Spearcatch Customer Privacy Notice
Last updated: 3 April 2026
Registered name: MOORE TECHNOLOGIES LTD
We are the controller of your personal data. This privacy notice tells you what to expect us to do with your personal information.
Contact details
Email: admin@spearcatch.com
What information we collect, use, and why
To provide and improve products and services for clients:
- Names and contact details
- Transaction data (including details about payments to and from you and details of products and services you have purchased)
- Usage data (including information about how you interact with and use our website, products and services)
- Video recordings
- Account access information
- Website user information
- GPS coordinates, dive data (depth, duration, water temperature, heart rate), catch data (species, weight, length), photos
For the operation of client or customer accounts:
- Names and contact details
- Account information, including registration details
- Information used for security purposes
- Marketing preferences
- Technical data, including information about browser and operating systems
For information updates or marketing purposes:
- Names and contact details
- Marketing preferences
- Website and app user journey information
- IP addresses
For research or archiving purposes:
- Website and app user journey information
To comply with legal requirements:
- Name
- Contact information
- Client account information
For dealing with queries, complaints or claims:
- Names and contact details
- Account information
- Correspondence
Lawful bases and data protection rights
Under UK data protection law, we must have a "lawful basis" for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. Which lawful basis we rely on may affect your data protection rights which are set out below.
Your rights
- Right of access — ask us for copies of your personal information
- Right to rectification — ask us to correct or delete inaccurate or incomplete information
- Right to erasure — ask us to delete your personal information
- Right to restriction of processing — ask us to limit how we use your information
- Right to object to processing — object to the processing of your personal data
- Right to data portability — ask that we transfer your information to another organisation, or to you
- Right to withdraw consent — when we use consent as our lawful basis, you can withdraw it at any time
If you make a request, we must respond to you without undue delay and in any event within one month. To make a request, contact us using the details at the top of this notice.
To provide and improve products and services:
- Consent — we have permission from you after we gave you all the relevant information. You have the right to withdraw your consent at any time.
- Contract — we have to collect or use the information so we can enter into or carry out a contract with you.
- Legitimate interests — we're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone.
For the operation of client or customer accounts:
- Contract — we have to collect or use the information so we can enter into or carry out a contract with you.
- Legitimate interests — account security and fraud prevention.
For information updates or marketing purposes:
- Consent — we have permission from you after we gave you all the relevant information. You have the right to withdraw your consent at any time.
For research or archiving purposes:
- Legitimate interests — using anonymised usage data to understand how the product is used and improve it.
To comply with legal requirements:
- Legal obligation — we have to collect or use your information so we can comply with the law.
For dealing with queries, complaints or claims:
- Contract — we have to collect or use the information so we can enter into or carry out a contract with you.
- Legitimate interests — handling complaints and resolving disputes.
Where we get personal information from
- Directly from you
How long we keep information
We retain your personal information for only as long as necessary to provide the service and fulfil the purposes described in this notice.
| Data | Retention period |
|---|---|
| Account data (email, display name, login credentials) | Until you delete your account |
| Catch data (species, weight, length, location, depth, dive duration, speargun details) | Until you delete your account |
| Media files (photos and videos) | Until you delete your account |
| Dive session data (depth profiles, heart rate, water temperature, surface intervals) | Until you delete your account |
| Integration data (Suunto connection tokens) | Until you disconnect or delete your account |
| Analytics data (page views, feature usage) | 12 months (only collected with your consent) |
| Donation records (Stripe transaction data) | 7 years (tax and accounting obligations) |
| Support messages (feedback submissions) | Until you delete your account |
When you delete your account via Settings, all personal data, catches, dive sessions, media files, and integration connections are permanently and irreversibly removed from our systems.
Sharing information outside the UK
Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.
Our transfers
| Organisation | Category | Country | Transfer mechanism |
|---|---|---|---|
| PostHog | Analytics provider | Germany | EU SCCs |
| Supabase | Database & auth provider | United States | EU SCCs |
| Stripe | Payment processor | United States | EU SCCs |
| Authentication provider | United States | EU SCCs | |
| DigitalOcean | Cloud storage provider | United States | EU SCCs |
| Suunto | Dive watch data sync | Finland | Adequacy (EU) |
Sub-processor transfers
Where necessary, our data processors will share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place.
| Organisation | Category | Country | Transfer mechanism |
|---|---|---|---|
| AWS (Supabase) | Cloud infrastructure | United States | EU SCCs |
| AWS (PostHog) | Cloud infrastructure | Germany | Adequacy (EU) |
| Stripe banking partners | Financial infrastructure | United States | EU SCCs |
| Google Cloud | Cloud infrastructure | United States | EU SCCs |
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113