EN DA
You're offline. Trips will save, but weather will be fetched the next time you're online.

Privacy Policy for Fiskeappen

Last updated: 3 June 2026

This privacy policy explains how Emil Ayoub processes personal data when you use Fiskeappen (fiskeappen.dk). We process your data in accordance with the General Data Protection Regulation (GDPR) and applicable Danish data-protection law.

Fiskeappen is a logbook for recreational fishing. You create an account, record your trips and catches, and can invite friends as members on a trip. This policy covers exactly what we actually process — no more, no less.

1. Data controller

Emil Ayoub Hjørringgade 21, 2. tv. 2100 Copenhagen Ø, Denmark Email: emil.klit@gmail.com Phone: +45 53 54 09 97

Questions about how we process your personal data should be sent to emil.klit@gmail.com.

2. What data we process

We collect only what we need to run the app.

Account data - Email address (used to sign in and as a unique identifier) - Password — stored only as a bcrypt hash, never in plain text - Display name (optional) - Language preference (Danish or English) - Account creation timestamp

Your trips and catches - Date, start time, end time - Location name, and — if chosen from a geocoder suggestion — coordinates (latitude/longitude) - Water body type (lake, river, sea, etc.) and the trip's time zone - Free-text notes you write yourself - Weather snapshot for the trip (temperature, wind, precipitation, sunrise/sunset, etc.), fetched from Open-Meteo - For each catch: species, count, length, weight, lure type/name/colour, technique, depth, time of catch, whether the fish was released, an optional photo (including any EXIF metadata embedded in the original file), and free-text notes

Social relationships inside the app - Friend requests and friendships: who sent, who received, status, timestamp - Your membership of other people's trips, when you've been invited as an additional angler

Technical data - A signed session cookie, set on login, with a lifetime of up to 30 days - Standard server access logs at our hosting provider (IP address, timestamp, requested path). Kept for up to 30 days for operational and security purposes.

What we don't collect The app uses no analytics tools, tracking, advertising networks, or AI image recognition. We send no newsletters, push notifications, or marketing, and we accept no payments.

3. Purposes of processing

We process your data for the following purposes:

  1. To create and maintain your user account and keep you signed in.
  2. To store your logbook, photos, notes, and personal settings.
  3. To fetch weather data and coordinates for the locations you enter, via Open-Meteo.
  4. To show your trips to the friends you invite as additional anglers.
  5. To keep the app running securely and prevent misuse.

4. Legal basis

  • Performance of a contract (GDPR Art. 6(1)(b)): Login, logbook, friends feature, and trip-member feature are core functions you ask us to perform when you create an account.
  • Legitimate interests (GDPR Art. 6(1)(f)): Server access logs and security measures to prevent misuse. We have assessed that our interest in running the service securely does not outweigh your rights and freedoms.

The current version of the app does not process any data on the basis of consent, because we run no marketing, analytics, or other consent-requiring features.

5. Sharing of data

We do not sell your personal data. We only share it in the following situations:

  • Open-Meteo (weather and geocoding): When you search for a location, we send your search text to Open-Meteo's geocoding service. When you save a trip or refresh the weather for one, we send the trip's coordinates and date to Open-Meteo's weather service. Open-Meteo receives no name, email, or user ID from us — only the request itself. Open-Meteo's servers are located in Germany.
  • Friends you invite: If you add another user as a member of a trip, they can see the trip's details (location, weather, catches) along with your display name and email address on the trip detail page. You can remove them at any time by editing the trip.
  • Our EU hosting provider: Processes data on our behalf under a data processing agreement.
  • Public authorities: Where we are legally required to disclose data.

We use no analytics tools, third-party tracking, or marketing pixels.

6. Hosting and storage in the EU

The app and its database are hosted at Hetzner Cloud in an EU data centre (Germany or Finland).

We do not transfer personal data to countries outside the EU/EEA. Open-Meteo — the only external service we use — is likewise hosted in the EU (Germany).

Encrypted database backups are taken for operational reasons and retained for up to 30 days before automatic overwrite. When you delete your account, your data is immediately removed from the live system; any copies in backups are gone within the 30-day backup window.

7. Cookies

The app uses one cookie:

  • Session cookie: set on login, signed with a server secret, with a lifetime of up to 30 days. It is required to keep you signed in and cannot be opted out of while using the app.

We use no analytics, marketing, or third-party cookies.

8. Retention and deletion

Type of data Retention
User profile, trips, catches, photos, friendships Until you delete them or your whole account
Server access logs Up to 30 days
Database backups Up to 30 days

You can at any time:

  • Edit or delete individual trips and catches directly in the app.
  • Delete your account under Settings → Delete your profile. Deletion immediately removes your profile, all your trips and catches (including photo files), your friendships, and your membership of other people's trips. Species you contributed to the shared species list are kept (other users may have logged catches against them) but are no longer attributed to you.

9. Security

We use the following technical and organisational measures:

  • Passwords are stored only as bcrypt hashes — at no point do we have access to your plain password.
  • Login sessions are handled via signed cookies.
  • Traffic between your browser and the server is encrypted with HTTPS (TLS).
  • Hosting is with an EU provider with industry-standard physical and logical access controls.
  • The database is only accessible to the operators.
  • We keep the app's dependencies up to date to close known vulnerabilities.

10. Your rights

Under GDPR you have the following rights, among others. Where possible, the right is built directly into the app:

  • Access and portability — under Settings → Download my data you can download a full JSON copy of your account, all your trips, catches, and friendships.
  • Rectification — under Settings → Profile you can change your display name and language preference. You can edit all your trips and catches in the app.
  • Erasure — under Settings → Delete your profile you can permanently delete your account and all associated content.
  • Restriction and objection — contact us at emil.klit@gmail.com.
  • Withdrawal of consent — applies only where processing is based on consent. The current version of the app has no consent-based processing.
  • Complaint to the supervisory authority — see section 13.

We respond to requests without undue delay and, in general, within one month.

11. Children

Fiskeappen is not intended for children under 15 years old. If we become aware that an account has been created by someone under 15 without the necessary parental consent, we delete the account and its data without undue delay.

12. Changes to this policy

We may update this policy if the app, our processing, or the law changes. For material changes we will notify you via email and/or a visible message in the app before the changes take effect.

The current version is always available at https://fiskeappen.dk/privacy.

13. Complaint to the supervisory authority

We encourage you to contact us first at emil.klit@gmail.com so we can try to resolve any issues.

You also have the right to lodge a complaint directly with the Danish Data Protection Agency:

Datatilsynet Carl Jacobsens Vej 35 2500 Valby, Denmark www.datatilsynet.dk

If you live in another EU/EEA country, you may also lodge a complaint with your local data protection authority.