Privacy Policy for Fiskeappen
Last updated: 4 June 2026
This privacy policy explains how Emil Ayoub processes personal data when you use Fiskeappen (fiskeappen.dk). We process your data in accordance with the General Data Protection Regulation (GDPR) and applicable Danish data-protection law.
Fiskeappen is a logbook for recreational fishing. You create an account, record your trips and catches, and can invite friends as members on a trip. This policy covers exactly what we actually process — no more, no less.
1. Data controller
Emil Ayoub Hjørringgade 21, 2. tv. 2100 Copenhagen Ø, Denmark Email: emil.klit@gmail.com Phone: +45 53 54 09 97
Questions about how we process your personal data should be sent to emil.klit@gmail.com.
2. What data we process
We collect only what we need to run the app.
Account data - Email address (used to sign in and as a unique identifier) - Password — stored only as a bcrypt hash, never in plain text - Display name (optional) - Language preference (Danish or English) - Account creation timestamp
Your trips and catches - Date, start time, end time - Location name, and — if chosen from a geocoder suggestion — coordinates (latitude/longitude) - Water body type (lake, river, sea, etc.) and the trip's time zone - Free-text notes you write yourself - Weather snapshot for the trip (temperature, wind, precipitation, sunrise/sunset, etc.), fetched from Open-Meteo - For each catch: species, count, length, weight, lure type/name/colour, technique, depth, time of catch, whether the fish was released, an optional photo (we automatically remove embedded metadata such as GPS coordinates, camera model, and capture timestamp on upload), and free-text notes
Social relationships inside the app - Friend requests and friendships: who sent, who received, status, timestamp - Your membership of other people's trips, when you've been invited as an additional angler
Technical data - A signed session cookie, set on login, with a lifetime of up to 30 days - Standard server access logs at our hosting provider (IP address, timestamp, requested path). Kept for up to 30 days for operational and security purposes.
What we don't collect The app uses no analytics tools, tracking, advertising networks, or AI image recognition. We send no newsletters, push notifications, or marketing, and we accept no payments.
3. Purposes of processing
We process your data for the following purposes:
- To create and maintain your user account and keep you signed in.
- To store your logbook, photos, notes, and personal settings.
- To fetch weather data and coordinates for the locations you enter, via Open-Meteo.
- To show your trips to the friends you invite as additional anglers.
- To keep the app running securely and prevent misuse.
4. Legal basis
- Performance of a contract (GDPR Art. 6(1)(b)): Login, logbook, friends feature, and trip-member feature are core functions you ask us to perform when you create an account.
- Legitimate interests (GDPR Art. 6(1)(f)): Server access logs and security measures to prevent misuse. We have assessed that our interest in running the service securely does not outweigh your rights and freedoms.
The current version of the app does not process any data on the basis of consent, because we run no marketing, analytics, or other consent-requiring features.
5. Sharing of data
We do not sell your personal data. We only share it in the following situations:
- Open-Meteo (weather and geocoding): When you search for a location, we send your search text to Open-Meteo's geocoding service. When you save a trip or refresh the weather for one, we send the trip's coordinates and date to Open-Meteo's weather service. Open-Meteo receives no name, email, or user ID from us — only the request itself. Open-Meteo's servers are located in Germany.
- Resend (transactional email): When you request a password reset, we send your email address, the subject line, and the reset link to Resend (resend.com), our email-sending provider. Resend processes this on our behalf under a data processing agreement. Resend's servers are located in the EU (Ireland). We use Resend only for transactional messages (e.g. account recovery) — never for marketing.
- Friends you invite: If you add another user as a member of a trip, they can see the trip's details (location, weather, catches) along with your display name and email address on the trip detail page. You can remove them at any time by editing the trip.
- Hetzner Cloud (hosting): Our hosting provider operates the server, database, and file storage on our behalf under a data processing agreement. Servers are located in the EU (Germany or Finland).
- Public authorities: Where we are legally required to disclose data.
