Privacy Policy — akFISHinfo

1 — Who We Are

akFISHinfo is a commercial salmon opening alert service operated by Oliver Nessel ("we," "us," or "our"), a sole proprietor based in Fairbanks, Alaska. This Privacy Policy explains how we collect, use, and share information about you when you use the akFISHinfo service ("Service").

If you have questions about this policy or your data, contact us at [email protected].

2 — Information We Collect

Information you provide directly:

Data	Why we collect it
Email address	Account creation, email verification, account emails
Name	Display and account identification
Password (hashed)	Authentication — plaintext password is never stored or transmitted
Phone number	Trial eligibility verification (one trial per number). Used for SMS alerts where applicable; the mobile app uses push notifications instead.
Telegram chat ID and username	Optional. If you link a Telegram account on the web, we store your chat ID to deliver opening alerts via Telegram.
Subscription / billing information	Access control and plan management. Credit card data is handled entirely by Stripe — we store only a Stripe customer ID and subscription ID, not card numbers.

Information collected when you use the mobile app:

Data	Why we collect it
Push notification token (device token)	Required to deliver opening alerts to your device via Apple Push Notification service (iOS) or Firebase Cloud Messaging (Android). Tokens are deleted when you sign out or delete your account.
Apple user ID (Sign in with Apple)	If you sign in with Apple, we store an opaque identifier (`sub` claim) that Apple provides. This is not your Apple ID. If you choose Hide My Email, we receive only Apple's private relay address.
Location (boundary alerts only)	If you enable the optional boundary-crossing alert feature, the app reads your location on-device only to detect when you cross out of an active opening. Coordinates are never transmitted to our servers or any third party.
Crash and error diagnostics	We send anonymized crash reports and error traces to Sentry to fix bugs. Personally identifying data is stripped from these reports (`sendDefaultPii: false`).

Information collected automatically:

Like most web services, our server infrastructure automatically collects certain technical information when you access the Service, which may include your IP address, browser type, and pages or features accessed. This information is used to operate and debug the Service and is not linked to your identity for marketing purposes. Railway retains infrastructure logs for 30 days.

Information from third parties:

If you sign in using Google OAuth, we receive your name and email address from Google as part of the authentication flow. We do not receive your Google password. If you use Sign in with Apple, we receive a stable opaque user ID from Apple and, on first sign-in, your name and email (or Apple's private relay address if you choose Hide My Email).

The mobile app does not use any third-party analytics, advertising SDKs, or tracking frameworks. We do not read your IDFA. No App Tracking Transparency prompt is shown because we do not track you across other apps or websites.

3 — How We Use Your Information

We use the information we collect to:

(a) deliver SMS opening alerts to your registered phone number via Twilio;
(b) create and manage your account, including authentication and session management;
(c) send transactional emails — account verification, password reset, and billing notices — via Mailgun;
(d) process subscription payments via Stripe;
(e) enforce trial and access controls (one trial per phone number);
(f) operate, maintain, and improve the Service;
(g) respond to support requests and communications.

We do not sell your personal information to third parties. We do not use your information for advertising or behavioral tracking.

4 — Third-Party Service Providers

We share your information only with the service providers necessary to operate the Service. Each provider is listed below with a description of what we share and a link to their own privacy policy.

Stripe

Payment processing. We share your name and email with Stripe; Stripe handles all card data directly and is PCI-compliant. We store only your Stripe customer and subscription IDs.
stripe.com/privacy

Twilio

SMS alert delivery. We share your phone number and alert message text with Twilio to deliver opening notifications.
twilio.com/legal/privacy

Mailgun

Transactional email delivery (account verification, billing notices) and inbound email receipt of ADF&G announcements. We share your email address with Mailgun for delivery of account emails.
mailgun.com/privacy-policy

Google

OAuth sign-in (web) and Firebase Cloud Messaging push delivery (Android app). If you use "Sign in with Google," your name and email are shared with Google as part of the authentication flow. If you receive push notifications on Android, Google routes the message text through FCM to your device.
policies.google.com/privacy

