Skip to main content
FisheryData
Subscribe

Privacy

Privacy Policy

Last updated: May 5, 2026

This policy describes what information FisheryData collects when you use fisherydata.com (the “Site”), what we do with it, and the choices you have. We try to be plain about this. If anything is unclear, email editor@fisherydata.com.

1. Who we are

FisheryData is a weekly intelligence brief and data platform for U.S. commercial fishing operators, permit brokers, and seafood buyers. The Site is operated by the entity identified in the footer (“we,” “us,” or “FisheryData”).

2. What we collect

2.1 Information you give us

  • Email address — when you subscribe to the free newsletter or start a paid subscription.
  • Payment information — when you start a paid subscription, payment details (card number, expiration, billing zip) are collected and processed by Stripe, Inc. directly. We never see or store your full payment card data; we receive a Stripe customer ID and the last four digits of the card on file.
  • Custom alert configurations — when paid subscribers create alerts, we store the fishery code, threshold, and direction you selected, alongside your email address for delivery.
  • Support correspondence — emails you send us.

2.2 Information we collect automatically

  • Server logs — IP address, user agent, request URL, timestamp, response code. Retained for up to 30 days for security and debugging.
  • Cookies — see Section 5.
  • Aggregate usage statistics — if (and only if) you accept the cookie banner, we load Google Analytics 4 to measure page views and referrers in aggregate. We configure Google Analytics with IP anonymization, ad personalization disabled, and Google Signals disabled. If you reject the banner, no analytics scripts load at all. See Section 5 for the cookies involved.

3. How we use it

  • To deliver the weekly newsletter and any alerts you configure.
  • To process your subscription and provide paid features.
  • To send you service-related emails (welcome, receipts, account changes).
  • To secure the Site and prevent abuse.
  • To improve the Site — aggregate, anonymous usage statistics inform what features we build next.

We do not sell, rent, or trade your personal information.

4. Third-party processors

We use the following processors to run FisheryData. Each is bound by their own privacy policy and data protection commitments. Click each name for details.

  • Stripe — payment processing, subscription billing, customer portal.
  • Beehiiv — newsletter list management and email delivery.
  • Resend — transactional email delivery (alerts, sign-in links, receipts).
  • Firebase / Google Cloud — authentication (Firebase Auth), data storage (Firestore), file storage (Cloud Storage), website hosting (Firebase Hosting), and serverless functions (Cloud Functions).
  • Google Analytics 4 — aggregate usage analytics, only loaded after you accept the cookie banner. Configured with IP anonymization, no Google Signals, and no ad personalization.
  • Anthropic — AI editorial drafting and regulatory summarization. We send only public fishery data (CFEC, Federal Register) — never subscriber email addresses or personal information.
  • ScrapingBee — web request proxy for fetching public government records. No subscriber data passes through this service.

5. Cookies and similar technologies

We use a small number of strictly-necessary cookies to make the Site work and keep you signed in, plus an optional analytics cookie set only if you accept the cookie banner. We do not use cookies for advertising.

Strictly-necessary

  • fd_paid — set after a successful Stripe Checkout. Stores a signed reference to your Stripe customer ID so the Site can verify your subscription. HttpOnly, Secure, 30-day expiry.
  • fd_email — set after you sign in with a magic link. Stores a signed reference to the email you signed in with. HttpOnly, Secure, 30-day expiry.
  • fd_consent— records whether you accepted or rejected the cookie banner so we don't ask again. Value is accepted or rejected. 1-year expiry. Clearing it re-shows the banner.
  • Stripe cookies— Stripe sets its own cookies on stripe.com / checkout.stripe.com when you visit those domains during payment. See Stripe's privacy policy.

Optional (only if you click Accept)

  • Google Analytics — sets _ga and _ga_* cookies (typically 13-month expiry) to distinguish unique visitors and sessions. We configure GA with IP anonymization and disable Google Signals and ad personalization. If you click Reject, no Google Analytics scripts or cookies load.

You can clear cookies via your browser at any time; doing so will sign you out and require a fresh sign-in.

6. How long we keep data

  • Email subscribers — kept until you unsubscribe. Beehiiv retains anonymized engagement data per its retention policy.
  • Subscription records — retained as required for tax and accounting purposes (typically 7 years).
  • Server logs — up to 30 days.
  • Custom alerts — until you delete them or cancel your subscription.
  • Backups— Firestore point-in-time recovery and routine backups are retained per Google Cloud's standard retention windows.

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export the personal information we hold about you, and to object to certain processing. To exercise these rights, email editor@fisherydata.com. We'll respond within 30 days. We may need to verify your identity before acting on a request.

7.1 California (CCPA/CPRA)

California residents have the right to know what personal information we collect, request deletion, and opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioral advertising.

7.2 EU/UK (GDPR/UK GDPR)

The legal bases we rely on are: contract (to deliver the service you paid for), consent (for the free newsletter — you can withdraw at any time), and legitimate interest (security, fraud prevention, basic analytics). You have the right to lodge a complaint with your local data-protection authority.

8. Security

Personal information is encrypted in transit (TLS 1.2+) and at rest (Google Cloud's default AES-256 encryption). Authentication is delegated to Firebase Auth; payments to Stripe. We follow standard security practices but no system is perfectly secure. If you discover a vulnerability, please email editor@fisherydata.com.

9. Children

FisheryData is not directed at children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

10. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced via email and on the Site. The “Last updated” date at the top of this page reflects the current version.

11. Contact

Questions? Privacy requests? Feedback? editor@fisherydata.com.