Privacy — Bassai

The promise

You can use Bassai without signing in, without creating an account, and without giving us an email. The app is designed so that the smallest possible amount of data about you leaves your device, and the data that does leave is scoped to the specific service that needs it. Photo filenames and the notes you type for yourself never leave the phone in any pipeline.

Scope-bounded by service. Catch coordinates go to weather, water-gauge, and reverse-geocoding services to fetch data near your trip — and nowhere else. Free-text notes never leave. Photos stay on your device.

What stays on your device

Bassai stores your log on your iPhone. If you use iCloud Backup, your Bassai data may be included when your iPhone is backed up and restored. Bassai does not currently provide cross-device iCloud sync.

Your trips, including the GPS path recorded while a trip is live.
Your catches: species, weight, length, lure, gear, time, photos.
Your spots, their coordinates, and any free-text notes you attach.
On-device results from the weight reader (text recognition) and the fish classifier (image recognition). Both run entirely on your iPhone.

None of the above is uploaded to a Bassai server. The opt-in cloud feature (Chat with Hank) sends only the specific data described in the next section — never the raw library, never the free-text notes you attach to catches and spots, never photo filenames.

What leaves the device — unavoidably

To enrich a catch with weather, water conditions, tide, and lake name, Bassai pulls from four public scientific APIs. Some are reached directly from your device; weather and water-body lookups flow through Bassai's own proxy at bassai.com, which does not pass your IP to the upstream provider. Each request carries only the minimum needed to answer it, and none of them carry an identifier we could use to build a profile of you.

Open-Meteo Latitude, longitude, and hour of a catch → hourly weather. No cookie, no account, no persistent session.

OpenStreetMap Latitude and longitude of a trip's center → nearest water body name. Used only for the label (e.g. Lake Fork). The bassai.com proxy caches the looked-up name (or "no nearby named water body" marker) in a durable third-party Redis store (Upstash, US-East-1, accessed via the Vercel Marketplace integration) so repeated lookups for the same area don't re-pay OSM round-trips. Cache entries expire after 30 days. The cache key is a rounded approximation of your coordinate (~1 km bucket) plus the search radius; raw GPS is not stored in the durable cache. The cache value is only the public OSM lake name or a null-result marker — never trip photos, notes, catch records, or user identifiers.

USGS water services A bounding box around the trip and a date → the nearest river or reservoir gauge's readings. Public federal data.

NOAA CO-OPS A tide station ID and a date range → tide predictions. The station list itself is bundled in the app, so this call never sees your coordinates directly.

These calls are necessary for the core feature of the app — attaching real weather and water conditions to a catch. If you disable them, Bassai still works as a logbook; it just won't record conditions.

About your IP address

Any network request made from your iPhone carries your IP address — that's how the internet works. Under European and Californian privacy law an IP is treated as personal data, so we want to be precise about who sees yours when Bassai makes a request on your behalf.

Scientific APIs USGS and NOAA CO-OPS are contacted directly from your device. Your IP is visible to them under their own policies. Bassai doesn't receive or log that IP, and we never pair it with your catches.

bassai.com proxy Open-Meteo weather lookups and OpenStreetMap water-body lookups flow through our bassai.com proxy. The proxy terminates the TLS connection from your device and forwards to the upstream service from its own IP — your IP is not passed along, and we do not write it to any persistent log on the proxy. For abuse prevention, Bassai may use a short-lived hashed identifier derived from request metadata such as IP address to rate-limit public endpoints. We do not store raw IP addresses for this purpose, and this data is not used for advertising or tracking.

nako.ai proxy Chat with Hank and analytics events flow through our nako.ai proxy. The proxy terminates the TLS connection from your device and forwards to the upstream provider (Google Gemini, PostHog) from its own IP — your IP is not passed along, and we do not write it to any persistent log on the proxy.

Analytics belt-and-suspenders In addition to the proxy hop above, every analytics event also carries $ip set to an empty string and $geoip_disable set to true, so PostHog's ingester discards the IP and skips GeoIP enrichment even if the proxy were bypassed. No country, no city, no IP-derived profile is built for you.

In plain English: Bassai's own servers never link an IP to your catches; the scientific APIs Bassai contacts directly (USGS, NOAA) see an IP but not who you are; and Open-Meteo, water-body, AI, and analytics traffic all flow through our proxies, which do not pass your IP to the upstream provider.

What leaves the device — only with your consent

These features have separate controls in Settings. Cloud AI features are opt-in; analytics can be turned off any time. You can turn any of them on or off at any time without affecting the others.

