PL EN

Privacy Policy

Last updated: July 1, 2026

1. General Information and Data Controller

This Privacy Policy outlines the rules for collecting, processing, and protecting the personal data of users of the Łowik.pl mobile application (hereinafter referred to as the "Application").

The Controller of your personal data is Dominik Chabros, operating an unregistered business activity (nierejestrowana działalność gospodarcza) at Smugi 29B, 21-002 Jastków, Poland, operating the "Łowik.pl" mobile application (the "Application"). For all data protection matters, contact us at: dominik-chabro@wp.pl.

User Consent: By registering an account in the Application or using it, the user fully accepts this Privacy Policy and the Terms of Service. If the user does not agree to these terms, they must stop using the Application and delete their account.

2. Scope and Purpose of Data Processing

The Application processes data to provide the core services of your angling assistant. This data includes:

  • Catch Log Data: Details of your catches (species, weight, length, date/time, optional photos, and GPS coordinates of the catch). By default, this data is saved locally on your device (Offline-First) and synchronized with Google Firebase (Firestore) when you are online to allow cloud backup.
  • Photos (Camera/Gallery Access): Used with your explicit permission inside the RyboDex AI scanner to automatically identify the fish species via the "Łowik AI" feature. Details of how photos are processed by the AI provider are described in Section 4. Photos are processed solely for species detection and are not used for any other purposes.
  • GPS Location Access: Used solely with your consent when logging a catch to automatically save the geographical coordinates and fetch localized weather and bite forecasting data. You can manage or disable location permissions in your Android system settings at any time.
  • Fishing Equipment (Gear Builder): Details about your fishing rods, reels, and baits are stored locally on your device and optionally backed up to Firestore.

3. Legal Basis for Processing

We process your data on the following legal bases (GDPR):

  • Art. 6(1)(b) GDPR – performance of a contract (providing Application features: account, catch log, cloud synchronization, premium purchases);
  • Art. 6(1)(a) GDPR – your consent (access to GPS location, camera, processing of photos by the fish recognition module, ad personalization);
  • Art. 6(1)(f) GDPR – our legitimate interest (Application security, abuse prevention, technical notifications).

You may withdraw your consent at any time in your device or Application settings, which does not affect the lawfulness of processing carried out before its withdrawal.

4. Processing of Photos and Data by Artificial Intelligence (Łowik AI)

AI-based features (the "RyboDex" fish recognition and the angling condition analysis in the weather forecast) operate under the "Łowik AI" brand, but are technically powered by the AI infrastructure and models of the provider Google (the Gemini API service, Google Ireland Ltd. and Google LLC).

This means that:

  • the photo of a fish you take is sent to the Google Gemini service for species recognition and is processed solely to provide a response;
  • weather data and location (the name of the locality) are sent to Google Gemini to generate a tactical recommendation.

Photos and queries are not used by us or by Google to train models and are not stored for that purpose by the AI provider. The processing of photos is based on your consent.

5. Data Recipients and Processors

To provide our services, we rely on trusted providers who process data on our behalf or as independent controllers:

  • Google Firebase / Google Cloud Platform (Google Ireland Ltd., Google LLC) – authentication, database (Firestore), file storage (Storage), push notifications, abuse protection (App Check), server functions;
  • Google Gemini API (Google) – fish recognition and angling analysis (see the AI section);
  • WeatherAPI.com – weather forecast data (the name of the locality is transmitted);
  • Mapbox (Mapbox Inc.) – map display (IP address and approximate location are transmitted);
  • OpenStreetMap / Nominatim and Photon (Komoot GmbH) – converting locality names to coordinates and vice versa (geocoding);
  • RevenueCat (RevenueCat Inc.) – handling and verification of premium purchases;
  • Resend (Resend Inc.) – sending emails (address verification, notifications);
  • Google AdMob (Google) – display and personalization of ads. AdMob processes data in accordance with GDPR requirements. To achieve this:
    • Consent Form (CMP): Before ads are loaded, users in the EEA and the UK are presented with a consent choice dialog (Consent Management Platform compliant with the IAB TCF v2.2 standard). Users can choose between personalized advertisements (based on interests and browsing profile) or non-personalized advertisements.
    • Processed Data: AdMob may collect and process unique advertising identifiers (e.g., Google Advertising ID, Apple IDFA), IP addresses, approximate geographic location data, and ad interaction data to optimize ad delivery, limit repetition, and prevent fraud.
    • Consent Revocation: Users can change their ad preferences at any time in the Application settings (by launching the consent dialog again) or in their mobile operating system settings (e.g., by resetting the advertising identifier). Full data policies are described on Google's Privacy Policy page.

Premium purchases are billed directly by the Apple App Store (Apple Inc.) and Google Play (Google), in accordance with their terms and privacy policies.

6. Transfer of Data Outside the EEA

Some of our providers (including Google, Mapbox, RevenueCat, Resend) process data on servers located outside the European Economic Area, including in the United States. Such transfers take place on the basis of Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR) or on the basis of adequacy decisions (e.g., the Data Privacy Framework), ensuring an adequate level of data protection.

7. Data Retention Period

We store your account and catch log data for the duration of your use of the Application. After account deletion, data associated with the account (including catches, notes, photos, locations) is permanently deleted from our servers without undue delay, no later than within 14 days. Data processed on the basis of consent is stored until that consent is withdrawn. Some data may be kept longer where required by law (e.g., tax law – regarding purchases).

8. Storage and Data Security

We care about your data's safety. Synchronized data is kept on secure Google Cloud Platform servers. Communication between the app and the cloud is encrypted using secure HTTPS protocols (SSL/TLS).

As the app operates in an **Offline-First** model, the vast majority of your data remains solely on your physical device. Uninstalling the app without synchronizing your data to the cloud will result in permanent loss of offline data.

9. Your Rights

You have the right to access your data, rectify it, erase it, restrict its processing, data portability, object to processing, and withdraw consent. You can delete your account together with all data yourself in the Application (Settings → Delete account) — see detailed instructions at lowik.pl/account-deletion. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

For matters related to exercising your rights, you can contact us at dominik-chabro@wp.pl.

10. Changes to This Policy

We reserve the right to update this Privacy Policy. Any updates will be posted on this webpage, and significant changes will be communicated through in-app notifications.

Back to Homepage Terms of Service