Privacy Policy
This Privacy Policy explains how BeAngler ("we", "us", or "our") collects, uses, and otherwise processes your personal data when you use the Service (beangler.com, its subdomains, and the BeAngler mobile applications). In this Policy, "personal data" means any information relating to an identified or identifiable individual, and "process" has the meaning given in the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR").
1. Data controller
The controller responsible for your personal data is:
Andrii Tokar, a registered sole proprietor (Fizychna Osoba-Pidpryiemets, "FOP") in Ukraine, with a place of business in Kharkiv, Ukraine.
You can contact us at:
- Privacy matters:
privacy@beangler.com - General support:
support@beangler.com - Legal matters:
legal@beangler.com
At the date of this Policy, we have not appointed a representative in the European Union under Article 27 GDPR, as we consider that our processing falls within the exception in that Article — it is occasional, does not involve large-scale processing of special categories of data, and is unlikely to result in a risk to the rights and freedoms of individuals. We keep this assessment under review as the Service grows and will appoint an EU representative if and when this becomes required.
2. What data we collect
- Account and profile data: email address; first and last name; public display name; optional phone number (with SMS verification); profile photo; preferred language.
- Device and technical data: platform, device model, operating system version, app version, screen size, a device identifier (a "fingerprint" derived from device and browser characteristics, which we use to secure your account and prevent fraud — see Section 3), push notification token, and IP address.
- Location data, of two kinds:
- Coordinates in your content — the locations you enter for or attach to water bodies, sessions, catches, and points of interest. These form part of the content you create and are processed in order to provide those features (see Section 3).
- Your device's current position — your live GPS location, used only when you actively enable a location feature (for example the "my location" button on the map). This is processed only with your consent, which you may withdraw at any time in your device or app settings.
- Content you create: water bodies, catches, sessions, strategies and plans, tournaments, events, gear, teams and clubs, comments, and other content you save.
- Payment data: your payments are processed by Paddle (see Section 5). We do not store your full payment card details.
3. Purposes and legal bases
We process your personal data for the purposes set out below. For each purpose, we rely on a lawful basis under Article 6(1) GDPR.
- To provide and administer the Service — including creating and managing your account, storing your content (including the coordinates you enter for or attach to water bodies, catches, sessions, and points of interest), and providing subscriptions. Lawful basis: performance of a contract (Art. 6(1)(b)).
- Accessing your device's current GPS position, sending marketing communications, and setting non-essential analytics cookies — Lawful basis: your consent (Art. 6(1)(a)), which you may withdraw at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawing consent to device-location access does not delete coordinates that already form part of your saved content, which we keep on the contract basis above until you edit or delete that content.
- To keep the Service secure and prevent fraud and abuse — including using a device identifier or "fingerprint" to detect suspicious sign-ins and protect accounts — and to carry out basic service analytics and improve the Service. Lawful basis: our legitimate interests (Art. 6(1)(f)) in operating a secure and reliable Service. You may object to this processing (see Section 10).
- To meet our accounting, tax, and other legal obligations — handled together with Paddle acting as Merchant of Record. Lawful basis: compliance with a legal obligation (Art. 6(1)(c)).
We do not make decisions producing legal or similarly significant effects about you that are based solely on automated processing, and we do not carry out profiling of that kind.
4. Where data is stored
Your personal data is hosted on servers located in the European Union (Frankfurt, Germany).
5. Recipients and processors (sub-processors)
We share your personal data with the categories of recipients listed below, and only to the extent needed to operate the Service. These providers act as our processors and process personal data on our behalf and under our instructions, except where they act as independent controllers for their own legal or operational purposes (for example, Paddle as Merchant of Record for tax and accounting).
| Provider | Purpose |
|---|---|
| Amazon Web Services (AWS SES) | Transactional email |
| Amazon S3 / object storage | Photo and media storage |
| Google Maps | Maps and geocoding |
| Sentry | Error monitoring and diagnostics |
| Paddle | Payments (Merchant of Record), billing, and tax |
| SMS provider | Phone-number verification |
| Google Analytics | Usage analytics (website and app), with consent |
| Apple APNs / Google FCM | Push notifications (mobile apps) |
| Open-Meteo | Weather data for forecasts and fishing analytics |
CDN (cdn.beangler.com) |
Delivery of static assets |
We may also disclose personal data to public authorities, courts, or professional advisers where we are legally required to do so or where it is necessary to establish, exercise, or defend legal claims.
