Privacy Policy
Last Updated: February 12, 2026
1. Introduction
PNW Bar Info ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website and services.
This policy complies with the General Data Protection Regulation (GDPR) for European users and the California Consumer Privacy Act (CCPA) for California residents.
2. Information We Collect
2.1 Push Notifications
When you enable push notifications, we collect:
- Push subscription endpoint: A unique URL provided by your browser for sending notifications
- Encryption keys: p256dh and auth keys required for secure notification delivery
2.2 Email Alert Subscriptions
When you subscribe to email alerts, we collect:
- Email address: Required to send you alerts
- Bar preferences: Which bars you want alerts for
- Schedule preferences: Days of week and date ranges for alerts
- Notification preferences: Which status changes trigger alerts
Email subscriptions require verification. We use unique tokens to verify email addresses and manage subscriptions securely.
2.2a SMS/Text Message Alert Subscriptions
When you subscribe to SMS alerts, we collect:
- Phone number: Required to send you text message alerts
- Bar preferences: Which bars you want SMS alerts for
- Verification status: Whether your phone number has been verified via one-time code
Phone number verification is required before any SMS alerts are sent. Verification codes expire after 10 minutes. Your phone number is stored securely and is never displayed publicly.
Your phone number will never be shared with, sold to, or provided to third parties or lead generators. We use your phone number solely to send you bar condition alerts and verification codes via our SMS service provider (Twilio). No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. See our SMS Text Alerts page for full program details.
2.3 Catch Photo Submissions
When you submit a catch photo, we collect:
- Email address: For verification and management of your submission
- Name: Displayed publicly with your photo (as you enter it)
- Photo file: The image you upload
- Optional details: Caption, bar location, charter used, species caught
- IP address: For abuse prevention and rate limiting
Photo Privacy: We automatically strip EXIF metadata (including GPS location data) from uploaded photos to protect your privacy. Approved photos and your display name are shown publicly in our gallery.
2.3a Photo Interactions (Voting)
When you vote on catch photos in our gallery:
- IP address hash: A one-way hash of your IP address is stored to prevent duplicate voting on the same photo
Vote data is used solely to calculate popular photos (e.g., "Catch of the Week") and is not linked to any other personal information. The IP hash cannot be reversed to identify you.
2.4 Charter Guide Submissions
When you submit a charter guide listing, we collect:
- Business information: Name, captain name, contact details, services offered
- Submitter email: For verification and managing your listing
- Logo/images: Business logo or photos you upload
Approved charter listings are displayed publicly on our directory.
2.5 Content Reports and Edit Suggestions
When you report content or suggest edits, we collect different data depending on the report type:
- Photo reports: IP address and reason for report
- Charter closure/edit suggestions: IP address, optional email address, reason, details, and proposed changes
- Species data reports/edit suggestions: IP address, optional email address, field reported, reason, details, and proposed changes (limited to one pending report per IP per species)
2.5a Feedback Widget
When you use the feedback widget in the footer:
- Feedback type: Whether you gave positive or negative feedback
- Page URL: Which page you were on when you submitted feedback
- User agent: Your browser type (for mobile vs desktop analysis)
No personally identifiable information is collected through the feedback widget. Feedback data is stored indefinitely for trend analysis.
2.6 Information Collected Automatically
We may automatically collect:
- IP address: For rate limiting and security purposes
- Browser type and version: For compatibility and debugging
- Pages visited and timestamps: For service improvement
- Affiliate cookies: When you click affiliate links (e.g., Amazon), third-party cookies may be set by the affiliate program to track referrals. These cookies are governed by the affiliate's privacy policy, not ours
2.7 Google Analytics
We use Google Analytics to understand how visitors use our website. When enabled, Google Analytics collects:
- Page views: Which pages you visit and how long you stay
- Device information: Browser type, screen size, operating system
- Geographic location: Country and city (approximate, based on IP)
- Referral source: How you arrived at our site
- Custom events: Actions like sharing content or enabling notifications
Google Analytics uses cookies to track this information. For EU visitors, we request consent before enabling analytics tracking.
Do Not Track: We respect your browser's "Do Not Track" (DNT) setting. If DNT is enabled, Google Analytics will not track your activity.
2.8 Browser Storage
We use browser local/session storage to remember:
- Whether you've dismissed the safety disclaimer
- Cookie consent preferences (EU visitors)
- UI preferences (view mode, theme preference)
- Onboarding tour completion status
- Recent search history (bar names you've searched for)
- Widget collapse states (dashboard card preferences)
- Photo submission terms acceptance
This data stays in your browser and is not transmitted to our servers.
2.9 Geolocation
When you use the "Use my location" feature to find nearby bars:
- Your browser requests permission before sharing your location
- Location data is processed entirely in your browser to calculate distances
- Your coordinates are never transmitted to or stored on our servers
- We do not track, log, or retain any location information
2.10 User Accounts (Google Sign-In)
When you sign in with Google, we receive and store:
- Email address: Your Google account email, used to identify your account
- Display name: Your name as shown on your Google account
- Profile picture URL: A link to your Google profile photo (we don't download the image)
- Google ID: A unique identifier for your Google account
We do not receive or store your Google password. Google handles all authentication securely.