Domain and DNS: The fiskeappen.dk domain is registered with Simply.com (a Danish registrar) and administered by Punktum.dk (the Danish .dk registry). These services handle the domain's registration and DNS records but have no access to user data from the app.
Development tooling: The app was built with the help of an AI coding assistant (Anthropic Claude). During development the assistant had access to the app's source code, configuration files, and the data controller's own contact details — but at no point did it have access to user-submitted data such as accounts, trips, catches, photos, or friendships. Anthropic is not a data processor in this context.
We use no analytics tools, third-party tracking, or marketing pixels.
6. Hosting and storage in the EU
The app and its database are hosted at Hetzner Cloud in an EU data centre (Germany or Finland).
We do not transfer personal data to countries outside the EU/EEA. Open-Meteo — the only external service we use — is likewise hosted in the EU (Germany).
Encrypted database backups are taken for operational reasons and retained for up to 7 days before automatic overwrite. When you delete your account, your data is immediately removed from the live system; any copies in backups are gone within the 7-day backup window.
7. Cookies
The app uses one cookie:
- Session cookie: set on login, signed with a server secret, with a lifetime of up to 30 days. It is required to keep you signed in and cannot be opted out of while using the app.
We use no analytics, marketing, or third-party cookies.
8. Retention and deletion
| Type of data | Retention |
|---|---|
| User profile, trips, catches, photos, friendships | Until you delete them or your whole account |
| Server access logs | Up to 30 days |
| Database backups | Up to 7 days |
You can at any time:
- Edit or delete individual trips and catches directly in the app.
- Delete your account under Settings → Delete your profile. Deletion immediately removes your profile, all your trips and catches (including photo files), your friendships, and your membership of other people's trips. Species you contributed to the shared species list are kept (other users may have logged catches against them) but are no longer attributed to you.
9. Security
We use the following technical and organisational measures:
- Passwords are stored only as bcrypt hashes — at no point do we have access to your plain password.
- Login sessions are handled via signed cookies.
- Traffic between your browser and the server is encrypted with HTTPS (TLS).
- Hosting is with an EU provider with industry-standard physical and logical access controls.
- The database is only accessible to the operators.
- We keep the app's dependencies up to date to close known vulnerabilities.
10. Your rights
Under GDPR you have the following rights, among others. Where possible, the right is built directly into the app:
- Access and portability — under Settings → Download my data you can download a full JSON copy of your account, all your trips, catches, and friendships.
- Rectification — under Settings → Profile you can change your display name and language preference. You can edit all your trips and catches in the app.
- Erasure — under Settings → Delete your profile you can permanently delete your account and all associated content.
- Restriction — you can ask us to temporarily stop processing your data while a dispute or correction is being resolved. Contact emil.klit@gmail.com.
- Right to object — you can object to processing based on our legitimate interest (in this app: server and security logs). When you object, we assess whether our grounds for the processing outweigh your rights. Contact emil.klit@gmail.com.
- Withdrawal of consent — applies only where processing is based on consent. The current version of the app has no consent-based processing.
- Complaint to the supervisory authority — see section 13.
We respond to requests without undue delay and, in general, within one month.
11. Children
Fiskeappen is not intended for children under 15 years old. If we become aware that an account has been created by someone under 15 without the necessary parental consent, we delete the account and its data without undue delay.
12. Changes to this policy
We may update this policy if the app, our processing, or the law changes. For material changes we will notify you via email and/or a visible message in the app before the changes take effect.
The current version is always available at https://fiskeappen.dk/privacy.
13. Complaint to the supervisory authority
We encourage you to contact us first at emil.klit@gmail.com so we can try to resolve any issues.
You also have the right to lodge a complaint directly with the Danish Data Protection Agency:
Datatilsynet Carl Jacobsens Vej 35 2500 Valby, Denmark www.datatilsynet.dk
If you live in another EU/EEA country, you may also lodge a complaint with your local data protection authority.