Privacy Policy
Effective 2026-04-20 · Chasing Pelagics LLC (Catalysst SoCal)
This Privacy Policy explains how Chasing Pelagics LLC ("Catalysst", "we", "us") collects, uses, and protects information when you use the SoCal fishing-intelligence app at socal.catalysst.net and app.chasingpelagics.com (the "Service").
1. Information We Collect
Account information
- Email address
- Name (optional)
- Password, stored only as a one-way bcrypt hash — never in plaintext
- Subscription tier and status
Payment information
- We do not store full card numbers. Payments are processed by Stripe, a PCI-DSS Level 1 certified processor. We receive and store a Stripe customer ID, subscription ID, last-four digits of the card, and billing metadata.
Usage & technical data
- IP address, user agent, and request timestamp (for security, rate limiting, and audit logs)
- Authentication events (login, logout, password reset, account deletion) recorded for one (1) year
- Feature usage events via PostHog (e.g., layer toggles, playback, filter selection)
- Client-side error reports via Sentry, with cookies and tokens scrubbed before transmission
- Cloudflare edge logs (for DDoS protection and bot mitigation)
Third-party broadcast data
- Vessel AIS positions from AISStream.io and Kpler/MarineTraffic — public broadcasts from ship transponders, not personal data about you
- Aircraft ADS-B positions from OpenSky Network and adsb.lol — also public broadcasts
- Oceanographic products from NOAA and NASA
2. How We Use Information
- Operate, maintain, secure, and improve the Service
- Authenticate you and authorise access to subscription content
- Process payments and manage billing through Stripe
- Detect and prevent fraud, abuse, scraping, and security incidents
- Send transactional email (sign-up, password reset, billing notices, support replies) via Resend
- Respond to your support requests
- Comply with legal obligations
We do not sell personal information. We do not use your information to serve advertising on other sites. We do not share your email address with third parties for marketing.
3. Third-Party Processors
- Stripe — payments
- Cloudflare — DNS, CDN, DDoS protection
- DigitalOcean — hosting
- Resend — transactional email
- PostHog — product analytics (identified_only profiles for logged-in users)
- Sentry — client-side error monitoring (auth tokens scrubbed)
- AISStream.io / Kpler / MarineTraffic — vessel AIS data
- OpenSky Network / adsb.lol — aircraft ADS-B data
4. Data Retention
- Active accounts: retained while your subscription is active; for billing/tax purposes after cancellation
- Deleted accounts: personal data deleted within 30 days of account deletion, except as legally required
- Audit logs: 1 year
- Product analytics: per PostHog defaults
- Error reports: per Sentry defaults, scrubbed of credentials
- Backups: encrypted snapshots, up to 30 days
5. Your Rights
Depending on your location, you may have rights to: access your data, correct inaccuracies, delete your account, export your data, restrict or object to processing, and withdraw consent. Account deletion is available in-app under Account → Delete my account, which permanently erases your data. Other requests: privacy@chasingpelagics.com.
6. Cookies & Local Storage
- Authentication:
pi_token cookie — strictly necessary, Secure + SameSite=Lax
- Analytics: anonymous first-party identifier for PostHog
- Functional: layer preferences, last viewport, filter state
No third-party advertising trackers. No cross-site fingerprinting.
7. Security
HTTPS/TLS on all traffic · Cloudflare edge protections (WAF, rate limits, bot fight) · origin-bypass protection (cf_guard) · bcrypt password hashing · per-user and per-IP rate limits · signed JWT session tokens · encrypted at-rest storage · restricted SSH access to production. Security disclosures: security@chasingpelagics.com.
8. Children
The Service is not directed to children under 13 and we do not knowingly collect their personal information.
9. International Transfers
We and our processors are located primarily in the United States. By using the Service from outside the U.S., you consent to your data being transferred to and processed in the United States.
10. Changes to This Policy
We may update this Privacy Policy. Material changes will be notified by email or in-app notice.
Contact
Chasing Pelagics LLC · San Diego County, California, USA
Privacy inquiries: privacy@chasingpelagics.com
General support: jeff@chasingpelagics.com
← Back to sign in