We do not sell your personal data.
Business transfers. If we sell, reorganize, merge, or transfer all or part of the BeAngler business or its assets (for example in a merger, acquisition, or asset sale), personal data may be transferred to the successor or acquirer as part of that transaction, subject to the protections of this Policy. We will inform you of any such transfer and of any choices you may have.
6. International transfers
Some of our processors (for example, Paddle and Google) may process personal data in the United States or in other countries outside the European Union and the European Economic Area (EU/EEA). Where personal data is transferred outside the EU/EEA, we ensure that appropriate safeguards under Chapter V GDPR are in place, namely the European Commission's Standard Contractual Clauses (SCCs) and/or, where the recipient is certified, the EU–US Data Privacy Framework (DPF). You may request a copy of the relevant safeguards by contacting privacy@beangler.com.
7. Retention
We keep your personal data only for as long as necessary for the purposes set out in this Policy:
- Account and personal data: retained while your account is active. After you delete your account, your personal data is permanently deleted within 30 days (see the Terms).
- Public content: not deleted when you delete your account, but anonymized so that it is no longer linked to you.
- Team and club data: retained within the relevant team or club scope.
- Security and audit logs: typically retained for up to 12 months.
- Backups: kept on a rolling basis for up to 90 days, after which they are overwritten.
- Payment and transaction records: retained for the period required by applicable accounting and tax law (handled together with Paddle as Merchant of Record), after which they are deleted or anonymized.
8. Cookies and local storage
The apps and website primarily use local storage on your device (localStorage and IndexedDB) together with strictly necessary cookies in order to keep you signed in (your authentication session), enable offline use and data synchronization, and remember your preferences. These technologies are essential to provide the Service and do not require your consent.
Analytics cookies. We use Google Analytics (provided by Google) to measure how the Service and our website are used and to improve them. Analytics cookies and similar technologies are set only after you give consent through our cookie banner. You can change or withdraw your consent at any time through the cookie banner or your settings. Google Analytics may process data in the United States (see Section 6).
9. Marketing communications
We send marketing emails on an opt-in basis only, that is, only after you have given your consent. You can opt out at any time by using the unsubscribe link in any marketing email or by changing your preferences in your account settings.
10. Your rights
Subject to the conditions and exceptions in applicable data protection law, you have the following rights in relation to your personal data:
- Right of access — to obtain confirmation of whether we process your data and a copy of that data.
- Right to rectification — to have inaccurate or incomplete data corrected.
- Right to erasure ("right to be forgotten") — to have your data deleted, for example through account deletion.
- Right to restriction of processing — to limit how we process your data in certain circumstances.
- Right to object — to object to processing based on our legitimate interests, and to object to direct marketing at any time.
- Right to data portability — to receive the data you provided to us in a structured, commonly used, machine-readable format, and to have it transmitted to another controller where technically feasible.
- Right to withdraw consent — to withdraw any consent you have given at any time, without affecting the lawfulness of processing carried out before withdrawal.
- Right to lodge a complaint — to lodge a complaint with a data protection supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or the place of the alleged infringement.
To exercise any of these rights, contact us at privacy@beangler.com. Account deletion (and the resulting erasure of your personal data) is available directly in your settings. We will respond to your request without undue delay and within the time limits required by applicable law. We do not charge a fee for exercising your rights, unless your request is manifestly unfounded or excessive.
11. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, loss, or destruction. These measures include encryption of data in transit, access controls, and regular monitoring. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
Personal data breaches. In the event of a personal data breach, we act in accordance with the GDPR and other applicable law, including notifying the competent supervisory authority and affected users where, and within the timeframes, the law requires.
12. Children
The Service is intended for users aged 16 and older. We do not knowingly collect or process the personal data of children under 16. If you believe that a child under 16 has provided us with personal data, please contact privacy@beangler.com and we will take appropriate steps to delete it.
13. Changes to this Policy
We may update this Policy from time to time. We will notify you of material changes within the Service, and we will update the version number and effective date at the top of this Policy upon publication. We encourage you to review this Policy periodically.
14. Contact
For any privacy question or request, contact us at privacy@beangler.com.