fishroom.io

Privacy Policy

Last updated: May 14, 2026

Introduction

FishRoom (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use the FishRoom mobile application, how we use it, who we share it with, and the rights you have over your data.

By creating an account or using FishRoom, you agree to the practices described in this policy.

Information We Collect

We collect the following categories of information:

Account Information. When you create an account, we collect your email address and a password. Passwords are stored as hashed, salted values — we cannot see your actual password.

Profile Information. Information you choose to provide on your public profile, including your username, display name, biography, country of residence, and profile photo. This information is visible to other FishRoom users.

Tank and Aquarium Data. Information you voluntarily enter about your aquariums — tank details, water parameters, fish, plants, invertebrates, equipment, maintenance tasks, journal entries, and photos. By default this data is private to your account.

Public Content. When you post in the Lounge, comment on others’ posts, follow other users, like content, or otherwise interact with the community features, that content (including any attached photos and your associated profile information) becomes visible to other FishRoom users. Public posts may be visible to all app users.

Lens (AI Identification) Data. When you use the Lens feature, photos you submit are sent to a third-party AI service for species identification. These photos are not retained by us beyond the immediate processing window, though our AI provider may retain them in accordance with their own privacy policy and data retention practices.

Feedback and Bug Reports. Any feedback, bug reports, or suggestions you submit through the app, including any photos or screenshots you attach.

Device and Diagnostic Information. Basic information about your device (operating system version, app version, device model) and crash/error reports generated when something goes wrong in the app. This data is collected automatically for the purpose of diagnosing technical issues.

Usage Data. Basic information about how you interact with the app — login timestamps, sessions, and feature usage — collected for the purpose of maintaining your account and improving the service.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and secure the FishRoom service
  • Store, sync, and back up your aquarium data across devices and sessions
  • Enable community features (Lounge, comments, follows, profiles)
  • Identify species via the Lens feature
  • Diagnose and fix technical issues, including crash reporting
  • Communicate with you about your account and respond to your inquiries
  • Improve the app based on aggregated usage patterns and user feedback

We do not use your data for advertising. We do not sell your data. We do not share your data with advertisers or data brokers.

Third-Party Services

To deliver the FishRoom service, we share data with the following third-party processors, each of whom is contractually obligated to handle your data securely:

Supabase (cloud infrastructure provider): Stores your account data, tank data, photos, posts, and other application data. Data is stored on Supabase’s servers with encryption at rest and in transit. Read Supabase’s privacy policy at https://supabase.com/privacy.

Sentry (error tracking): Receives anonymized error and crash reports to help us diagnose technical issues. May include device information, app state at time of error, and limited contextual data. Sentry’s privacy policy is available at https://sentry.io/privacy/.

[AI provider for Lens] (species identification): Receives photos you submit through the Lens feature for AI-based species identification. This feature is provided by OpenAI, their privacy policy is at https://openai.com/policies/row-privacy-policy/.

We will update this section if we add or change third-party processors.

How Your Data Is Stored and Secured

Your data is stored on servers operated by our third-party processors (primarily Supabase). All data transmission between the app and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using industry-standard encryption.

We implement technical and organizational measures to protect your data, including:

  • Encrypted storage and transmission
  • Authentication and access controls on backend systems
  • Regular security reviews of our codebase
  • Restricted database-level row security so users can only access their own data

No system is perfectly secure. While we work to protect your information, we cannot guarantee absolute security.

Public vs. Private Data

It’s important to understand which data is public and which is private:

Private (only visible to you): Your account email, your tank data, your water parameters, your private journal entries, your photos that haven’t been posted to the Lounge.

Public (visible to other users): Your username, display name, biography, country, profile photo, posts you make in the Lounge, comments you write, and any photos you choose to attach to those public posts. Other users can see, screenshot, or reference public content.

We do not control how other users use public content. Be thoughtful about what you share publicly.

Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated data
  • Data Portability: Export your data in a machine-readable format
  • Withdraw Consent: Withdraw any consent you’ve previously given for data processing

Account deletion is available in the app: Go to Settings → Account → Delete Account. This permanently removes your account, posts, tanks, photos, and associated data within 30 days. Some data may persist longer in encrypted backups, which are rotated within 90 days.

For other requests, contact us at the email address below.

Data Retention

  • Active accounts: We retain your data for as long as your account is active.
  • Deleted accounts: When you delete your account, we remove your data within 30 days, except for data we are legally required to retain.
  • Backups: Encrypted backups are retained for up to 90 days and then permanently deleted.
  • Public posts: When you delete a post, it is removed from public view immediately. Copies stored in caches or by other users (e.g., screenshots) are outside our control.

Region-Specific Rights

If you are in the European Economic Area, United Kingdom, or Switzerland (GDPR/UK GDPR):

Our legal basis for processing your data is the performance of our contract with you (providing the FishRoom service) and our legitimate interest in operating, maintaining, and improving the service. For optional features, we rely on your consent.

You have the right to lodge a complaint with your local supervisory authority if you believe your rights have been violated.

We do not have an established business presence in the EU. If we process data of EU users at sufficient scale, we will appoint an EU representative as required by Article 27 of the GDPR.

If you are in California (CCPA/CPRA):

You have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to opt out of sale or sharing (we do not sell or share for cross-context behavioral advertising), and the right to non-discrimination for exercising these rights.

We do not sell personal information.

To exercise California rights, contact us at the email address below.

Children’s Privacy

FishRoom is not directed at children. We do not knowingly collect personal information from:

  • Children under 13 (per the US Children’s Online Privacy Protection Act / COPPA)
  • Children under 16 in the European Economic Area, except where applicable law permits a lower age with parental consent

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will take steps to delete that information.

Cookies and Tracking

FishRoom is a mobile app and does not use browser cookies. We do not use advertising identifiers, third-party analytics SDKs, tracking pixels, or cross-app behavioral tracking. We do not participate in advertising networks.

International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States, where our third-party processors operate. By using FishRoom, you consent to the transfer of your data to those countries, which may have different data protection laws than your own.

For transfers from the EEA/UK/Switzerland to other jurisdictions, our processors rely on Standard Contractual Clauses approved by the European Commission, where applicable.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you within the app or by email. The “Last updated” date at the top of this policy reflects the most recent revision. Continued use of the app after changes means you accept the updated policy.

Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or have any data-related concerns, please contact us at:

legal@fishroom.io

Or via the in-app feedback feature.

We aim to respond to all requests within 30 days.