Privacy Policy

Last updated: April 13, 2026

Your privacy is important to us. It is Rivolu LLC's policy to respect your privacy regarding any information we may collect from you through our apps and websites, including Fish & Tides (the "App"). By downloading, installing, or using the App, you agree to the collection and use of information in relation to this policy.

Information We Collect

Account information

Fish & Tides requires an account to log catches, earn XP, or redeem referrals. You can create an account two ways:

  • Apple Sign-In — we request only the name and email scopes. If you choose Apple's "Hide My Email" option, we never see your real email address.
  • Email and password — you provide an email and choose a password. We never transmit or store your password in plain text.

Your profile may also include a display name, an optional avatar, and an optional profile photo you upload yourself. You can view today's forecast, tides, and basic chart data without signing in.

Content you create

When you use the App, you generate data that we store so we can show it back to you and (for public posts) to other anglers:

  • Catches — species, weight, length, bait, notes, photos, the coordinates and time the catch was logged, and a snapshot of the tide/weather/score/moon/solunar conditions at that moment.
  • Trips — title, duration, and a single set of coordinates recorded at the trip's start. We do not track your continuous GPS path while fishing.
  • Gamification state — XP earned, badges unlocked, league tier, streaks, and challenge progress.
  • Referral data — your unique referral code, who referred you, and anyone who has joined through your code.

Information collected automatically

When the App communicates with our backend server, our server receives standard network metadata including your device type, operating system, app version, and IP address. We use this information to route API responses and to diagnose connectivity issues.

Location

Fish & Tides requests "While Using the App" location access only — we never ask for background or "Always" location permission, and we do not track your location when the App is closed. Location is used to show you nearby tide stations, fishing spots, and forecasts, and to tag catches with the spot you caught them. You can deny location access and still use the App by manually selecting a location. You can also change your mind at any time in iOS Settings → Privacy & Security → Location Services.

Government data sources

Fish & Tides displays data from NOAA, the U.S. National Weather Service (NWS), U.S. Geological Survey (USGS), UK Hydrographic Office (UKHO), the Bureau of Meteorology (Australia), and Open-Meteo. We do not share your personal information with these agencies — we only request public forecast data for the locations you view.

Third-party service providers

We use a small number of infrastructure partners to operate the App. Each one receives only the data necessary to perform its role, and no more:

  • Apple (App Store, StoreKit, Apple Sign-In) — processes purchases, subscriptions, and (optionally) your sign-in. Governed by Apple's Privacy Policy.
  • Superwall — displays our subscription paywalls and records paywall impressions and purchase events. Governed by Superwall's Privacy Policy.
  • Railway — hosts the Fish & Tides backend server that stores your account, catches, trips, and related data.
  • Amazon Web Services (S3) — stores the photos you upload with catches.

Analytics and advertising

Fish & Tides does not currently embed third-party analytics or crash-reporting SDKs in the App. We may, however, integrate advertising attribution services — such as Apple Search Ads Attribution, Meta for Business (Facebook/Instagram ads), Google Ads, or similar providers — so that we can measure whether our marketing drives app installs and first-time actions. When we do, we will:

  • Ask for your permission through Apple's App Tracking Transparency ("ATT") prompt the first time we request access to the iOS advertising identifier (IDFA). You can decline, and you can change your decision later in iOS Settings → Privacy & Security → Tracking. If you decline, we will not access your IDFA and we will not track you for advertising purposes.
  • Share only high-level installation and conversion events with our attribution partners — we will never share your catches, trips, photos, or other in-app content for advertising.
  • Update the "Third-party service providers" list above, and this Privacy Policy, to name the specific providers we use once they are integrated.

We do not sell or rent your personal information for monetary consideration. We do not use your data to build advertising profiles about you or to serve ads inside Fish & Tides itself.

Notifications

With your permission, Fish & Tides can send local notifications (generated on your device, not pushed from our server) for your daily forecast, bite-window alerts based on solunar periods, and a weekly best-day summary. Each type can be turned off individually in the App's settings, and you can also revoke notification permission in iOS Settings. The App does not send remote push notifications.

How We Use Information

We use the information we collect to:

  • Provide, operate, and improve Fish & Tides;
  • Generate your personalized fishing score, species intelligence, and catch history;
  • Communicate with you about updates, new features, or support requests;
  • Detect, prevent, and address technical issues, fraud, or abuse;
  • Conduct research and statistical analysis, improve our forecast and scoring models, and develop new features, products, and services — including through the training, evaluation, and refinement of algorithms and predictive models.

We will not sell your personal information. We will not share your information with third parties except as described in this Privacy Policy or with your consent.

Aggregated and De-identified Data

We may aggregate or de-identify information collected through the Service — including catch records, trip data, environmental conditions captured at the time of each entry, and usage data — so that it can no longer reasonably be used to identify you or your device. Once data has been aggregated or de-identified in this way, we consider it to be non-personal information, and we may use, retain, license, share, and commercialize it for any lawful purpose without restriction under this Privacy Policy. Such purposes include, but are not limited to, research, product development, statistical analysis, training and evaluation of algorithms and predictive models, industry benchmarks, and the creation of insights or forecasts that we or our partners may offer as separate products or services. We will maintain reasonable technical and organizational measures to prevent the re-identification of aggregated and de-identified data.

