you pay through Stripe (web) or the App Store / Google Play (mobile), the payment processor collects the card or payment-method details. We receive only an opaque customer/subscription ID, the tier, and event metadata.
  • Catch logs: species, lake, date and time of catch, weight, length, lure, technique, weather notes, kept/released, free-form notes, and (if you grant permission) precise GPS latitude and longitude.
  • Catch photos: up to five photos per catch, up to 10 MB each, stored in per-tenant directories on our server.
  • Lure library: brand, category, color, photo, notes for each lure you add.
  • Trip planning: trip name, dates, status, target species, lake list, notes, lodging or meeting addresses (street address, city, state, ZIP, latitude/longitude, check-in/check-out dates and times), and the list of trip companions you choose to share the trip with.
  • Saved lakes / favorites / bookmarks / saved searches.
  • Public profile (opt-in): whatever stats you have explicitly chosen to show on your public profile page.
  • Bug reports: the category and free-form description (≤ 5,000 characters) you submit through the bug-report form.
  • AI prompts: the text of follow-up questions, AI search queries, and SMS Trip Companion replies you send. These are processed by Anthropic's Claude API and stored in your per-tenant database (for follow-ups) or in ops.db (for SMS) so that the conversation makes sense.
  • SMS preferences: your phone number, verification status, opt-in consent, opt-out actions, daily quiet-hours window, and which Trip Companion messages you have enabled.

1.2 Information collected automatically

  • Anonymous tenant cookie. When you visit the website, we set a first-party cookie that contains an internal tenant ID and provision a per-visitor SQLite database for you. This means the Service can remember your preferences and saved data across visits. You can clear this by deleting your cookies; however, doing so will also delete the link between you and any unsaved-but-stored data. See the Cookie & Tracking Policy.
  • Authentication cookie. After you sign in, Clerk sets a __session cookie that we read to identify you on each request.
  • Active-state cookie. A cookie named ffe_active_state records the state (e.g., MN, WI) you most recently selected so your search context persists.
  • Server logs. Our backend logs request paths, the tenant ID, the tier, HTTP status, error stack traces, and IP/user-agent metadata at the reverse-proxy layer (Cloudflare and Caddy). These logs are used for debugging, security, and abuse mitigation.
  • Bug-report metadata. When you submit a bug report we record the path you were on, your tenant ID, and the category, alongside your description.
  • SMS metadata. When you opt in or out of SMS, we store the action, timestamp, IP address, and user-agent associated with that consent (for TCPA recordkeeping).
  • Mobile-app metadata. When you use the iOS or watchOS app, the app may collect device-level data (OS version, app version, device model) to diagnose issues and to attribute catches to the correct device source (web, iphone, or watch).

1.3 Information from third parties

  • From Clerk: authentication tokens and the OAuth profile fields you authorized.
  • From Stripe / App Store / Google Play: subscription status, billing events.
  • From Apple: device push token (when push notifications are wired in).

1.4 Information we do not collect

  • We do not collect Social Security numbers, government identifiers, tax-ID numbers, race, ethnicity, religion, sexual orientation, or health/biometric data.
  • We do not buy data from data brokers.
  • We do not maintain advertising-tracking pixels or third-party analytics scripts in the web frontend as of the Effective Date.

2. How we use information

We use the categories above to:

  • Operate, maintain, and secure the Service;
  • Authenticate you, route you to the right account, and enforce tier and quota limits (e.g., ai_prompt limits in app/core/entitlements.py);
  • Process subscriptions through Stripe or the mobile app stores;
  • Generate AI-powered lake reports, fishing guides, follow-up answers, and natural-language search results;
  • Deliver SMS Trip Companion messages, including AI replies (Twilio + Anthropic);
  • Show you maps, lakes near you (when you grant location permission), and trip directions (Google Maps / Google Directions);
  • Show you your catches, stats, photos, lure library, and saved lakes;
  • Communicate service announcements, billing notices, trial expiry notices, and (only with your opt-in) Trip Companion SMS messages;
  • Investigate violations of the Terms or Acceptable Use Policy;
  • Improve the Service through aggregated, de-identified analytics;
  • Comply with law and respond to legal process.

We do not sell your personal information. [Attorney Review Needed] — confirm "do not sell or share" disclosure language for CCPA/CPRA.

3. AI processing

When you use AI features, we send the following to Anthropic for inference:

  • AI lake report card and AI species fishing guide: lake name and ID, state, county, area, depth, completeness score, species lists, invasive species, Phase 1 engine output, and the state's data-richness profile. We do not send your account email, your name, your photos, your catches, your stats, or any other personally identifying data.
  • AI follow-up Q&A: the lake context above, the prior AI report's output, and the text you typed. Your text is processed and stored in your per-tenant database in ai_followups.
  • AI natural-language search: the search text you typed and the recommendation result.
  • SMS Trip Companion AI replies: the SMS body you sent (which can include free text). The reply is dispatched through Twilio.

AI lake reports are cached in ai_lake_reports (per state's shared.db) and regenerated only when the underlying data changes. AI species guides are cached in ai_species_guides. Caching means the same response may be shown to multiple users, and that the cached output can be served minutes or weeks after the original generation. See the AI Disclaimer.