2.11 Account Data and Preferences
When you're signed in, we collect additional information you choose to provide:
- Boat name: Optional, displayed on your profile
- Synced preferences: Home harbor selection and theme preference
- Linked submissions: Catch photos, charter listings, and subscriptions are linked to your account
- Species suggestions: Edit suggestions you submit are associated with your account
Account-linked submissions can be viewed and managed from your Account page.
3. How We Use Your Information
| Data Type | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Push subscription | Send bar condition alerts you requested | Consent |
| Email subscription | Send bar condition alerts via email | Consent |
| SMS subscription (phone number) | Send bar condition alerts via text message | Consent |
| Catch photo submission | Display your catch in public gallery | Consent |
| Photo votes (IP hash) | Calculate popular content, prevent duplicate voting | Legitimate interest |
| Charter guide listing | Display your business in public directory | Consent |
| IP address | Rate limiting, security, abuse prevention | Legitimate interest |
| Analytics data | Understand site usage, improve features | Consent (EU) / Legitimate interest (US) |
| Usage data | Service improvement and debugging | Legitimate interest |
| Content reports/edit suggestions | Review community data accuracy | Legitimate interest |
| Feedback (type, page, user agent) | Analyze satisfaction, improve features | Legitimate interest |
| User account (Google Sign-In) | Provide personalized experience, sync preferences | Consent |
| Account preferences | Sync settings across devices, link submissions | Consent |
| Affiliate cookies (third-party) | Track referrals from affiliate links for commission attribution | Consent / Legitimate interest |
4. Data Retention
- User accounts: Retained until you delete your account; you can request account deletion by contacting us
- Push subscriptions: Retained until you unsubscribe or your subscription becomes invalid
- Email subscriptions: Retained until you unsubscribe; you can delete your subscription at any time via your management link or Account page
- SMS subscriptions: Phone number and preferences retained until you opt out; you can disable SMS alerts at any time via your subscription management page or Account page
- Catch photos: Approved photos retained indefinitely; rejected photos automatically deleted after 7 days
- Charter listings: Retained until removed by you or us; you can request deletion at any time
- Server logs: Retained for up to 90 days, then automatically deleted
- Species/charter reports: Retained until resolved or dismissed by an administrator
- Feedback data: Retained indefinitely (contains no personally identifiable information)
- Session storage: Cleared when you close your browser
5. Data Sharing
We do not sell, trade, or rent your personal information. We may share data only in these circumstances:
- Service providers: Push notification delivery services (web push protocol), email delivery via Mailgun, SMS delivery via Twilio
- Legal requirements: When required by law or to protect our rights
- Business transfers: In connection with a merger or acquisition (with notice)
6. Third-Party Services
Our service may integrate with:
- Google Analytics: Website analytics and usage tracking (Google Privacy Policy)
- Mailgun: Email delivery for subscription alerts (Mailgun Privacy Policy)
- Twilio: SMS/text message delivery for subscription alerts (Twilio Privacy Policy)
- Cloudflare R2: Media file storage for uploaded photos and images (Cloudflare Privacy Policy)
- Browser Push Services: Google (FCM), Mozilla, Apple for notification delivery
- NOAA CO-OPS API: Tide predictions and water level data (NOAA CO-OPS)
- External APIs: NOAA Weather, Coast Guard, and other government data sources
- Amazon Associates: Affiliate link tracking and commission attribution (Amazon Privacy Notice)
- Facebook: Automated posting of featured content (Catch of the Week) when enabled (Meta Privacy Policy)
These services have their own privacy policies that govern their use of data.
7. Your Rights Under GDPR
If you are in the European Economic Area (EEA), you have the following rights:
- Right of Access: Request copies of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Request limitation of processing
- Right to Data Portability: Request transfer of your data
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, disable push notifications in your browser settings or contact us.
8. Your Rights Under CCPA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of personal information collected, used, and shared
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights
To exercise these rights, disable push notifications or contact us. We will respond within 45 days.
9. Data Security
We implement appropriate security measures to protect your data:
- HTTPS encryption for all data transmission
- Secure storage of push notification credentials
- Rate limiting to prevent abuse
- Regular security reviews
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.
11. International Data Transfers
Your information may be transferred to and processed in the United States or other countries. By using our Service, you consent to such transfers. For EEA users, we ensure appropriate safeguards are in place.
12. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Significant changes may be communicated via push notification if you're subscribed.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us through the information provided on the main website.
14. Do Not Track
Our Service respects your browser's "Do Not Track" (DNT) setting. When DNT is enabled, we disable Google Analytics tracking and do not collect analytics data about your visit.
See also our Terms of Service for the terms governing your use of PNW Bar Info.