Privacy Policy

Effective Date: May 3, 2026

This Privacy Policy describes how Cobia Technologies, Inc. ("Cobia," "we," "us," or "our") collects, uses, shares, and protects personal information in connection with the Cobia™ mobile application, website, and related services (collectively, the "Service"). This Privacy Policy works together with our Terms of Service. Defined terms not defined here have the meanings given in the Terms of Service.

Cobia is a competitive recreational fishing app for users 13 and older. The Service is not directed to children under 13. If you do not agree with this Privacy Policy, please do not use the Service.

1. Quick Summary

This summary is for convenience only and is not a substitute for the full Privacy Policy.

We collect information you give us (account info, catches, photos, video, comments, communications), information collected automatically (device info, app activity, precise location for catches), and information from third parties (sign-in providers, age-assurance signals).
We use this information to operate, secure, and improve the Service; identify species; verify catches; rank Slams, leagues, leaderboards, and other community-recognition features; recommend content; and communicate with you.
We use your precise geolocation to log catches, surface nearby content, and apply your privacy settings. You control what is shared with other users.
We share information with service providers, automated and machine-learning providers (for example, for species identification), other users (per your privacy settings), authorities when required, and parties to a business transfer.
We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
Users 13–17 receive additional protections.
You have rights to access, correct, and delete your information, and additional rights if you live in California or another state with privacy laws.

2. Information We Collect

2.1 Information you provide

Account information: name, username, email address, password or authentication credentials, which are stored in hashed or otherwise protected form, profile photo, date account created, and any optional profile information (bio, home water, target species, etc.).
Catch information: photos, video, species, length, weight, time, location, gear, technique, conditions, captions, and other details you log.
Live and session content: "On the Water" clips, session logs, and other content you create within the Service.
Social and community content: comments, follows, high-fives, direct messages, slam entries, and other interactions.
Communications with us: support requests, feedback, bug reports, DMCA notices, arbitration opt-outs, and other correspondence.
Brand Account information: if you create or operate a Brand Account, the entity name, brand assets, authorized-representative information, and verification materials we may request.

2.2 Information collected automatically

Device and app information: device model, operating system and version, app version, language, time zone, mobile network, device identifiers, and crash logs.
App activity: features used, screens viewed, search queries, taps, sessions, and similar usage information.
Approximate and precise location: see Section 4.
Capture metadata: for catches captured with the Cobia Camera, technical metadata about the capture (including device-based cryptographic signature, capture timestamp, sensor data, and related information used by the Authentic Capture system).
Photo and video metadata: when you upload photos or video, embedded metadata (such as EXIF data, including capture time and embedded GPS coordinates) may be transmitted with the file. We may use, modify, or strip this metadata as described in Section 5.
Cookies and similar technologies: see Section 16.

2.3 Information from third parties

Sign-in providers: if you sign in with Apple, Google, or another supported provider, we receive the information you authorize that provider to share with us (typically a user identifier, name, and email).
Age-assurance signals: we may receive an age band or age category from your device or operating system (for example, through Apple's Declared Age Range API). We do not receive your date of birth from these signals.
Public sources and data partners: we may use publicly available data (such as government water-body data, regulatory data, and weather/tide data) and licensed third-party datasets to enrich features within the Service. These sources do not generally contain personal information about you.

3. How We Use Information

We use personal information to:

Provide, operate, secure, maintain, and improve the Service.
Create and manage your account.
Log, display, and organize your catches and sessions.
Operate Slams, leagues, leaderboards, Fishdex, King of the Spot, and other community-recognition features.
Apply the Authentic Capture system and investigate suspected manipulation, fraud, cheating, or other violations of our Terms of Service.
Provide automated features such as species identification, briefings, recommendations, and search.
Personalize content, notifications, and recommendations.
Communicate with you about the Service, including transactional, security, and customer-service messages, and (where permitted) marketing messages you can opt out of.
Detect, investigate, and prevent fraudulent, abusive, illegal, or harmful activity.
Comply with legal obligations and enforce our Terms of Service.
Conduct analytics, product research, and Service improvement, including testing and developing new features.
Carry out a corporate transaction such as a merger, acquisition, financing, reorganization, or sale of assets.