Anthropic processes the data on its infrastructure under its own privacy and confidentiality terms.

4. Sub-processors and third parties we share with

We share information with the following sub-processors and service providers, only to the extent necessary to operate the Service:

Sub-processor Purpose Categories shared
Clerk (clerk.com) Authentication, user identity Email, OAuth profile, phone (optional), session cookies
Stripe (stripe.com) Web payments, subscription management, customer portal Customer ID, billing events, payment-method details (held by Stripe)
Apple App Store / StoreKit iOS in-app purchases (when applicable) Apple-side billing data
Google Play Android distribution and IAP (when applicable) Google-side billing data
Anthropic (Claude API) AI report, follow-up, species guide, NL search, SMS Trip AI Lake metadata + Phase 1 scores; user-typed prompts for follow-ups, NL search, and SMS replies
Google Maps + Google Directions Mapping, geocoding, directions Lat/lon, lake names, addresses, when those features are used
Twilio (twilio.com) Outbound and inbound SMS, phone verification Phone number, SMS body, verification codes, consent metadata
Apple APNs iOS push notifications (when wired) Device push token
Cloudflare CDN, DNS, SSL, DDoS protection Request metadata in transit
Linode (Akamai) Server hosting Persisted data and logs
OpenStreetMap Map tiles via Leaflet Tile-fetch URLs (which include lat/lon for the visible area)

We may also share information when required by law, in response to subpoenas or court orders, or to protect the safety, rights, or property of the Company, our users, or the public.

We do not share your information for advertising purposes and do not place advertising trackers in the web frontend as of the Effective Date.

5. Cookies, local storage, and persistent identifiers

See the Cookie & Tracking Policy.

In summary, we use:

  • A first-party cookie holding an anonymous tenant ID;
  • A first-party cookie holding the active-state code (ffe_active_state);
  • The Clerk authentication cookie (__session);
  • Local storage and window.__mnLakePerms for tier-permission gating in the browser;
  • iOS UserDefaults keys prefixed ffe_;
  • watchOS AppStorage keys prefixed ffe_watch_.

We do not use Google Analytics, Mixpanel, Plausible, Segment, or any similar analytics SDK in the web frontend as of the Effective Date.

6. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us at [Contact Email] and we will delete it. [Attorney Review Needed] to finalize age threshold and any COPPA controls.

7. Retention and deletion

7.1 Account data. We retain your account, catch logs, photos, lure library, trip plans, AI follow-ups, and other tenant data for as long as your account is active.

7.2 Anonymous tenant data. If you visit the Service without signing in, we provision an anonymous tenant database keyed to a cookie. As of the Effective Date there are approximately 36,000+ such databases, of which a substantial number are abandoned. [Attorney Review Needed] to set a retention/cleanup window for anonymous tenant DBs (recommended: 180 days after last access).

7.3 Backups and logs. Server logs are retained for [30 days — placeholder]. Backups are retained for [30 days — placeholder].

7.4 Account deletion. As of the Effective Date the Service does not expose a self-service "delete my account" feature. To request deletion, email [Contact Email]. We will delete or de-identify your account, catch logs, photos, trip data, lure library, and AI follow-ups within [30 days — placeholder] of confirming the request, except where retention is required by law (e.g., billing records).

7.5 Source archive and lake data. Public DNR data and the source_archive table are retained indefinitely; they do not contain personal information.

8. Security

We use HTTPS in transit, server-side credential storage (no client-side secrets), Clerk-managed JWT validation, scoped sub-processor API keys (MN_LAKE_* env vars), per-tenant SQLite isolation, path-traversal protection on tenant DB resolution, and a non-root Docker user (appuser). No system is perfectly secure. You are responsible for protecting your own device, your sign-in method, and your phone if you opt in to SMS.

9. Your rights

Depending on where you live, you may have rights to:

  • access the personal information we hold about you;
  • correct inaccurate information;
  • request deletion;
  • object to or restrict certain processing;
  • port your information.

To exercise any of these rights, email [Contact Email]. We will respond within the timeframe required by applicable law.

California residents (CCPA/CPRA): you have additional rights to know, delete, correct, opt out of "sharing" or "selling," and limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.

EEA, UK, or Swiss residents: the Service is not currently directed to you. If you nonetheless use the Service, your information is transferred to and processed in the United States. [Attorney Review Needed] — confirm posture and any required safeguards.

10. International users

The Service is operated from the United States. By using the Service from outside the United States, you consent to the transfer of your information to the United States, where data-protection laws may differ from those in your country.

11. Changes

We may update this Privacy Policy. Material changes will be posted at /privacy and announced via email and/or in-app notice. We track the Privacy Policy version you most recently accepted; see the Implementation Checklist.

12. Contact

  • Email: [Contact Email]
  • Mail: [Company Legal Name] d/b/a FishFinder Engine, 14200 Natalie Rd NE, Prior Lake, MN 55372, USA

[Attorney Review Needed] — finalize children's-privacy threshold, retention windows, deletion windows, EEA/UK posture, CCPA/CPRA disclosures, do-not-sell language, sub-processor list, and confirm contact address.

This document is a non-attorney first pass and is not legal advice.

Report a Bug

Found something broken? Let us know and we'll fix it.

Thank you!

Your report has been submitted. We'll look into it.