Privacy Policy

Keep Fishing is a coming-soon product operated by Thalweg Fishing LLC ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard information for Keep Fishing (the "Service").

1. Our Privacy Commitment

Privacy is a core product requirement. The Service is designed around private field records, explicit sharing, and protected catch-location context. Private does not mean local-only: Keep Fishing is a cloud-backed service with account-level access controls and third-party infrastructure providers listed below. The core principles are:

• Your Journal data is private by default. Journal records stay account-restricted unless you choose a specific share path.
• Strong access controls ensure only authorized account holders can access private Journal and Trip Watch data.
• Cloud-backed storage. Journal, Trip Watch, and media features may use Supabase, AWS, and map infrastructure to provide the Service.
• We do not sell or share your personal data with third parties for advertising or marketing purposes.
• Minimal data collection. We only collect what is necessary to provide the Service.

2. Information We Collect

2.1 Information You Provide

When you create an account and use Keep Fishing, you may provide:

• Account Information: Email address and password (password is hashed and never stored in plain text)
• Journal Data: Activities, catches, observations, notes, photos, media, and summary details you choose to save
• Trip Watch data: Safety contacts (including names, phone numbers, and email addresses of your designated safety contacts), trip timer details, check-in notes, vehicle descriptions, and related status history
• Preferences: Saved water, display settings, notification preferences

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Environmental Snapshots: When you save Journal activity, we automatically capture weather, water conditions, and tide data from our data sources (USGS, NOAA) at that moment
• Location Data You Permit: If you grant location access for Journal activity logging, maps, or Trip Watch, we may collect precise coordinates needed to provide those features
• Technical Data: Browser type, operating system, device type, and general location (country/region) for Service optimization

2.3 Information We Do NOT Collect

• Contact lists or address books
• External accounts or connections
• Biometric data
• Financial or payment information (unless and until billing is introduced)

2.4 Information About Third Parties

When you add safety contacts through the Trip Watch feature, you provide us with their names, phone numbers, and/or email addresses. You represent that you have informed these individuals and have their consent to share this information with Keep Fishing. We use this information solely to send safety alert notifications on your behalf. Safety contacts who are not Keep Fishing users can request deletion of their information by contacting support@thalwegfishing.com.

SMS opt-in data and consent (including phone numbers collected for trip watch SMS notifications) will not be shared with any third parties for marketing or advertising purposes. This information is used solely to deliver safety alert messages through our SMS provider (AWS SNS) as described in Section 5.2.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Display your personalized Home, Journal data, and Trip Watch status
• Save your preferences and settings
• Send Service-related communications (account verification, security alerts, important updates)
• Respond to your requests and provide customer support
• Detect, prevent, and address technical issues or abuse
• Send transactional SMS safety alerts to your designated safety contacts when trip check-in timers expire or trip status changes

4. How We Protect Your Information

4.1 Data Access Controls

Your Journal and Trip Watch data are protected by account-level access controls. This means:

• Requests only return data associated with your authenticated account
• Access to operational tooling is limited to what is necessary to run and secure the service

4.2 Data Storage

• Database: Your data is stored in Supabase (PostgreSQL) with encryption at rest and in transit
• Media: Journal photos and other media are stored in Supabase Storage with user-specific access controls
• Infrastructure: All infrastructure runs on secure, industry-standard cloud providers (AWS, Supabase)

4.3 Authentication

The Service uses Supabase Auth for secure authentication. Passwords are hashed using bcrypt and never stored in plain text. The Service supports secure session management with automatic token refresh.

5. Third-Party Services

We use the following third-party services to provide environmental data and infrastructure:

5.1 Data Sources (Public APIs)

• USGS NWIS: Water conditions data (flow, temperature, turbidity). No personal data is sent to USGS.
• NOAA / NWS: Weather forecasts, barometric pressure, National Water Prediction Service river forecasts, tides, currents, and alerts. No personal data is sent to these providers.
• Fish Passage Center, DART, and state/tribal sources:Biological and fish-passage context. No personal Journal data is sent to these providers.
• Open-Meteo: Additional weather data. No personal data is sent to Open-Meteo.

5.2 Infrastructure Providers

• Supabase: Database hosting, authentication, and file storage. Supabase is GDPR compliant and SOC 2 Type II certified.Supabase Privacy Policy
• Amazon Web Services (AWS): Lambda functions for data ingestion, CloudFront for content delivery, S3 for static assets, and Simple Notification Service (SNS) for SMS delivery of Trip Watch alerts. Safety contact phone numbers are transmitted to AWS SNS for message dispatch. AWS Privacy Policy
• MapTiler: Base map tiles for visualization. Your general location (tile coordinates) is transmitted when loading maps.MapTiler Privacy Policy

6. Cookies and Local Storage

Keep Fishing uses cookies and local storage for essential functionality:

• Authentication Cookies: Session tokens to keep you logged in securely
• Local Storage: User preferences, UI state, and offline queue support used by product features

We do not use third-party tracking cookies or analytics that track you across websites. We do not display advertisements.

7. Your Rights and Choices

7.1 Access and Export

Once account access is available, you can access personal data through Keep Fishing. The Service provides the ability to export Journal history and account data in a standard format.

7.2 Deletion

You can delete your account and all associated data at any time through your account settings. When you delete your account:

• All your Journal activities and entries are permanently deleted
• All your Journal media is permanently deleted
• Your Trip Watch contacts and trip history are permanently deleted
• Your preferences are permanently deleted
• Your email address is removed from our database

Deletion is permanent and cannot be undone. We may retain limited security and operational logs for troubleshooting and legal compliance.

7.3 Communications

You can opt out of non-essential communications at any time. We will still send important Service-related messages (security alerts, Terms of Service updates) as permitted by law.

Safety contacts designated through Trip Watch currently receive transactional SMS alerts. These contacts can opt out by replying STOP to any SMS, by requesting removal through the angler's Safety Contacts settings, or by contacting support@thalwegfishing.com.

Safety contacts will only receive SMS messages after they have confirmed their opt-in by replying YES to a confirmation text message. You may reply STOP to any message to opt out immediately. After opting out, you will receive a single confirmation message, and no further messages will be sent.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion, we may retain limited technical and security logs for a short period for security and troubleshooting purposes.

9. Children's Privacy

Keep Fishing is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your data may be processed and stored in the United States, where our infrastructure providers are located. By using the Service, you consent to the transfer of your data to the United States. We ensure all transfers comply with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us.

13. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect
• Right to delete your personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your rights

To exercise these rights, contact us.

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing

Our legal basis for processing personal data is your consent (account creation) and legitimate interests (Service improvement, security).