Last Updated: March 2, 2026
Introduction
Rodsmith (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our platform at rodsmith.app (the “Service”).
Rodsmith is a knowledge-sharing community for custom fishing rod builders, enthusiasts, and buyers.
Rodsmith is currently operated by an individual founder. If Rodsmith is formally incorporated in the future, this Privacy Policy will be updated to reflect the legal entity name, jurisdiction, and address.
By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.
Information We Collect
Information You Provide Directly
When you create an account or use the Service, we may collect:
- Account Information: Email address, username, display name, password (securely hashed)
- Profile Information: Biography, location (city/region), profile picture
- Builder-Specific Information (for verified builders): Specialty, years of experience, number of rods built, website URL, social media links
- Content: Articles, build guides, discussions, comments, replies, and questions you submit
- Images: Photos you upload to profiles, articles, or build guides
- Preferences: Notification settings, email pause/opt-out choices, privacy and visibility settings
We do not intentionally collect sensitive personal data such as government-issued identifiers, financial information, precise geolocation, or biometric data.
Information Collected Automatically
When you use the Service, we automatically collect certain technical and usage data, including:
- Usage Data: Pages viewed, content accessed, and features used
- Engagement Data: Upvotes, reactions, follows, saved content
- Device Information: Browser type, operating system, and IP address
- Analytics Events: Clicks, views, time spent, interaction patterns, and session identifiers used to correlate activity within a single browser tab
Login Activity Tracking
When you sign in to the Service, we record a login event that includes:
- IP address at the time of login
- Browser and device information (user-agent string)
- Login method (email/password, Google, etc.)
- Approximate geographic location (country and region, derived from IP address)
- Whether the login created a new account
Purpose: Account security, fraud detection, and abuse prevention.
Legal basis (EEA/UK users): Legitimate interest in protecting user accounts and maintaining platform security (GDPR Art. 6(1)(f)).
Retention: Login activity records are retained for up to 180 days, after which they are permanently deleted.
Session Analytics
We generate a random session identifier stored in your browser's session storage (not a cookie) to correlate analytics events within a single browser tab. This identifier is automatically cleared when you close the tab and is not used for cross-site tracking.
Cookies and Tracking Technologies
We use a minimal set of cookies to operate the Service:
- Authentication Cookies: Set by our authentication provider (Supabase) to maintain your signed-in session. These are essential for the Service to function and cannot be disabled
We do not use preference cookies, analytics cookies, or third-party tracking cookies. User preferences are stored in your account settings, and analytics are processed server-side without client-side tracking cookies. Some features use browser local storage (e.g., dismissed UI hints) which is not shared across sites.
We currently do not respond to browser “Do Not Track” signals.
How We Use Your Information
Core Service Operations
- Authenticate users and maintain secure accounts
- Display profiles, content, and community interactions
- Enable commenting, discussions, follows, and reactions
- Personalize content and recommendations
Communication
- Send notifications based on your preferences
- Deliver account-related messages, security alerts, and service updates
- Share platform announcements (opt-out available)
Improvement and Analytics
- Analyze usage trends to improve features and performance
- Monitor system health and diagnose technical issues
- Conduct internal research on community engagement
Trust, Safety, and Legal Compliance
- Protect against fraud, abuse, and unauthorized access
- Enforce community guidelines and terms of service
- Comply with applicable legal obligations
Legal Bases for Processing (EEA Users)
If you are located in the European Economic Area, we process personal data under the following legal bases:
- Contract Performance: To provide and operate the Service
- Consent: For optional communications and analytics (where required)
- Legitimate Interests: To improve the Service, ensure security, and prevent abuse
- Legal Obligation: To comply with applicable laws
How We Share Your Information
Public Information
Certain information is public by design, including:
- Username, display name, and profile picture
- Builder profiles (bio, specialty, experience, social links)
- Published articles, build guides, discussions, and comments
- Upvotes and reactions on content
Public content may be indexed by search engines and accessible outside the Service. You can control some visibility through account settings.
With Other Users
- Followers can view your public profile
- Comments and replies are visible within the relevant content
- Mentions and replies trigger notifications
Service Providers
We share limited data with trusted third-party service providers who act as data processors on our behalf, including:
- Supabase: Authentication, database hosting, and file storage
- Cloud Infrastructure Providers: Hosting and content delivery
- Analytics Services: Usage and performance monitoring
These providers are contractually obligated to process data only under our instructions and to protect your information.
Legal Requirements
We may disclose information if required to do so by law or in response to:
- Valid legal processes (such as subpoenas or court orders)
- Protection of rights, property, or personal safety
- Investigation of fraud, abuse, or security incidents
- Emergency situations involving potential harm
Business Transfers
If Rodsmith is involved in a merger, acquisition, or asset sale, user information may be transferred as part of that transaction. Users will be notified before information becomes subject to a different privacy policy.
Data Retention
We retain personal information only as long as necessary to provide the Service and fulfill the purposes described in this policy:
- Active Accounts: Data retained while the account is active
- Account Deletion: When you delete your account, your personal data and content are permanently removed immediately
- Financial Records: Stripe independently retains transaction records for compliance purposes. Platform records are removed at the time of account deletion
- Analytics Data: Aggregated, anonymized analytics may be retained indefinitely
- Login Events: Login activity records are retained for up to 180 days
Deleted Content
- Soft Deletion: Content is hidden from public view but retained internally
- Moderation Removal: Removed content may retain metadata for trust and safety purposes
- Permanent Deletion Requests: Submit requests to privacy@rodsmith.app
Your Rights and Choices
Account Management
You may:
- Access and review your personal information
- Update your profile and builder information
- Permanently delete your account and all associated data
- Request a portable copy of your data
We may require identity verification before fulfilling requests.
Privacy Controls
You can control:
- Profile visibility (public, members-only, private)
- Location visibility
- Activity status visibility
- Notification and email preferences
Opting Out
You may:
- Unsubscribe from emails via account settings or email links
- Disable non-essential cookies in your browser
- Request to opt out of analytics processing where applicable
Data Security
We implement reasonable administrative and technical safeguards, including:
- SSL/TLS encryption for data in transit
- Secure password hashing via Supabase Auth
- Role-based access controls
- Ongoing monitoring for misuse or abuse
No system is completely secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.
Children's Privacy
The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If such information is discovered, it will be deleted promptly. Please contact privacy@rodsmith.app if you believe this has occurred.
International Data Transfers
Your information may be processed in countries other than your country of residence, including the United States. Where required, appropriate safeguards such as Standard Contractual Clauses (SCCs) are used for international data transfers.
Third-Party Links
The Service may contain links to third-party websites and social media platforms. We are not responsible for their privacy practices and encourage you to review their privacy policies independently.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by:
- Posting the updated policy on this page
- Updating the “Last Updated” date
- Email notification where required by law
Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.
California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Request information about the personal data collected about you
- Request deletion of your personal information
- Exercise these rights without discrimination
Rodsmith does not sell or share personal information as defined by the CCPA.
Requests may be submitted to privacy@rodsmith.app.
European Economic Area (GDPR) Rights
If you are located in the EEA, you have the right to:
- Access, correct, or delete your personal data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
- Lodge a complaint with a supervisory authority
Brazil (LGPD) Rights
If you are located in Brazil, you have the right to:
- Confirm the existence of processing of your personal data
- Access, correct, anonymize, block, or delete unnecessary or excessive data
- Request data portability
- Request deletion of data processed with your consent
- Obtain information about entities with whom your data has been shared
Requests may be submitted to privacy@rodsmith.app.
Contact
For all privacy-related questions, concerns, or requests, please contact:
Email: privacy@rodsmith.app