Fishician® ("Fishician", "we", "us") is an aquarium companion application that helps hobbyists manage aquariums, track fish and water parameters, get AI-assisted care suggestions, and participate in an aquarium community. This policy explains what personal data we collect, why, how long we keep it, and the rights you have over it — including rights under the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA).
| Category | Examples | Source |
|---|---|---|
| Account identifiers | Email address, display name, hashed password, optional avatar | You, at registration |
| Aquarium records | Tanks, fish, equipment, water test logs, maintenance tasks, photos you add | You, in the app |
| Community content | Posts, comments, photos, videos, group and forum activity, direct messages | You, in community areas |
| AI requests | Text and images you submit to AI features (e.g. fish health scan), and the responses | You, when using AI tools |
| Security and device data | Session tokens, IP-derived security events, sign-in history, two-factor settings | Generated when you use the service |
| Preferences | Cookie/privacy choices, display settings | You |
We do not knowingly collect data from children under 13, and accounts are limited to users 13 and older.
Strictly necessary cookies keep you signed in and protect your account; they cannot be switched off. Optional functional, analytics, and advertising storage are controlled from the cookie banner or Privacy Choices inside the app (Settings → Privacy). We honor the Global Privacy Control (GPC) browser signal as an opt-out of sale/share.
Fishician may display ads (e.g. Google AdSense) on content pages and includes affiliate links to retailers such as Amazon. Ad scripts only load after you consent to advertising cookies. Affiliate links do not send retailers your Fishician account data; the retailer sets its own cookies on its own site. See our Advertising & Affiliate Disclosure.
We do not sell personal information, and we do not share it for cross-context behavioral advertising without your consent. The Privacy Choices "Do not sell or share" toggle records a CCPA/CPRA opt-out regardless.
| Data | Retention |
|---|---|
| Account and aquarium data | While your account is active; deleted or scrubbed when you delete your account |
| Community posts you delete | Removed from the service on deletion |
| Security event logs | Up to 365 days, then automatically purged |
| AI analysis logs | Up to 90 days, then automatically purged |
| Backups and legal-hold records | Limited period as needed for disaster recovery, security, or legal compliance |
Depending on where you live (GDPR for EU/UK, CCPA/CPRA for California, and similar state laws), you may have the right to:
To exercise any right, use the in-app controls or email privacy@fishician.app. We respond within the timelines required by applicable law (30 days GDPR, 45 days CCPA, extendable where permitted). We may need to verify your identity via your account email. Authorized agents may submit CCPA requests with proof of authorization. If you are in the EU/UK you may also lodge a complaint with your supervisory authority.
We operate on Cloudflare's global network; data may be processed in the United States and other countries. Where GDPR applies, transfers rely on appropriate safeguards such as standard contractual clauses implemented by our processors.
Protections include HTTPS everywhere, HttpOnly session cookies, PBKDF2-hashed passwords, optional two-factor authentication (TOTP or email codes), 2FA-enforced admin access, parameterized database queries, origin-checked requests, automated content moderation, and audit logging of security events. No system is 100% secure; report concerns to support@fishician.app.
We will post updates to this page and, for material changes, notify you in the app. Contact: privacy@fishician.app.