Legal documents

Privacy

Website privacy is listed first, followed by the app privacy policy. The website policy stays narrow; the app policy covers accounts, catch data, sharing and optional AI features.

WebsiteWebsite Privacy Policy AppApp Privacy Policy

Website

Website Privacy Policy

This policy covers the website only: the landing page, necessary technical operation and contact form.

Version: 1.0
Last updated: 14 June 2026
Effective date: 14 June 2026
Applies to: catchcompass.com

Who is the controller

The controller of personal data processed under this policy is Petterik Oy, Business ID FI31027281, registered in Finland. You can contact us at [email protected]. Data Protection Officer: not applicable unless later appointed. This policy covers the website only. The mobile app and backend service are covered by the app privacy policy below.

What personal data we collect

Because this is a simple landing page, we collect only limited categories of data:

Support form and correspondence data: your name, email address or other contact detail, message, and any files or information you choose to include;
Technical website data: IP address, browser type, device information, language setting, date/time and basic request logs generated when you access the site;
Strictly necessary cookie data: small technical identifiers required to make the website work, keep it secure, or remember basic settings such as a language choice, if used.

How and why we use your data

Purpose	Typical data used	Lawful basis
To operate, secure and maintain the website	Technical website data, necessary cookies, logs	Our legitimate interests in running a secure website; where relevant, the technical-cookie exception applicable to strictly necessary cookies
To respond to support or contact requests	Support form data and correspondence	Our legitimate interests in handling enquiries and support; where your message relates to taking steps before entering into a contract, Article 6(1)(b) may also apply
To deal with legal claims, enforce rights, or comply with law	Relevant correspondence and logs	Legal obligation or our legitimate interests, depending on the case

Who receives your data

We do not sell your personal data. We do not use third-party advertising or third-party analytics on the website described in this policy. We share website support-form data only where necessary with service providers acting on our behalf, authorities where legally required, and professional advisers where needed for legal or compliance reasons.

Resend email processor

Support-form emails are processed by Resend (Plus Five Five, Inc.) as our processor. Resend is used to transmit, route and process support emails sent through the website. That means Resend may process your email address, message content, email headers/metadata and any attachments included in the support request, to the extent required to deliver and manage that email traffic.

International transfers

Because Resend may store or process customer data in the United States, support emails may be processed outside the EEA. Where personal data is transferred outside the EEA, we rely on a valid transfer mechanism such as an adequacy decision, Standard Contractual Clauses or another valid safeguard. If you ask, we will explain the safeguard relied on for your data.

Retention

We keep personal data only for as long as necessary for the purpose for which it was collected, unless longer retention is required by law or needed for legal claims. Current website retention periods are:

support emails and support-form submissions: normally 12 months after the request is closed;
technical security logs: normally 30-90 days;
data needed for legal claims or compliance: for as long as required by the relevant limitation period or legal obligation.

Security

We apply technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction. If a personal data breach is likely to create a risk to individuals, the controller may need to notify the supervisory authority within 72 hours and, in high-risk cases, also notify affected individuals.

Your rights

Subject to applicable law, you have the right to request access to your data, rectification, erasure, restriction of processing, objection to processing based on legitimate interests, and portability where GDPR applies. If we rely on consent for any processing, you may withdraw that consent at any time without affecting earlier lawful processing. We normally respond without undue delay and within one month.

Cookies statement

This website uses only strictly necessary cookies or similar technical storage, if any, to make the site work, keep it secure, and support basic functionality such as language selection or form/session integrity. We do not use analytics, advertising or social-media tracking cookies on the facts described in this policy. If that changes, we will update this policy and, where required, request consent before activating non-essential cookies.

Complaints

If you think we have handled your personal data unlawfully, we ask that you contact us first at [email protected] so we can try to fix it. You also have the right to lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman, Lintulahdenkuja 4, 00530 Helsinki; P.O. Box 800, 00531 Helsinki, Finland; email tietosuoja(at)om.fi; switchboard +358 (0)29 566 6700.

Changes to this policy

We may update this policy from time to time. The version number and "last updated" date above show the current version.

App

App Privacy Policy

This policy covers the CatchCompass app, backend services, account features, catch diary and sharing features.

Version: 1.0
Last updated: 14 June 2026
Effective date: 14 June 2026
Applies to: CatchCompass app and related backend services

Who is the controller

The controller of personal data processed through the app and backend is Petterik Oy, Business ID FI31027281, registered in Finland. You can contact us at [email protected]. Data Protection Officer: not applicable unless later appointed.

What personal data we process

Depending on the features you use, we process the following categories of personal data:

Account data: email address, login credentials or password hash, account ID, and basic account settings;
Profile data: any display name, avatar or profile information you choose to add;
Catch and fishing data: entries you create, including location, date/time, species, photos, notes and any other catch-related fields used in the product;
AI-assisted feature data: catch photos and limited context you choose to submit for fish detection or diary description suggestions, together with the resulting species suggestion, confidence and generated text;
Shared content and community data: content you choose to share with other users, together with reports, blocks, moderation actions and related correspondence where relevant;
Device and service-operation data: IP address, app version, operating system, device information, timestamps, and technical logs required for service operation, security and troubleshooting;
Support data: messages you send to us and any support correspondence.

