Last updated: 2026-04-20 Effective: 2026-04-20
Linkan Labs ("we", "us", "FishRadar"), a company registered in Türkiye, is the data controller for personal data processed through the FishRadar mobile application. This policy explains what data we collect, why, how we protect it, and what rights you have.
Contact / Data Protection Officer (DPO): privacy@fishradar.ai Postal address: [Company address once registered] VERBİS ID: [To be filled after KVKK registration crossing 100k-record threshold]
| Category | Examples | Lawful basis (GDPR Art. 6 / KVKK Art. 5–6) |
|---|---|---|
| Account data | email, Firebase UID, password hash (handled by Firebase Auth, never seen by us) | Contract performance |
| Location data | GPS coordinates, optionally in background | Explicit consent |
| GPS-derived country code | ISO 3166 alpha-2 country code reverse-geocoded from your first GPS fix | Legitimate interest (GDPR Art. 6(1)(f)) / Explicit consent (KVKK Art. 9) — used to surface region-appropriate fishing regulations, localize push notification timing, and route requests to the closest data centre. Never used for advertising. Stored only on your account profile; deleted on account deletion. |
| User UI locale | BCP 47 locale tag (e.g. en, tr, pt-BR) |
Contract performance — used to render the app and push notifications in your chosen language. |
| Local timezone offset | Minutes from UTC reported by the device | Contract performance — used to schedule personalized push notifications at the correct local hour. |
| Catch logs | species, weight, length, lat/lon, photo, notes, timestamp | Explicit consent |
| Subscription data | RevenueCat user ID, entitlement status, purchase tokens | Contract performance |
| Diagnostic data | crash logs, device model, OS version, anonymized via Sentry | Legitimate interest |
| Device permissions metadata | photo-library / camera grant state, notification token | Contract performance |
We do not collect: contacts, browsing history, advertising identifiers (IDFA/AAID), biometrics, health data, financial-instrument data (payments are handled by Apple/Google — we never see card numbers).
We do not sell or share personal data for cross-context behavioral advertising (CCPA/CPRA compliant). We do not use your data to train machine-learning models without explicit separate consent.
| Sub-processor | Role | Data received | Region | Transfer mechanism |
|---|---|---|---|---|
| Google Firebase (Authentication, Firestore, Cloud Storage) | Account management, catch storage, photo hosting | Email, UID, catch data, photos | US / EU | GDPR SCCs + EU-US DPF |
| RevenueCat Inc. | Subscription receipt validation | Firebase UID, purchase tokens, email | US | GDPR SCCs |
| Sentry | Crash and error monitoring | Anonymized crash traces, device model | EU region | EU processing |
| Open-Meteo, NASA GIBS, Copernicus Marine, Stormglass | Marine/weather data lookups | Lat/lon coordinates only (no PII) | EU / US | N/A |
| Apple / Google | Native map rendering, geocoding | Lat/lon coordinates | US | GDPR SCCs |
| Nominatim (OpenStreetMap) — server-side fallback only | Reverse geocoding | Lat/lon coordinates | EU | N/A |
Data Processing Agreements (DPAs) are in place with all sub-processors. Copies available on request.
Your data may be processed in the United States or the European Union under Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework. For Turkish users, we may transfer data to the US (Firebase, RevenueCat) based on your explicit consent (KVKK Art. 9) or under approved transfer mechanisms.
Under GDPR (EU/UK), KVKK (Türkiye), and CCPA/CPRA (California), you have the right to:
Exercise these rights in-app via Settings → Privacy & Data:
California residents: Under CCPA/CPRA you have the right to know, delete, correct, and opt-out of sale/sharing. FishRadar does not sell or share personal information. Use the Do Not Sell or Share link in Settings to record this preference.
FishRadar is not directed at children under 16 (in EU/Türkiye) or under 13 (in the US/UK). We do not knowingly collect data from children. Parents who believe their child has provided data should contact privacy@fishradar.ai for immediate deletion.
We will notify you in-app at least 14 days before any material change takes effect. Continued use after the effective date constitutes acceptance.
FishRadar is a product of Linkan Labs. For a Turkish-language version (Aydınlatma Metni) see privacy-policy.tr.md.