FisnessFisness

LAST UPDATED: JULY 10, 2026

Fisness — Privacy Policy

IN SHORT

Fisness stores your boats, crew, trips, tali, and ledger records encrypted on your device before we ever see them. We only ever hold your phone number (for login) and the sealed, unreadable version of your business data. We don't sell data, run ads, or track you across other apps.

1. Who We Are

Fisness is operated by Dipang Bhadrecha, a sole proprietorship registered under Udyam Registration Number UDYAM-GJ-11-0057704, currently completing formal business registration. For the purposes of Indian data protection law — the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 — Fisness acts as the Data Fiduciary for the account data described below.

This policy applies to the Fisness mobile app and website (fisness.app).

2. What Data We Collect

Account data (visible to us):

  • Phone number — used for OTP login and as your account identifier
  • Basic account metadata — account creation date, last sync time, device/app version

Business data (sealed, not visible to us):

  • Boat names and settings
  • Crew names, roles, and invitation status
  • Trip records
  • Tali (catch/settlement) entries
  • Ledger and payment amounts

Technical data:

  • IP address and device information, collected only in server logs needed to operate and secure the Service

We do not collect your name, email, location, or photos unless you choose to add them in a future feature — and this policy will be updated first if that changes.

3. What We Cannot See — How Encryption Works Here

This is the part that makes Fisness different from a typical app, so it's worth being precise about:

  • Every business record — tali, ledger, crew, trip — is encrypted on your phone with AES-256 before it is ever sent anywhere.
  • It travels to our servers already sealed, over an encrypted (TLS) connection.
  • It is stored sealed on AWS. AWS is a storage provider only — it cannot read the contents.
  • The key that unlocks your data lives with your account/device, not on our servers. We cannot decrypt your business records — not to help you, not for support, not under normal operation.

What this means practically:

  • If you contact support about a tali entry, we can see that a record exists and when it synced, but not what's inside it.
  • If you lose access to your account in a way that breaks your key, we cannot recover the contents of your sealed data. Keep your phone number/device access secure.
  • We can, and do, still see your phone number and metadata like sync timestamps — this policy governs that data honestly rather than overclaiming "we see nothing at all."

4. How We Use Your Data

We use the data we can actually access to:

  • Authenticate you via OTP and manage your account
  • Sync your sealed data across your own devices
  • Provide customer support
  • Detect abuse and keep the Service secure
  • Comply with legal obligations (e.g. responding to a lawful government request)

We do not use your data for advertising, profiling, or resale, and — for your encrypted business content — we structurally cannot.

5. Legal Basis for Processing

Under the DPDP Act, we process your phone number on the basis of your consent, given when you sign up, and to the extent necessary to perform our contract with you (i.e., provide the app). You may withdraw consent at any time by deleting your account (see Section 9).

6. Who We Share Data With

We do not sell your data. We share the minimum necessary with two processors:

ProviderWhat they getWhy
TwilioYour phone numberTo deliver the OTP SMS at login
Amazon Web Services (AWS)Your sealed (encrypted) business dataTo host our servers and store your data

We may also disclose account data (phone number, metadata) if legally required to do so by an Indian government or judicial authority.

7. Where and How Your Data Is Stored

Your sealed data is stored on AWS infrastructure — AWS Asia Pacific (Mumbai), region ap-south-1. Access to production systems is restricted to what's necessary to operate the Service.

8. Data Retention

  • Account and sealed business data are retained as long as your account is active.
  • On account deletion, we remove your data from active systems within 30 days, except where retention is required for legal, tax, or dispute-resolution purposes.
  • Sealed data that's already unrecoverable (see Section 3) has no independent retention concern for us — we hold ciphertext we cannot read either way.

9. Your Rights

As a Data Principal under the DPDP Act, you can:

  • Access the account data we hold (phone number, metadata — we cannot show you decrypted business content ourselves, since we don't have it)
  • Correct your phone number or account details
  • Withdraw consent / delete your account and all associated data
  • Nominate another person to exercise these rights on your behalf in the event of your death or incapacity
  • File a grievance about how your data is handled

To exercise any of these, email support@fisness.com. We will respond within the timeline required by law.

10. Grievance Officer

Name: Dipang Bhadrecha

Email: support@fisness.com

Available to address any complaints or questions regarding this policy or how your data is processed.

11. Crew and Multi-User Data

Boat owners typically add crew names and details to the app on their crew's behalf. If you do this, you confirm that you're authorized to record this information and that you'll let your crew know their name and role are stored in Fisness under your account. Crew members can ask you, as the boat owner, to correct or remove their details at any time.

12. Children's Privacy

Fisness is a business tool for boat owners and crew aged 18+. We do not knowingly collect data from anyone under 18.

13. Planned Features

We plan to add push notifications (e.g. crew invite updates, sync reminders) and, later, in-app billing through a third-party payment gateway. Neither is live yet. When they ship, this policy will be updated to name the specific providers and describe exactly what they can access — we won't quietly expand data collection without updating this document first.

14. Cookies (Website Only)

Our website may use minimal cookies to keep the site functional and understand basic traffic. The app itself does not use cookies.

15. No Sale of Data, No Tracking

Fisness does not sell personal data, does not share data with data brokers, and does not track you across other companies' apps or websites for advertising purposes.

16. Changes to This Policy

We'll update the date at the top of this page whenever this policy changes, and notify you in-app for any change that meaningfully affects how your data is handled.

17. Governing Law

This policy is governed by the laws of India.

18. Contact Us

Fisness

Operated by Dipang Bhadrecha (Udyam Reg. No. UDYAM-GJ-11-0057704)

support@fisness.com

APPENDIX

App Store Privacy Label Reference

For when you submit to Apple App Store / Google Play, this maps directly to their privacy questionnaires:

Data TypeCollected?Linked to identity?PurposeUsed for tracking?
Phone NumberYesYesLogin / accountNo
Business Records (tali/ledger/crew/trip)Yes, encrypted — unreadable by usNo (sealed)App functionalityNo
Device/App diagnosticsMinimal, server logs onlyNoSecurity / stabilityNo
LocationNoNo
Photos/VideosNoNo
Payment infoNot yet (planned)No