Permissions and feature access

If the app asks for access to device location, photos or camera, that access is used only for the feature you choose to use, such as logging a catch location, uploading a catch photo, detecting a fish from a photo or creating a diary entry. Device permissions are separate from GDPR legal basis; this policy explains the underlying purpose and lawful basis.

Why we process your data and our lawful bases

Purpose	Typical data used	Lawful basis
Create and manage your account, authenticate you, and provide the core app service	Account data, profile data	Performance of a contract
Save your catch records and show them back to you across devices	Account data, catch data	Performance of a contract
Provide forecasts, map context, depth data and restriction information for selected fishing spots	Selected location, technical request data, app settings	Performance of a contract for the feature you request; consent or device permission where precise device location is optional
Provide AI-assisted fish detection and diary description suggestions when you choose to use the feature	Catch photo, selected language, optional catch time, place name and weather context	Performance of a contract for the feature you request; consent or device permission where camera, photo-library or precise location access is optional
Let you share content with other users according to your settings	Shared content, profile/account identifiers, catch data	Performance of a contract for the sharing feature you request; where a feature is optional opt-in sharing, consent may also be used for that specific feature
Respond to support requests	Account data, support data	Legitimate interests and, where applicable, steps at your request before or during a contract
Keep the service secure, prevent abuse, moderate content, enforce terms, and investigate reports	Technical data, logs, account data, reports, moderation data	Legitimate interests
Comply with legal obligations and handle legal claims	Relevant records	Legal obligation or legitimate interests, depending on the case

Sharing with other users

If you choose to share a catch entry, photo, note or location, that content becomes visible to the audience selected in the app. Shared content may reveal your behaviour, routines or whereabouts. For that reason, final production settings should be privacy-conscious and easy to understand.

Recipients and processors

We do not sell personal data. On the facts supplied, we do not use third-party advertising or third-party analytics in the app. We disclose personal data only:

to other users where you choose to share content with them;
to processors acting on our behalf;
to AI service providers acting on our behalf where you choose to use AI-assisted fish detection or diary description features;
to authorities, courts or regulators where required by law;
to advisers where reasonably necessary for legal or compliance purposes.

Resend processor details

Support emails are processed for us by Resend (Plus Five Five, Inc.). Resend is used for support-form and support-email handling and may process your support contact details, message content, email headers/metadata and attachments to the extent required to deliver and manage that email traffic.

AI-assisted feature processors

When you choose to use AI-assisted fish detection or diary description suggestions, the app may send your selected catch photo and limited context to an AI service provider acting on our behalf. The feature is optional, and the app should give clear context before sending a photo for online AI analysis.

International transfers

If personal data is processed outside the EEA, we will ensure there is a lawful transfer mechanism under GDPR Chapter V, such as an adequacy decision, Standard Contractual Clauses, or another valid safeguard. This may apply to support processing through Resend and to optional AI-assisted features, depending on the providers configured for the live service.

Retention

We keep data only for as long as necessary for the purposes described above. Current app retention periods are:

Data category	Retention period
Account and profile data	while the account is active, and normally up to 30 days after a deletion request
Catch records and related uploads	while the account is active, until deletion by the user, and normally up to 90 days in backup cycles
Shared content moderation/report records	normally 12-24 months after resolution
Security and technical logs	normally 30-90 days
Support correspondence	normally 12 months after closure
Legal/compliance records	for the period required by law or the applicable limitation period

Security

We use technical and organisational measures designed to protect personal data, taking into account the risk of the processing. This may include access controls, secure transmission, role-based access, logging, backup controls and incident-response procedures, to the extent actually implemented.

Your rights

Subject to applicable law, you may request access, rectification, erasure, restriction, portability, and objection to certain processing. If we rely on consent for an optional feature, you may withdraw that consent at any time. We will normally respond within one month.

Account deletion

If you create an account, you should be able to initiate deletion from within the app and, until a dedicated web deletion page is published, by contacting [email protected]. When feasible, deletion should remove the account and associated personal data that we are not legally required to retain. If some data must be kept for security, fraud-prevention, abuse handling, legal obligations or legal claims, we will explain that in this policy.

Children

The service is not directed to children under 13. If we discover that an account has been created in breach of this rule, we may suspend or delete the account.

Automated decision-making

On the facts supplied, we do not carry out automated decision-making that produces legal or similarly significant effects for users. If that changes, we will update this policy before deploying it.

Complaints

You may contact us first at [email protected]. You also have the right to lodge a complaint with a supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman, Lintulahdenkuja 4, 00530 Helsinki; P.O. Box 800, 00531 Helsinki, Finland; email tietosuoja(at)om.fi; switchboard +358 (0)29 566 6700.

Changes to this policy

We may update this policy from time to time. We will change the version number and date above and, where required, notify users of material changes.