4. Location Information

Location information is core to how Cobia works. This Section explains what we collect, how it is used, and what controls you have.

4.1 What we collect

Precise geolocation when you log a catch, start a session, or use a feature that requires precise location (such as nearby-Slam discovery). We store precise GPS coordinates associated with each catch.
Approximate location derived from your device, IP address, or named water-body context, used for general regional features.
Location embedded in photos and video you upload (for example, EXIF GPS data).

We collect precise geolocation only when you enable location permissions, provide location information manually, log a catch with location enabled, start a session with location enabled, upload media containing location metadata, or use a feature that requires location. Where required by applicable law, we obtain your consent before collecting or processing precise geolocation. You may revoke device-level location permissions through your device settings, but doing so may limit location-based features.

Sessions and live activity. If you start an "On the Water" session, Live activity, or similar feature, we may collect periodic location points, route or trail information, timestamps, and related session metadata while the session is active. We use this information to operate the session, associate activity with water bodies or Slams, support safety and integrity features, and apply your privacy settings. You can stop session-based location collection by ending the session or revoking location permissions.

4.2 How we use location information

To log catches accurately and associate them with water bodies, spots, regions, and Slams.
To apply your privacy settings before any public display of location.
To provide location-aware features such as nearby content, regional leaderboards, and water-body intelligence.
To detect and prevent fraud, manipulation, or violation of Slam geo-fences or competition boundaries.
To improve the Service and provide aggregated, de-identified analytics.

4.3 Your privacy controls

You control how location is shared with other users:

Catch-disclosure preferences allow you to keep precise location private, share at the spot or water-body level, share with selected audiences if supported, or share publicly.
Location-fuzzing controls allow you to display approximate rather than precise locations to other users.
Per-catch overrides allow you to adjust disclosure on individual catches.

We will not publicly display or share your precise catch location in a manner inconsistent with your privacy settings or this Privacy Policy. We may continue to use precise location internally, with our service providers, for the purposes described in this Section regardless of public-display settings.

4.4 Location inference

Even with strict privacy settings, others may be able to infer a location from photographs, captions, water-body names, timestamps, background landmarks, weather conditions, or other context you choose to share. Privacy controls reduce but do not eliminate inference risk.

4.5 Sensitive personal information

California and certain other state laws treat precise geolocation as sensitive personal information. We use precise geolocation only as reasonably necessary to provide the Service you request, to perform safety and security functions, to detect and prevent fraud, and for the other purposes described in this Privacy Policy. California residents may have rights to limit certain uses of sensitive personal information; see Section 12.

5. Photos, Video, and Capture Media

When you upload photos or video to the Service:

We host, store, transcode, and display the media within the Service consistent with your privacy settings.
We may extract embedded metadata (such as EXIF data, including GPS coordinates) and use it to log the catch, verify authenticity, or apply your privacy settings.
We may strip embedded metadata from public-facing versions of the media before display.
We may process media through automated and machine-learning systems for purposes including species identification, content moderation, search indexing, and Authentic Capture verification.
We may retain capture-time metadata, cryptographic signatures, and related Authentic Capture data even where the media itself is deleted, for fraud-prevention and integrity purposes consistent with this Privacy Policy.

No facial recognition or biometric identification. We do not use photos or videos to identify or verify a person's identity through facial-recognition or biometric-identification technology unless we provide separate notice and obtain any consent required by law.

Direct messages and private communications. Direct messages are intended for communication between users, but they are not end-to-end encrypted unless we expressly state otherwise. We may process, store, review, or disclose direct messages when necessary to operate the Service, investigate reports, enforce our Terms, protect users, detect spam or abuse, comply with law, or address child-safety, security, or integrity concerns. We may use automated systems and human review for these purposes.

