Privacy Policy

Last updated: 23 May 2026

1. Data Controller

CatfishTracker is operated as a sole trader based in Austria. For any data protection enquiries, please contact us at [email protected].

2. What Data We Collect

Account data

When you create an account: your name, email address, and a securely hashed password (we never store plaintext passwords).

Photos uploaded for analysis

Photos are processed immediately for AI analysis and are never stored permanently. If temporary hosting is required for reverse image search (via DigitalOcean Spaces), the image is deleted within seconds of the search completing. We never share your photos with third parties.

Usage data

We store the number of AI analysis checks you have used in the current billing period to enforce plan limits. No content of analyses is retained.

Payment data

Payments are processed entirely by Stripe. We never see, store, or have access to your card number or payment details. We only receive confirmation of payment success and your Stripe customer ID.

Shared reports

If you choose to share an analysis report, the anonymised analysis results (no photo) are stored for up to 30 days and then permanently deleted.

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR) — processing your account data and usage data to provide the service you signed up for.
  • Legitimate interest (Art. 6(1)(f) GDPR) — detecting abuse, maintaining service security, and improving accuracy.
  • Consent (Art. 6(1)(a) GDPR) — for any optional communications (e.g., product updates) which you may withdraw at any time.

4. Data Retention

  • Account data — retained until you delete your account, then permanently erased within 30 days.
  • Photos — deleted immediately after processing (usually within seconds).
  • Usage counters — reset monthly; deleted on account deletion.
  • Shared reports — automatically deleted 30 days after creation.
  • Payment records — retained as required by Austrian tax law (7 years).

5. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of access — request a copy of all personal data we hold about you.
  • Right to erasure — request deletion of your account and all associated data.
  • Right to rectification — request correction of inaccurate personal data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interest.
  • Right to restriction — request that we restrict processing in certain circumstances.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) at www.dsb.gv.at.

6. Cookies

We use only essential session cookies to keep you logged in. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. No consent is required for strictly necessary cookies under the ePrivacy Directive.

7. Third-Party Services

  • Stripe — payment processing. Stripe Privacy Policy.
  • Anthropic Claude API — AI photo analysis. Images are sent to Anthropic's API and are subject to Anthropic's Privacy Policy. Images are not used for model training under our API agreement.
  • SerpApi / Google Lens — reverse image search. Only used when you explicitly trigger this feature.
  • DigitalOcean Spaces — temporary image storage for reverse image search only (images deleted within seconds).

8. Data Security

All data is transmitted over HTTPS. Passwords are hashed using bcrypt. Database access is restricted to application servers. We follow industry-standard security practices.

9. Contact

For any privacy-related questions or to exercise your rights: [email protected]

Terms of ServiceBack to Photo Check
Privacy Policy | CatfishTracker