Last updated: 8 July 2026
FishIQ is an offshore fishing intelligence app for sport-fishing captains, operated by Triple 3 LLC ("FishIQ", "we", "us"). We are private by default. This policy explains what personal data we collect, why, the legal bases for it, who processes it on our behalf, how long we keep it, and the controls and rights you have. It applies to the FishIQ mobile apps and related services.
Where the GDPR or UK GDPR applies, we rely on the legal bases noted below (Art. 6). Elsewhere, we use your data for the same purposes.
| Purpose | Data | Legal basis |
|---|---|---|
| Create and secure your account | Account identifiers, email | Contract |
| Log catches, track trips, show nearby conditions and predictions | Precise location, catch logs, preferences | Contract; consent for precise location |
| Improve the prediction model (privacy-preserving aggregate only — section 4) | Donut-masked, k-anonymised catch data | Legitimate interests |
| Operate subscriptions and entitlements | Purchase state, user id | Contract |
| Send condition notifications you enabled | Push token, preferences | Consent |
| Fix crashes, prevent fraud and abuse, maintain security | Diagnostics, usage events | Legitimate interests; legal obligation |
We do not use your data for third-party advertising, we do not track you across other companies' apps or websites, and we do not sell your personal information.
Your raw coordinates stay in the account row you own, protected by row-level security so only you can read them. Any cross-user or aggregate surface reads through a server-side view that first:
Even if access rules were ever loosened by mistake, a shared row would still expose only a masked coordinate — never your raw GPS fix. As with any location masking, we cannot guarantee that a determined third party could never estimate a location using other information; we design conservatively to prevent it. We never auto-expose one captain's catches to another captain at GPS precision, and we never share your account email with other users.
We share data only with the service providers (subprocessors) needed to run the app, each under their own terms:
We may also disclose data if required by law, to protect rights and safety, or in connection with a merger or acquisition (in which case this policy continues to govern your data).
We keep your account and the data you create until you delete it or close your account. You can delete individual catches at any time. When you delete your account, we remove your account and associated personal data (catches, trips, preferences, push tokens, entitlements) from our production systems within 30 days, except where we must retain limited records to meet legal, tax, accounting, or fraud-prevention obligations. Backups are retained for a limited period and then overwritten. Anonymised, donut-masked aggregates that can no longer be tied to you may be retained to keep the model working.
Data in transit is encrypted with TLS. Access to production data is restricted and governed by row-level security, so a signed-in user can read only their own rows. No system is perfectly secure, but we design for private-by-default.
We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA). Because we do neither, we do not offer a "Do Not Sell or Share My Personal Information" opt-out — there is nothing to opt out of.
Depending on your U.S. state, you may have the right to know what personal information we collect and how we use it, to access or delete it, to correct it, and to not be discriminated against for exercising these rights. The categories we collect are described in section 2 (identifiers, precise geolocation — treated as sensitive personal information, user content, commercial/purchase information, and internet/usage activity). To exercise a right, email us at the address below; we will verify your identity and respond within the timeframes your state's law requires. You may use an authorized agent where the law permits.
The controller is Triple 3 LLC. Our legal bases are listed in section 3. You have the rights of access, rectification, erasure, restriction, objection (including to processing based on legitimate interests and to any direct marketing), and data portability, and you may withdraw consent at any time without affecting prior processing. Where we transfer data outside the EEA/UK (for example to our U.S. providers), we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses. You may lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office).
FishIQ is intended for adult sport-fishing captains and is not directed to children under 13 (or the equivalent minimum age in your country). You must be at least 18 to hold an account. We do not knowingly collect personal data from children; if you believe a child has provided us data, contact us and we will delete it.
We operate in the United States, and our providers may process data there and in other countries. By using the app you understand your data may be processed in the United States.
We may update this policy as the app evolves, and will update the "Last updated" date above; for material changes we will provide in-app or email notice where appropriate. We will never materially change this policy to make it less protective of information we already collected without any legally required consent.
Privacy questions or requests: brandon@triple333llc.com
FishIQ is operated by Triple 3 LLC.