Data & compliance

This page summarizes how FishList approaches data handling and compliance topics at a high level. It does not replace the Privacy Policy or Terms of Use, and it is not legal advice.

Identity and account data: usernames, internal identifiers, optional profile images.

Activity and content: locations, catches, media attachments, comments, likes, friendships.

Authentication and security: tokens, session metadata, audit or security logs as needed to protect accounts.

Technical metadata: IP addresses, user agent strings, timestamps, and error diagnostics.

Infrastructure may be operated in Canada, the United States, or other regions depending on hosting and service providers. By using FishList, you understand that data may be processed in jurisdictions with different privacy laws. Where required, we rely on appropriate safeguards for cross-border transfers.

We aim to align with widely recognized privacy principles such as limiting collection to what is needed, providing access and correction where practical, securing data in transit and at rest commensurate with risk, and retaining data only as long as necessary for the purposes described in our Privacy Policy.

Specific statutory rights (for example under Canadian provincial privacy laws, PIPEDA where applicable, GDPR for EU users, or U.S. state laws) depend on your residency and the facts of processing. Contact us to discuss requests.

If we become aware of a security incident that poses a meaningful risk to individuals, we will take reasonable steps to investigate, mitigate, and notify affected users or regulators as required by law.

For privacy or compliance questions, contact the operator through the official support or contact channel published for FishList.