Last updated: 2026-05-20
CatchTrove ("we", "the service") is a personal fishing log run by Tomislav Leljak as a solo project. This policy explains what data we collect, why, and the rights you have over it. Plain language first; the legal terms (GDPR controller, lawful basis, etc.) are referenced where they matter.
CatchTrove is operated by Tomislav Leljak, based in Croatia. For privacy questions, write to hello@catchtrove.com. There is no separate data protection officer — the operator is the controller for GDPR purposes.
When you sign in with Google, we receive your email, your Google display name, and your profile picture URL. We store these so the app can show your name and avatar in the header. When you log a catch, we store: species, weight, date/time, location (latitude/longitude — only if you explicitly capture it), notes, and which fishing session it belongs to. When you start a session, we store: technique, optional session name, optional notes, start and end timestamps. We do not run analytics, fingerprinting, or behavioural tracking in v1. We do not collect IP address logs beyond what Cloudflare retains at the network layer for abuse protection.
Solely to operate the app for you: showing your catches, sessions, and profile back to you when you're signed in. We do not sell, share, rent, or feed any of it to advertisers. We do not train AI models on your data.
Processing your account data and your catches is necessary to provide the service you signed up for — GDPR Article 6(1)(b), performance of a contract. Network-layer security logs (Cloudflare) rely on legitimate interest in keeping the service available — Article 6(1)(f).
Supabase, EU region (Ireland). Database and authentication are inside the EU. The frontend is served from Cloudflare's global edge but data fetches always go back to Supabase EU. No data is transferred to the US under standard practice.
Google — sign-in only. We receive your email/name/photo when you authenticate; Google never sees your catches. Supabase — database and authentication hosting. Their privacy policy at supabase.com/privacy. Cloudflare — DNS, CDN, Workers hosting, and email forwarding from hello@catchtrove.com. Their policy at cloudflare.com/privacypolicy. MapTiler — basemap tiles. They receive map-tile requests (which include rough viewport coordinates) when you view a map. Their policy at maptiler.com/privacy. We have no advertising or analytics processors in v1.
We set two kinds of cookies, both essential to the app: • Authentication cookies issued by Supabase Auth when you sign in — these keep you logged in. • A NEXT_LOCALE cookie so the site remembers your language choice. No analytics, advertising, or tracking cookies are set. Because every cookie we set is strictly necessary to operate the service, we do not show a cookie consent banner under the ePrivacy Directive.
For as long as your account exists. When you click "Delete my account" in your Account page, the auth.users row is deleted, which cascades to delete your profile, all your catches, and all your sessions. We do not keep deleted-account backups. Operational backups Supabase keeps at the platform level (point-in-time recovery) age out within a small number of days.
Under GDPR you have the right to access, correct, port, restrict, object to processing, and delete your data. The Account page gives you self-service for the two you'd actually use: see what we have on you (email + name + your catches) and delete everything. For any other request, email hello@catchtrove.com and we'll respond within a reasonable time. You can also lodge a complaint with the Croatian data protection authority (AZOP) at azop.hr.
CatchTrove is not directed at children. You must be at least 16 years old to use the service. We don't actively verify age at sign-up, but if we learn we're holding data belonging to someone under 16 we will delete the account.
When we materially change how we collect or use data, we'll update the date at the top and surface a notification in the app the next time you sign in. Minor wording fixes won't trigger a notice.
Privacy questions, data requests, or anything else: hello@catchtrove.com.