We may disclose user-provided and automatically collected information as required by law, such as to comply with a subpoena or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

In the future, we may sell to, buy, merge with, or partner with other businesses. In such transactions, user information may be among the transferred assets.

Your Choices and Rights

You are in control of your data. From within the App you can:

  • Edit or delete any catch or trip you have created.
  • Toggle individual notification types on or off, or disable notifications entirely.
  • Revoke location access at any time from your device settings.
  • Delete your account from Profile → Settings → Delete Account. Deletion is permanent — we remove your account, catches, trips, and uploaded photos from our servers.

Depending on where you live, you may have additional rights under privacy laws such as the GDPR (EU/UK) or the CCPA (California), including the right to access, correct, or request a copy of your personal data. To exercise these rights, contact us at admin@rivolu.com.

Data Retention

We retain your account data and catch history for as long as your account is active. When you delete your account, we remove your personal data from our production systems within a reasonable time, except where we are required to retain it by law or for legitimate business purposes (such as fraud prevention). Backups and caches may persist for a short period after deletion before being purged on normal rotation.

Children's Privacy

Fish & Tides is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can delete it.

Security

We value your trust in providing us your personal information, and we strive to use commercially acceptable means to protect it. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee its absolute security.

International Data Transfers

Rivolu LLC is based in the United States, and the infrastructure providers we use to operate Fish & Tides — including Railway (backend hosting) and Amazon Web Services (photo storage) — process and store data primarily in U.S. data centers. If you access the Service from outside the United States, please be aware that your information will be transferred to, stored in, and processed in the United States, where privacy and data-protection laws may differ from those of your home country. By using the Service, you consent to the transfer of your information to the United States.

Where required by applicable law (such as the EU or UK General Data Protection Regulation), we rely on appropriate safeguards for these transfers — such as the European Commission's Standard Contractual Clauses or equivalent mechanisms — and we take reasonable steps to ensure that your personal information receives an adequate level of protection in every jurisdiction where it is processed.

California Residents — Your Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the "CCPA"), gives you specific rights regarding the personal information we collect about you. This section supplements the rest of this Privacy Policy and applies solely to California residents.

Categories of personal information we collect

In the past twelve months, we have collected the following categories of personal information, as defined by the CCPA, from users of Fish & Tides:

  • Identifiers — such as name, email address, account identifier, device identifier, and IP address.
  • Commercial information — records of Pro subscriptions and referral activity.
  • Geolocation data — approximate or precise location when you grant permission, and the coordinates attached to catches and trips you log.
  • Internet or other electronic network activity information — information about your interactions with the Service, such as the screens you view and the API requests your device makes.
  • Visual information — photos you upload with your catches.
  • Inferences — derived insights such as your species intelligence patterns and fishing score history.

The business and commercial purposes for which we collect this information are described in the "How We Use Information" and "Aggregated and De-identified Data" sections above.

Sale or sharing of personal information

We do not sell your personal information for monetary consideration, and we do not "share" your personal information for cross-context behavioral advertising, as those terms are defined by the CCPA. In the past twelve months we have not sold or shared the personal information of any consumer, including minors under sixteen years of age. If we begin doing so in the future — for example, by integrating an advertising attribution partner — we will update this Privacy Policy and, where required, provide a "Do Not Sell or Share My Personal Information" mechanism.

Our use of aggregated and de-identified data, as described above, falls outside the CCPA's definition of personal information and is not considered a sale or sharing under the CCPA.

Your CCPA rights

Subject to certain exceptions, California residents have the following rights:

  • Right to know — to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to delete — to request that we delete personal information we have collected from you.
  • Right to correct — to request that we correct inaccurate personal information we maintain about you.
  • Right to limit use of sensitive personal information — to restrict our use of sensitive personal information to purposes permitted by CCPA § 7027(m). We do not currently use sensitive personal information for other purposes.
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights. Exercising these rights will not affect your ability to use the Service, your Pro subscription, or your account standing.

How to exercise your rights

To exercise any of these rights, email us at admin@rivolu.com with the subject line "California Privacy Request" and describe the right you wish to exercise. We may need to verify your identity before processing your request, and we will respond within the timeframe required by the CCPA (generally 45 days, with the possibility of one 45-day extension). You may also delete your account at any time from within the App at Profile → Settings → Delete Account, which will remove your personal information from our servers as described in the "Data Retention" section above.

You may authorize an agent to make a request on your behalf. If you use an authorized agent, we may require written permission signed by you and may verify your identity directly before processing the request.

Shine the Light

California's "Shine the Light" law (California Civil Code § 1798.83) permits California residents to request information regarding the disclosure of their personal information to third parties for the third parties' direct marketing purposes. Fish & Tides does not disclose personal information to third parties for their direct marketing purposes.

Links to Other Sites

Our App and website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. You are advised to review this page periodically for any changes. We will notify you of any material changes by posting the new Privacy Policy on this page. Changes are effective immediately after they are posted.

Contact Us

Your continued use of our apps and websites will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, please contact us at admin@rivolu.com.