6. Automated and Machine-Learning Features

The Service uses automated and algorithmic features to provide species identification, briefings, recommendations, search, content moderation, and other functions. To deliver these features:

We may process your photos, captions, catch metadata, and related information using automated systems operated by Cobia or by third-party machine-learning providers.
We may share photos and related metadata with these providers under contracts that restrict the providers' use of the data to performing services for Cobia.
We do not authorize automated-feature providers to use your personal information to train their general-purpose models, except where you provide additional consent.
Where required by platform rules or applicable law, we will obtain your explicit permission before sharing personal information with third-party AI or machine-learning providers.
We may use public User Content, aggregated or de-identified data, and data for which we have obtained appropriate consent to develop, test, and improve Cobia-specific automated features. We do not use private User Content, precise location data, or User Content from users we determine to be under 18 to train or improve Cobia machine-learning models without separate notice and, where required, consent.
Automated outputs may be inaccurate or incomplete and may draw from incomplete, mislabeled, stale, or third-party data. Automated identification of species is not a guarantee of accuracy and should not be relied on for regulatory compliance, conservation, handling safety, or consumption decisions, as described in our Terms of Service.

For Apple App Privacy disclosure purposes, photos and capture metadata processed by automated providers fall within "Data Linked to You" categories disclosed on the App Store product page.

7. Authentic Capture and Verification Metadata

The Authentic Capture™ system uses technical signals to assess how catch media was produced. To operate Authentic Capture and related verification features, we collect, generate, and retain:

Device-based cryptographic signatures associated with capture.
Capture timestamps, sensor signals, and environmental signals available at the time of capture.
Photo and video metadata, including GPS coordinates where available.
Behavioral and contextual signals used to detect manipulation or fraud.

We use this information for verification, fraud prevention, integrity of community-recognition features, enforcement of our Terms of Service, legal compliance, dispute resolution, and related safety and security purposes. We may retain Authentic Capture metadata even after the underlying media is deleted, for the period reasonably necessary for these purposes.

If we investigate suspected manipulation, fraud, cheating, or violations of our Terms, we may request that you provide additional information, as described in our Terms of Service.

8. How We Share Information

We share personal information in the following categories. We do not sell your personal information.

8.1 Service providers and processors

We share information with vendors who perform services on our behalf, under contracts that restrict their use of the information. These include:

Hosting and infrastructure providers (such as our cloud hosting and database providers).
Content-delivery networks.
Mapping, water-body, weather, tide, and regulatory-data providers.
Communications, customer-support, and email providers.
Analytics, crash-reporting, and product-research providers.
Identity, fraud-prevention, and security providers.
Content-moderation providers.
Background-job, queue, and notification providers.
Domain, registered-agent, and corporate-services providers.

8.2 Automated and machine-learning providers

We share photos, captions, catch metadata, and related information with automated-feature providers as described in Section 6, under contracts that restrict their use of the information.

8.3 Other users

We share your User Content, profile information, catches, sessions, comments, and related information with other users as governed by your privacy settings and our Terms of Service. Information you choose to share publicly within the Service may be visible to other users and may be redistributed by them outside the Service in ways we do not control.

8.4 Compliance with law and protection of rights

We may disclose information when we believe in good faith that disclosure is necessary or appropriate to:

Comply with a subpoena, court order, regulatory request, or other legal process.
Cooperate with law enforcement, regulators, or child-safety organizations.
Enforce our Terms of Service, including investigating or preventing fraud, manipulation, or abuse.
Protect the rights, property, life, health, security, or safety of Cobia, our users, or the public.

This may include reporting suspected child sexual abuse material or child exploitation to the National Center for Missing & Exploited Children (NCMEC) CyberTipline, law enforcement, or other appropriate authorities, where required or permitted by law.

8.5 Business transfers

We may share information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction, or the negotiation of any such transaction. We will require the recipient to handle the information in a manner consistent with this Privacy Policy or provide appropriate notice to you.

8.6 With your consent or at your direction

We share information with other parties when you direct us to do so or otherwise consent.

9. We Do Not Sell or "Share" for Cross-Context Behavioral Advertising

We do not sell your personal information for money or other valuable consideration, and we do not share your personal information for cross-context behavioral advertising as those terms are defined under California law and similar state laws. We do not show third-party display ads in the Service, and we do not deliver targeted advertising based on tracking you across other apps and websites.

We may engage in promotional activity within the Service or in Cobia-owned channels consistent with your privacy settings, as described in our Terms of Service.

10. Children's Privacy

The Service is intended for users 13 and older and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that a user is under 13, we will terminate the account and delete the associated personal information consistent with this Privacy Policy and applicable law.

