Privacy Policy
Effective July 2, 2026
Fish ID is made by the Fish ID team ("Fish ID", "we"). The app identifies fish species from photos and shows fishing regulations for US states. This policy describes exactly what leaves your phone, what stays on it, and why.
The short version: there are no accounts, no ads, no analytics, and no tracking. Your catch log never leaves your device. The little that does leave your device exists to identify your fish, enforce free-tier limits, and process subscriptions — nothing else.
What we collect and why
Fish photos — species identification
When you scan a fish, the photo is sent to the Fish ID API (a service we run on Cloudflare Workers), which forwards it to Anthropic's Claude API to identify the species. We never store your photos: they are processed in memory, and our server logs deliberately exclude image data. Anthropic processes photos under its commercial API terms, which do not use inputs to train models by default; Anthropic may retain inputs transiently for trust-and-safety purposes.
The photo saved in your catch log stays on your device (see below). The copy sent for identification is not kept anywhere.
Device token — free-tier usage limits
The first time it runs, the app generates a random identifier (a UUID) and stores it on your device. It is sent with identification requests so we can enforce the free tier's scan limits. On our side it is stored (in Cloudflare KV) with your scan count and subscription status. It contains no personal information and is not linked to your name, email, or Apple ID — we don't have those. You can reset it at any time from Profile > Reset app, which generates a fresh token and deletes the old record from our server (the server deletion needs an internet connection — the app tells you if it couldn't reach us).
Purchases — subscriptions
Fish ID Pro is billed by Apple and managed through RevenueCat, our subscription infrastructure provider. RevenueCat receives your App Store receipt and purchase history, an anonymous identifier (backed by Apple's identifier-for-vendor, IDFV), your device model, OS and app version, locale, and — because your device talks to their servers — your IP address. We never see your payment details; Apple handles billing. No advertising identifier (IDFA) is used, and nothing is shared with advertisers.
Location — finding your state's regulations
With your permission, the app uses your coarse location on-device to determine which US state's regulations to show. To turn coordinates into a state name, the app sends them — reduced to roughly 1 km precision — to geocoding services: Apple's geocoder, and OpenStreetMap's Nominatim service. Your coordinates are never stored by Fish ID and are never sent to Fish ID's own servers. Only the resulting state name is kept — and only on your device.
What stays on your device
- Your catch log. Every catch you save, photos included, lives in a local database (SQLite) on your phone. It is never uploaded anywhere.
- Preferences and saved states. Settings, downloaded state regulations, and the state name used for lookups.
Delete the app and this data is deleted with it.
What we do not do
- No accounts. You are never asked to sign up, and we don't hold your name or email unless you write to us.
- No analytics SDKs and no crash-reporting services.
- No ads and no tracking of any kind — no IDFA, no fingerprinting, no cross-app identifiers.
- No selling or sharing of your data. Ever, to anyone, for any purpose.
Third-party processors
These services process data on our behalf, for the purposes described above and nothing more:
- Anthropic — AI species identification. Privacy policy
- RevenueCat — subscription management. Privacy policy
- Apple — App Store billing and geocoding. Privacy policy
- Cloudflare — API hosting and usage-record storage. Privacy policy
- OpenStreetMap Foundation (Nominatim) — coarse geocoding, at reduced precision. Privacy policy
Data retention and deletion
- Photos: never stored by us. Nothing to retain, nothing to delete.
- IP addresses: appear transiently in server logs for abuse prevention and are deleted within 7 days.
- Feedback reports (Report a problem): retained for up to 90 days, then deleted. They do not include your IP address. (Reports submitted before July 2026 included one; each expires automatically within 90 days of its submission.)
- Usage record (device token, scan count, subscription status): kept while your token is active. Profile > Reset app deletes your local data and, while online, the usage record on our server.
If you'd like anything deleted and Reset app doesn't cover it, email us at support@tryfishid.com.
Children
Fish ID is not directed at children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided us personal information, contact us and we will delete it.
Your rights
Because there are no accounts, almost everything Fish ID knows about you is already on your device, under your control. For anything else — access, correction, or deletion — email support@tryfishid.com and we'll handle it.
California residents: we do not sell or share personal information as defined by the CCPA/CPRA, and we honor access and deletion requests as described above.
EEA and UK residents: we process the minimal data described here to provide the service (performance of a contract) and to prevent abuse (legitimate interests). You have the right to access, correct, delete, or object to the processing of your data, and to lodge a complaint with your supervisory authority.
Changes
If this policy changes, we'll post the update here with a new effective date. If a change meaningfully affects what leaves your device, we'll say so in the app, plainly.