Apple

Sign in with Apple (iOS app) and Apple Push Notification service (iOS push delivery). On Sign in with Apple, Apple shares a stable opaque user ID and, on first sign-in, your name and email or a private relay address. APNs routes opening-alert messages from our server to your iPhone.
apple.com/legal/privacy

Sentry

Crash and error monitoring. We send anonymized error traces (stack frames, error message, app version) so we can fix bugs. We do not attach your email, name, or any account identifiers to these reports.
sentry.io/privacy

Anthropic

AI-assisted parsing of ADF&G announcements. The text content of ADF&G PDF announcements is processed by Anthropic's API to extract district and opening information. No user personal data is sent to Anthropic.
anthropic.com/privacy

Railway

Application hosting and database infrastructure. All server-side data — including your account information and the Postgres database — is stored on Railway's infrastructure.
railway.app/legal/privacy

CARTO / OSM

Map tile delivery. When you view the district map, your browser requests map tiles from CARTO, which may log your IP address as part of standard CDN operation. Map data is sourced from OpenStreetMap contributors.
carto.com/privacy

5 — Data Retention

Account data (name, email, phone, subscription status) is retained for as long as your account is active. Upon a valid deletion request, we will delete your account data within 30 days.

SMS delivery log (phone number, message text, timestamp, delivery status) is retained for 90 days for audit and debugging purposes, then deleted.

Session data expires at the end of your browser session, or within 30 days if you selected "Stay signed in."

Server infrastructure logs are retained by Railway for 30 days, per Railway's log retention policy.

6 — Your Rights

Access your data. Your account page shows the name, email, and phone number currently on file. You may update this information at any time.

Delete your account. You can permanently delete your akFISHinfo account at any time from your Account page → Delete Account. Deletion cancels any active subscription, removes your push notification tokens, and anonymizes your record so that the email address you used is freed up for future re-registration. If you cannot reach the in-app delete button for any reason, email [email protected] with the subject "Delete my account" and we will complete deletion within 30 days.

Opt out of push notifications. You can disable push notifications for akFISHinfo at any time from your device's Settings app (iOS: Settings → Notifications → akFISHinfo; Android: Settings → Apps → akFISHinfo → Notifications). Disabling notifications does not affect your subscription.

Opt out of SMS or Telegram. SMS alerts are only sent to active paid subscribers or users in a free trial; canceling your subscription stops all SMS delivery. You may also text STOP to our Twilio number at any time to opt out. Telegram alerts can be disabled by unlinking your Telegram chat from the Account page.

California residents (CCPA). California residents have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at [email protected].

7 — Cookies

We use one session cookie (connect.sid) to manage your login session. This cookie is strictly necessary for authentication and cannot be disabled while using the Service. It does not track you across other websites.

We do not use advertising cookies, behavioral tracking cookies, or any third-party analytics cookies. The map tile provider (CARTO) may set cookies in your browser as part of tile delivery; refer to CARTO's privacy policy for details.

8 — Security

We take reasonable technical measures to protect your information:

Passwords are stored as scrypt hashes. Plaintext passwords are never stored or transmitted.

Payment data is handled entirely by Stripe, a PCI-compliant payment processor. We never receive or store credit card numbers.

Database connections are encrypted. The database is hosted on Railway's infrastructure.

HTTPS is enforced in production.

No security measure is perfect. In the event of a data breach affecting your personal information, we will notify affected users as required by applicable law.

9 — Children's Privacy

The Service is not directed at individuals under 18 years of age, and we do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us at [email protected] and we will delete it promptly.

10 — Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. For material changes, we will send a notice to the email address on file for registered users. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy.

11 — Contact

For privacy-related inquiries, data access or deletion requests, or any other questions about this policy:

akFISHinfo
Oliver Nessel
1274 Deer Valley Rd, Fairbanks, AK 99709
[email protected]