Privacy Policy
Last Updated: January 2025
1. Introduction
Welcome to Fishing Duck ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.
We comply with the General Data Protection Regulation (GDPR) for our European users and the Protection of Personal Information Act (POPIA) for our South African users, ensuring the highest standards of data protection globally.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, phone number, and password when you create an account
- Contact Data: Information about contacts you capture using our voice-to-text or manual input features
- Voice Recordings: Temporary audio recordings for processing voice commands (deleted after transcription)
- Business Cards: Images of business cards you scan (if you use this feature)
- Profile Photos: Contact photos you choose to store (with consent)
2.2 Information Collected Automatically
- Usage Data: Features used, frequency of use, and interaction patterns
- Device Information: Device type, operating system, app version, and unique device identifiers
- Analytics Data: App performance metrics, crash reports, and error logs
- Network Information: IP address (anonymized) and general location (country/region level)
3. How We Use Your Information
We use your information for the following purposes:
- Provide and maintain our voice-to-text lead capture service
- Process and store your captured contact information
- Synchronize your data across devices
- Send important service updates and security alerts
- Improve our speech recognition and contact extraction accuracy
- Provide customer support and respond to inquiries
- Detect and prevent fraud, abuse, or security threats
- Comply with legal obligations
4. Data Processing and Storage
4.1 Voice Processing
Voice recordings are processed using Google Speech-to-Text API. Audio data is:
- Transmitted securely using encryption
- Processed in real-time
- Deleted immediately after transcription
- Never stored permanently unless you explicitly opt-in for ML training purposes
4.2 Contact Data Storage
Your contact data is:
- Encrypted at rest using AES-256 encryption
- Stored in AWS DynamoDB in the EU-North-1 region
- Backed up regularly with encryption
- Accessible only to you through your authenticated account
4.3 Image Storage
Business card images and profile photos are:
- Stored in AWS S3 with server-side encryption
- Compressed to optimize storage and performance
- Subject to explicit consent for profile photos
- Retained only as long as the associated contact exists
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:
5.1 Service Providers
We work with trusted third-party services:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services | Cloud infrastructure | All app data (encrypted) |
| Google Cloud | Speech recognition | Voice recordings (temporary) |
| OpenAI | Contact extraction | Transcribed text (no PII) |
| Google Analytics | Usage analytics | Anonymized usage data |
5.2 Legal Requirements
We may disclose information if required by law, court order, or government request.
6. Your Rights and Choices
6.1 GDPR Rights (European Users)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a portable format
- Restriction: Limit processing of your data
- Objection: Object to certain processing activities
6.2 POPIA Rights (South African Users)
- Access: Request details about your personal information
- Correction: Request correction or deletion of data
- Objection: Object to processing of your information
- Complaint: Lodge a complaint with the Information Regulator
6.3 General Controls
- Export your contacts at any time (CSV format)
- Delete individual contacts or your entire account
- Opt-out of analytics collection
- Manage consent for photo storage
- Control language preferences for voice recognition
7. Data Retention
We retain your data according to the following schedule:
- Account Data: Until account deletion
- Contact Data: Until manually deleted or account closed
- Voice Recordings: Deleted immediately after processing
- Analytics Data: 26 months (Google Analytics default)
- Server Logs: 90 days
- Backup Data: 30 days after deletion from primary storage
8. Security Measures
We implement industry-standard security measures including:
- End-to-end encryption for data transmission (TLS 1.3)
- AES-256 encryption for data at rest
- Multi-factor authentication support
- Regular security audits and penetration testing
- OWASP compliance for application security
- Rate limiting and DDoS protection
- Secure password hashing (bcrypt)
9. Children's Privacy
Fishing Duck is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete such information.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework compliance
- Standard Contractual Clauses for GDPR compliance
- Appropriate security measures for all transfers
11. Cookie Policy
11.1 What Are Cookies?
Cookies are small text files that are placed on your device when you visit our website. They help us provide you with a better experience and understand how our services are used.
11.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Required |
|---|---|---|---|
| Essential Cookies | Yes | ||
| fishingduck_cookie_consent | Stores your cookie consent preferences | 1 year | Yes |
| betaToken | Maintains your login session (sessionStorage) | Session | Yes |
| adminAuth | Admin authentication (sessionStorage) | Session | Yes |
| Functional Cookies | No | ||
| preferred-platform | Remembers your iOS/Android preference | Persistent | No |
| testing-progress | Saves beta testing checklist progress | Persistent | No |
| offline_download_metrics | Stores download tracking data offline | Persistent | No |
| Analytics Cookies (Only with consent) | No | ||
| _ga | Google Analytics: Distinguishes unique users | 2 years | No |
| _ga_* | Google Analytics: Maintains session state | 2 years | No |
| _gid | Google Analytics: Distinguishes users | 24 hours | No |
| _gat | Google Analytics: Throttles request rate | 1 minute | No |
11.3 Managing Your Cookie Preferences
You can control cookies through:
- Our Cookie Banner: Choose "Essential Only" or "Accept All" when you first visit
- Browser Settings: Most browsers allow you to refuse or delete cookies
- Clear Consent: Contact us to reset your cookie preferences
11.4 Impact of Disabling Cookies
- Essential Cookies: Required for the site to function properly. Disabling these may prevent login and core features from working.
- Functional Cookies: Enhance your experience but are not required. Disabling these means we won't remember your preferences.
- Analytics Cookies: Help us understand usage patterns. Disabling these means we can't improve our services based on usage data.
11.5 Third-Party Cookies
We only use Google Analytics for third-party cookies, and only with your explicit consent. Google's privacy policy can be found at https://policies.google.com/privacy.
11.6 Cookie Security
All our cookies are:
- Set with the Secure flag (HTTPS only)
- Set with SameSite=Lax to prevent CSRF attacks
- HttpOnly where applicable to prevent XSS attacks
12. Beta Program
If you participate in our beta program, we may collect additional feedback and usage data to improve our services. Beta features may have different privacy implications, which will be clearly communicated.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of our services after changes constitutes acceptance of the updated policy.
14. Contact Information
Data Protection Officer
Fishing Duck Data Protection
Email: privacy@fishingduck.app
Response time: Within 30 days
Regulatory Authorities
South Africa: Information Regulator
Website: www.justice.gov.za/inforeg
Email: complaints.IR@justice.gov.za
European Union: Your local Data Protection Authority
Directory: edpb.europa.eu/about-edpb/board/members
15. Legal Basis for Processing
We process your personal data based on:
- Contract: To provide our services as described in our Terms of Service
- Consent: For optional features like photo storage and analytics
- Legitimate Interests: For security, fraud prevention, and service improvement
- Legal Obligations: To comply with applicable laws and regulations