If you are a parent or guardian and believe a child under 13 has provided personal information to us, please contact privacy@cobia.app and we will take appropriate action.

11. Minors and Age-Assurance Information

11.1 Users 13–17

Users we determine, based on age-assurance signals or other indicators reasonably available to us, to be under 18 receive additional protections, including:

Default privacy settings that limit public sharing of precise location.
Restrictions on direct messaging with adults outside designated contexts.
Exclusion from certain current or future features (including, if and when introduced, paid competitions, prize events, captain or guide bookings, and marketplace features).
Exclusion from external advertising and paid promotional materials, App Store screenshots, press materials, and product demonstrations without parent or legal-guardian consent.

11.2 Age-assurance information

We may receive age band or age category information from your device or operating system (for example, through Apple's Declared Age Range API). We use this information only for age-related compliance purposes and retain it no longer than reasonably necessary for those purposes. We do not use age-assurance information for advertising, profiling, or any purpose unrelated to age compliance.

12. Your Rights and Choices

12.1 Access, correction, deletion, and portability

You may access, correct, update, or download much of your account information directly within the Service. You may also request that we:

Confirm whether we process personal information about you.
Provide a copy of your personal information.
Correct inaccurate personal information.
Delete your personal information (see Section 14 for retention details and exceptions).
Provide your personal information in a portable, machine-readable format.

To make a request, contact privacy@cobia.app. We may need to verify your identity before responding. We will respond within the time required by applicable law.

Appeals. If we deny your privacy request, you may appeal our decision by contacting privacy@cobia.app with the subject line "Privacy Request Appeal." Your appeal should describe the request you submitted and why you believe our decision should be reconsidered. We will respond to appeals within the time required by applicable law. If we deny your appeal, we will explain our decision and, where required, provide information about how to contact your state attorney general or other applicable supervisory authority.

12.2 California residents (CCPA/CPRA)

California residents have the rights described in Section 12.1, plus the rights to:

Know the categories and specific pieces of personal information we collect, use, disclose, and (where applicable) sell or share.
Opt out of any sale or sharing of personal information for cross-context behavioral advertising. As stated in Section 9, we do not sell or share personal information in this way.
Limit our use and disclosure of sensitive personal information to certain permitted purposes.
Non-discrimination for exercising your privacy rights.

We honor recognized opt-out preference signals (such as Global Privacy Control) where required by California law. To exercise California rights, contact privacy@cobia.app or use the in-app privacy controls. An authorized agent may submit requests on your behalf with appropriate verification.

Categories of personal information we collect. Identifiers (name, username, email, account ID, device ID); account and profile information; internet or other electronic activity (app usage, search queries); geolocation data (precise and approximate); audio, electronic, visual, or similar information (photos, video, capture metadata); communications and User Content (catches, sessions, comments, direct messages); professional or employment information (only for Brand Accounts representing captains, guides, or businesses); sensitive personal information as described below; and inferences (preferences, interests, fishing behavior).

Sources, purposes, and sharing. As described in Sections 2, 3, and 8.

Sensitive personal information. Depending on how you use the Service, we may collect or process sensitive personal information, including precise geolocation, account authentication information, the contents of direct messages, age-assurance or minor-status information, and capture metadata associated with Authentic Capture. We use sensitive personal information only to provide the Service, operate privacy and safety features, secure accounts, verify catches, prevent fraud and abuse, comply with law, and for other purposes permitted by applicable law. We do not use sensitive personal information to infer characteristics about you for advertising, and we do not sell or share sensitive personal information for cross-context behavioral advertising. California residents may have the right to limit certain uses of sensitive personal information; see Section 12.1 above for how to make a request.

Retention. As described in Section 14.

12.3 Other state privacy laws

Residents of states with comprehensive consumer privacy laws may have rights similar to those described in Sections 12.1 and 12.2, subject to the specifics and applicability thresholds of each law. The U.S. state privacy landscape is evolving, and additional states are enacting privacy laws over time. To exercise these rights, contact privacy@cobia.app.