Chat with Hank · conversational AI

The chat surface inside Bassai sends what you type, prior Hank chat context, and a small profile Hank maintains on this device — your experience level, fishing style, target species, preferred lakes, budget range, and any free-text notes Hank keeps about your preferences from your conversations — to our nako.ai proxy, which forwards it to Google's Gemini model. The chat content, prior context, and profile are required for Hank to answer in context. Visible trip or catch details from the page you started chat from may also be sent so Hank can answer about that trip or catch; those details are a fixed set of structured fields (such as weather, water, gear, and conditions) and never include the free-text notes you attach to catches or spots. We do not send raw GPS, photo filenames, or trip / catch identifiers in chat requests. Because Chat with Hank is opt-in, turning it on means your chat messages and that saved profile — including any profile notes Hank keeps — are sent to Google's Gemini through our proxy; you can disable Chat with Hank at any time in Settings → Controls, which stops chat data from leaving your device.

Analytics · PostHog

If you leave analytics enabled, Bassai sends structured event payloads to PostHog so we can see which features get used and where the app is failing. Event properties are booleans, enum values, numeric counts, and randomly-generated UUIDs (trip_id, catch_id, share_id) used only to correlate steps in a flow. Event properties are never raw GPS, never free-text notes, never photo filenames. Every event also carries $ip="" and $geoip_disable=true so PostHog's ingester discards the IP and skips GeoIP — we don't learn your country, city, or ISP from analytics. You can disable analytics at any time in Settings → Controls.

For funnel analytics (so we can tell that "tap import → see review sheet → split a group" is one flow rather than three unrelated taps), PostHog assigns each install a random anonymous ID stored only on your device. It contains no personal information, is not tied to your Apple ID, email, phone, or any other identifier we could resolve back to you, and resets when you reinstall Bassai. Disabling analytics in Settings → Controls stops events and the ID from leaving your device entirely.

If you join the launch waitlist on bassai.com

The Notify-on-launch form on this website is the one place Bassai collects an email address. It's separate from the iOS app — the app itself still has no sign-in, no account, and no email field. We're spelling out exactly what happens when you submit the form because the rest of this policy is built around "the app doesn't collect an email", and the waitlist is the one exception.

What's collected Your email address, plus the timestamp recorded when you submit. The form has no name, no phone, and no tracker beyond Vercel's standard server access logs.

Where it goes A contact list inside Resend, our transactional-email vendor. Resend acts as a third-party data processor; their privacy notice covers what they do with the address while it's stored.

What we'll send One broadcast when the iOS app opens to the public. After that, infrequent product updates only if you stay subscribed. Promotional churn is not the point of this list.

What it's not connected to This email never touches any in-app data — your trips, catches, GPS, photos, or analytics events. The website and the app are separate surfaces. Joining the waitlist does not create an account inside Bassai.

How to leave There's an unsubscribe link in the footer of every email we send, handled by Resend so we can't keep emailing after you opt out. You can also write to hi@bassai.com and we'll remove you within 7 days.

What we never collect

Your name, phone number, or any in-app account identifier. The app has no sign-in. (Your email lives in our launch list only if you submitted it on bassai.com — covered in the section above.)
Your contacts, calendar, microphone, or motion data.
Your photos outside of the ones you deliberately import into a trip.
Cross-app advertising identifiers (IDFA). We do not participate in ad networks.
Your live-trip breadcrumb path. The second-by-second track recorded while a trip is live stays on your device. Only catch-level coordinates leave, scoped to the weather, water-gauge, and reverse-geocoder lookups described above.
A persistent profile keyed off your IP address or device fingerprint. Analytics events are sent with IP discarded at ingest time. The anonymous install ID PostHog assigns (covered above) is per-install and resets on reinstall — it cannot be linked back to you, your Apple ID, your email, or any device-level identifier.

Children

Bassai is intended for people 13 years and older. We do not knowingly collect data from anyone under 13. There is no account system and no retained user-uploaded content, so the surface area for this is small by design.

Security

All network calls use HTTPS. Structured payloads sent to Chat with Hank are held in request memory only — our AI proxy (the nako.ai path for Chat) does not log request bodies and does not retain prompts or responses. Google Gemini's data handling is governed by Google's own policies, which our proxy configures for no-training, no-retention inference. If you stop using the app, there is no AI-side server record to delete because there is no account and no retained history. (The separate bassai.com waterbody-lookup proxy does keep a bucketed-coordinate durable cache — see "What leaves the device" above for that disclosure. It never stores photos, notes, or AI prompts.)

Your rights

Because Bassai does not operate an account system, most data rights (access, correction, deletion, portability) are exercised directly on your phone. Your log is yours: export it, edit it, or delete it from within the app. If you believe we are processing personal data of yours outside this contract, write to hi@bassai.com and we'll respond within 30 days.

Changes to this policy

If we change what leaves the device, change what a toggle does, or add a new toggle, we'll update the Effective date above and post the change inside the app before the new behavior takes effect. We won't quietly expand consent — privacy-affecting toggles always start off.

Contact

Bassai Inc · Cordova, TN · United States
hi@bassai.com