Privacy Policy

1. Who We Are

ReefCast AI (“we”, “us”, or “our”) operates the ReefCast AI fishing companion platform from Cairns, Queensland, Australia. We are the entity responsible for the personal information collected through our website and application (collectively, the “Service”).

Contact us at: [email protected]

2. Information We Collect

We collect personal information that you provide directly, that is generated through your use of the Service, and that we receive from third parties.

2.1 Account Information

When you register for an account we collect:

• Username (chosen by you)
• Email address
• Display name (optional)
• Password (stored as a secure hash — we never store your plain-text password)
• Experience level (beginner, intermediate, advanced — optional)

2.2 Fishing Activity Data

When you use core features of the Service we collect data you enter, including:

• Catch records: species, size, weight, method, bait, tackle, date and time
• GPS coordinates and location names for catches and fishing spots (waypoints)
• Boat details: name, registration, make, model, engine information
• Service records and maintenance reminders for your boats
• Trip plans: destination, dates, crew, estimated costs
• Photos of catches uploaded via the Service
• Notes and free-text entries you provide

2.3 AI Interaction Data

When you use our AI Assistant features we collect:

• Queries and prompts you submit to the AI
• Location coordinates submitted for fishing recommendations
• Species, experience level, and method preferences used in AI queries

AI queries are processed by Anthropic (see Section 5). We do not share your personal account details with Anthropic; only anonymised query content and location data necessary for the recommendation are transmitted.

2.4 Payment Information

Subscription payments are processed by Stripe, Inc. We do not collect or store your full credit card number, CVV, or bank account details. We receive from Stripe a tokenised reference to your payment method, your subscription status, plan, and billing history. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.

2.5 Technical and Usage Data

When you use the Service we automatically collect:

• Device type, operating system, and browser type
• IP address
• Pages visited, features used, and time spent on the Service
• Error logs and crash reports
• Authentication tokens stored in your browser's local storage

3. How We Use Your Information

We use the information we collect to:

• Provide and operate the Service, including storing and displaying your catch logs, waypoints, and trip plans
• Authenticate your identity and maintain the security of your account
• Generate personalised AI fishing recommendations based on your location, preferences, and historical data
• Process subscription payments and manage billing
• Send transactional emails (account confirmation, subscription receipts, renewal notices)
• Respond to your support requests and communicate with you about the Service
• Monitor and improve the performance, reliability, and features of the Service
• Detect, investigate, and prevent fraudulent or unauthorised activity
• Comply with our legal obligations under Australian law

We do not sell your personal information to third parties. We do not use your personal information for advertising or profiling by third parties.

4. Legal Basis for Processing

We collect and process your personal information on the following grounds:

• Contract performance: to provide the Service you have signed up for, including processing payments and maintaining your account
• Consent: where you have given your consent, such as for optional features (e.g. GPS location access)
• Legitimate interests: to operate and improve our Service, prevent fraud, and ensure security
• Legal obligation: to comply with applicable Australian law

5. Third Parties We Share Data With

We share your information only with trusted third-party service providers necessary to operate the Service. These providers are not permitted to use your information for their own purposes.

We may also disclose your information where required by Australian law, court order, or government authority, or to protect the rights, property, or safety of ReefCast AI, our users, or the public.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: retained while your account is active and for 12 months after deletion to allow account recovery and meet legal obligations
• Catch and activity data: retained while your account is active; deleted upon account deletion
• Payment and billing records: retained for 7 years as required by Australian tax law
• Technical logs: retained for up to 90 days for security and debugging purposes
• Uploaded photos: retained until you delete them or your account is deleted

When we no longer need your personal information, we will securely delete or anonymise it.

7. Your Rights

Under the Australian Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

• Access: request a copy of the personal information we hold about you
• Correction: request that we correct inaccurate, incomplete, or out-of-date personal information
• Deletion: request deletion of your personal information (subject to legal retention obligations)
• Portability: request your fishing activity data in a machine-readable format
• Opt out: unsubscribe from non-transactional communications at any time
• Complain: lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you believe we have breached the Australian Privacy Principles

To exercise these rights, contact us at [email protected]. We will respond within 30 days. Account deletion can also be requested through the Settings page of the Service.

8. Cookies and Local Storage

The Service uses browser local storage (not traditional cookies) to store:

• Authentication token: a JWT token used to authenticate your requests; stored in localStorage
• Display preferences: dark mode setting
• Service worker version: used to manage PWA cache updates

We do not use third-party tracking cookies or advertising cookies. Stripe may set cookies during the payment checkout process for fraud prevention; these are governed by Stripe's cookie policy.

9. Data Security

We implement reasonable technical and organisational measures to protect your personal information, including:

• HTTPS encryption for all data in transit
• Bcrypt hashing for passwords at rest
• Encrypted database storage
• JWT-based authentication with server-side token validation
• Role-based access controls limiting internal access to user data

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that is likely to result in serious harm, we will notify affected users and the OAIC as required by the Notifiable Data Breaches scheme.

10. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.

11. International Data Transfers

Some of our third-party service providers (including Stripe, Anthropic, and UploadThing) are based in the United States. When we transfer your personal information overseas, we take reasonable steps to ensure it is handled in accordance with the Australian Privacy Principles. By using the Service, you consent to the transfer of your information to these providers.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify registered users by email or in-app notice. Continued use of the Service after a change constitutes your acceptance of the updated policy.