Privacy Policy

Last updated: 18 February 2026

Important: This privacy policy is provided as a draft and must be reviewed by a qualified solicitor before being relied upon as a legal document.

1. Data Controller

The data controller for the Let's Fish application and website ("Service") is:

Trinnacle Software Engineering Solutions Ltd
Email: steven@lets.fish
ICO Registration Number: [INSERT REGISTRATION NUMBER]

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

2.1 Account Information

When you register for an account, we collect:

  • Name
  • Email address
  • Date of birth (to verify age eligibility)
  • Profile information provided via third-party authentication (Google, Apple, Facebook)

2.2 User Content

When you use the Service, you may provide:

  • Photographs of fishing trips and catches
  • Trip reports and descriptions
  • Location data associated with trips and fishing venues

2.3 Usage Data

We automatically collect:

  • Device information (device type, operating system)
  • Usage patterns and feature interactions
  • IP address
  • Analytics data (via Google Analytics and PostHog)

2.4 Payment Data

Subscription payments are processed by RevenueCat and the applicable app store (Apple or Google). We do not directly collect or store your payment card details. We receive confirmation of your subscription status from RevenueCat.

3. Legal Basis for Processing

We process your personal data under the following legal bases (UK GDPR Article 6):

  • Contract: Processing necessary for the performance of our contract with you (providing the Service, managing your account and subscription)
  • Legitimate interests: Processing necessary for our legitimate interests (improving the Service, analytics, security), where those interests are not overridden by your rights
  • Consent: Where you have given specific consent (e.g. marketing communications)
  • Legal obligation: Processing necessary for compliance with a legal obligation

4. How We Use Your Data

We use your personal data to:

  • Provide, maintain, and improve the Service
  • Manage your account and subscription
  • Verify your age eligibility (13+ requirement)
  • Display your User Content within the Service
  • Generate AI-powered fishing trip descriptions (via OpenAI)
  • Provide weather information for fishing locations (via OpenWeather)
  • Provide location imagery (via Geograph)
  • Analyse usage patterns to improve the Service
  • Communicate with you about your account or the Service
  • Ensure the security and integrity of the Service

5. Third-Party Services

We share data with the following third-party service providers:

Service Purpose Data Shared
RevenueCat Subscription and payment management User ID, subscription status
OpenAI AI-generated trip descriptions Trip content (text only)
Amazon Web Services (S3) Image storage Uploaded photographs
Google OAuth Authentication Name, email (from Google)
Apple Sign In Authentication Name, email (from Apple)
Facebook Login Authentication Name, email (from Facebook)
Google Analytics Website analytics Usage data, IP address
PostHog Product analytics Usage data, device info
OpenWeather Weather data Location coordinates
Geograph Location imagery Location coordinates

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

6. Children's Data

The Service is available to users aged 13 and over. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.

For users aged 13 to 17:

  • The Service is free of charge (no subscription required)
  • We implement age-appropriate design principles in accordance with the ICO Age Appropriate Design Code (Children's Code)
  • We minimise the data we collect from under-18 users
  • Location and profiling features are set to privacy-protective defaults
  • We do not use personal data of under-18 users for marketing purposes

6a. Automated Processing and AI Features

The Service uses OpenAI to generate suggested descriptions for fishing trip reports. This feature processes text content you provide (such as catch details and conditions) to generate a draft description. You retain full control over whether to use, edit, or discard the AI-generated output.

This feature does not constitute automated decision-making that produces legal or similarly significant effects on you within the meaning of UK GDPR Article 22. No decisions about your access to the Service, your subscription status, or your account are made solely by automated means without human review.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you delete your account
  • User Content: Retained until you delete it or your account
  • Analytics data: Retained in accordance with our analytics providers' retention policies
  • Payment records: Retained for 6 years from the end of the relevant financial year, as required by HMRC and the Companies Act 2006

When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain it.

Please note that deletion from primary systems may not immediately remove data from backup systems. Backup copies are purged on a rolling 30-day cycle.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request that we limit our processing of your data
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at steven@lets.fish. We will respond to your request within one month.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. Cookies fall into the following categories:

  • Strictly necessary cookies: Required for the Service to function (e.g. session management, authentication). These do not require your consent.
  • Analytics cookies: Used to understand how visitors use the Service (Google Analytics, PostHog). These are only placed with your consent.

When you first visit our website, you will be presented with a cookie consent notice that allows you to accept or decline non-essential cookies. You can change your preferences at any time via the cookie settings link in the footer.

Withdrawing your consent for analytics cookies will not affect the functionality of the core Service.

Our mobile app does not use browser cookies. Analytics within the app (via PostHog) are covered under the legitimate interests basis described in ยง3, and you may opt out via your account settings.

10. International Data Transfers

Some of our third-party service providers are based outside the UK. Where personal data is transferred outside the UK, we rely on one or more of the following safeguards:

  • UK adequacy regulations: Transfers to countries that the UK Secretary of State has determined provide an adequate level of data protection.
  • International Data Transfer Agreements (IDTAs): The ICO's standard contractual clauses for international transfers from the UK.
  • UK-US Data Bridge: Where a US-based provider is certified under the UK Extension to the EU-US Data Privacy Framework.

A list of the third-party providers we use and the transfer mechanisms applicable to each is available on request by contacting us at steven@lets.fish.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption of data in transit and at rest, secure authentication mechanisms, and regular security reviews.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Trinnacle Software Engineering Solutions Ltd
Email: steven@lets.fish

We use cookies to improve your experience and analyse site usage. See our Privacy Policy for details.