Privacy Policy

Last updated: 2026-04-16

Submarius LLC (“we”, “us”), a Wyoming limited liability company, provides a mobile and web application for ocean recreation — spearfishing, diving, fishing, boating, and related activities. This policy explains what we collect, why, and what choices you have.

1. Information we collect

Account information. If you create an account: your email address, a username, and a hashed password (never stored in plaintext, hashed with argon2id).

Location data. With your permission, we collect your device’s location so we can show conditions near you. You can revoke this permission at any time in your device settings; most features will degrade gracefully, but conditions tailored to your location will not work.

User-created content. Spots you save are stored locally on your device. If you upload photos (for example, a water-clarity report), they are stored with your account.

Device and usage information. Device model, OS version, app version, crash reports, and non-identifying usage metrics (which screens you open, which features you use) so we can improve the app. We do not use third-party analytics that track you across other apps or websites.

Payment information. Handled entirely by Stripe (web) or Apple / Google (in their respective app stores). We never see your card number. We receive only a subscription status and a customer identifier.

2. How we use it

• Provide the features you use (conditions, maps, bite score, water-clarity predictions).
• Improve predictions and recommendations. User-submitted water-clarity reports may be used in aggregated and anonymized form to calibrate our models.
• Send transactional communication (password resets, receipts, critical service updates).
• Send optional push notifications — you can disable notifications in your device settings.

We do not sell personal information. We do not share location with third parties for their marketing.

3. How we protect it

• Passwords hashed with argon2id.
• Data encrypted in transit (TLS) and at rest (AWS-managed encryption on storage and database).
• Access to production data is limited to personnel who need it for operations.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you without undue delay and in accordance with applicable law.

4. Data retention

• Account data: retained while your account is active. Deleted within 30 days of account deletion, except where law requires retention (e.g., financial records for tax purposes).
• Photos and user-submitted reports: retained while your account is active; deleted with your account.
• Backups: rolling 30-day backups. Deleted data persists in backups until rotated out.
• Crash and usage metrics: retained 90 days.

5. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and data.
• Export your data in a machine-readable format.
• Object to or restrict certain processing.
• Lodge a complaint with your local data protection authority.

To exercise any of these, email privacy@submarius.com. We will respond within 30 days.

6. Children

Submarius is not intended for users under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

7. International transfers

Submarius is hosted in the United States (AWS us-east-2). If you use the service from outside the US, your data will be transferred to and stored in the US under appropriate safeguards.

8. New features

As we add features (catch logging, dive logging, social leaderboards, shark alerts, buddy GPS), this policy will be updated in advance to describe any new data practices. We will notify you in-app and by email before material changes take effect.

9. Changes to this policy

We may update this policy. We will notify you in-app and by email before material changes take effect.

10. Contact

Submarius LLC, Wyoming, United States privacy@submarius.com