12.4 International users

The Service is operated from the United States and is primarily intended for users in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, which may have different data-protection laws than your country. If we make the Service available in jurisdictions requiring additional privacy disclosures, we may provide supplemental notices.

12.5 Account deletion

You may delete your account at any time through the in-app account-deletion option or by contacting privacy@cobia.app. Upon receipt of a valid deletion request, we will delete your personal information from active production systems within thirty (30) days, subject to retention exceptions described in Section 14.

12.6 Communications preferences

You may opt out of marketing communications using the unsubscribe link in those communications or by contacting privacy@cobia.app. We may continue to send you transactional, security, and service-related communications.

12.7 Push notifications and device permissions

You may control push notifications, location permissions, photo and camera permissions, and other device-level permissions through your device settings. Restricting permissions may limit features of the Service.

13. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. Catch media and Authentic Capture metadata receive specific integrity protections, including cryptographic signing where applicable. No security measure is perfect, and we cannot guarantee absolute security. If you believe your account has been compromised, contact us at support@cobia.app.

14. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements. Specific retention practices include:

Account data: retained for the life of your account.
Catch and User Content: retained for the life of your account, subject to your in-app deletion controls.
Active production systems: upon a valid account-deletion request, personal information is deleted from active production systems within thirty (30) days.
Backups and disaster-recovery copies: personal information may persist in encrypted backups for up to ninety (90) additional days, after which it is overwritten in the ordinary course.
Authentic Capture and fraud-prevention data: retained for as long as reasonably necessary to protect the integrity of community-recognition features, investigate abuse, maintain anti-cheat records, resolve disputes, comply with legal obligations, or enforce our Terms — typically up to three (3) years following account deletion, unless a legal hold, active investigation, dispute, fraud-prevention need, or applicable law requires longer. When no longer needed for these purposes, this data is deleted, de-identified, or aggregated. Where feasible, we minimize retained precise location data and restrict access to personnel or service providers with a need to know.
Legal, compliance, and dispute records: retained for the period required by law, regulation, contractual obligation, legal hold, or active investigation.
Aggregated or de-identified data: may be retained indefinitely.

De-identified data. When we maintain or use de-identified data, we take reasonable measures designed to ensure that the data cannot reasonably be associated with an individual or household, maintain and use the data in de-identified form, and do not attempt to reidentify it except as permitted by law, such as to test our de-identification measures.

15. International Data Transfers

As described above, we are based in the United States, and the Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States, which may have different data-protection laws than your country.

16. Cookies and Similar Technologies

We and our service providers use cookies, software development kits ("SDKs"), and similar technologies to operate the Service, remember your preferences, support security, analyze usage, and improve features. Mobile applications do not use traditional browser cookies, but our mobile applications may use device identifiers and SDKs that perform similar functions.

You may control device-level identifiers and tracking through your device settings, including iOS App Tracking Transparency.

Do Not Track and opt-out signals. Some browsers transmit "Do Not Track" signals. Because there is no uniform industry standard for responding to Do Not Track signals, we do not currently respond to them. Where required by applicable law, we honor recognized opt-out preference signals, such as Global Privacy Control, for sales, sharing, or targeted advertising. Because we do not sell personal information or share it for cross-context behavioral advertising, these signals generally will not change how the Service operates.

17. Third-Party Services

The Service may include or rely on third-party content, links, APIs, datasets, or services. Third parties have their own privacy practices, which are not controlled by us. We encourage you to review the privacy practices of any third-party service before using it.

When the Service incorporates third-party automated or machine-learning services, we apply contractual restrictions and the additional protections described in Section 6.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will revise the effective date at the top of this Privacy Policy and provide notice through the Service or by other reasonable means. For material changes, we will require you to affirmatively review and accept the updated Privacy Policy before continuing to use the Service. For non-material changes, your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.

19. Contact Us

If you have questions, requests, or complaints about this Privacy Policy or our privacy practices, contact us at:

Cobia Technologies, Inc.
Attn: Privacy
6231 PGA Blvd, Ste 104 #2027
Palm Beach Gardens, FL 33418
Phone: (561) 412-8441
Email: privacy@cobia.app

For complaints we are unable to resolve, you may have the right to contact your state attorney general or other applicable supervisory authority.