Privacy Policy
Last updated: 6 July 2026
1. Data controller
The data controller is Enea Del Lama ("we"). For any privacy-related request please contact us at privacy@divelogs.app.
2. Data we collect
- Account data: name, email address, access credentials, optional profile picture and certification level.
- User content: dive data (date, site, depth, times, gas, notes), uploaded photos and videos, buddies and dive centres you add.
- Usage data: technical logs, IP address, device/browser type, pages visited, timestamps, aggregated analytics.
- Communications: messages sent to support.
- Payment data: card details and billing information are collected and processed directly by Paddle (Merchant of Record). We only receive from Paddle the minimum data required to manage your subscription (email, country, subscription status).
3. Purposes and legal bases
- Account creation and management, service delivery — performance of the contract.
- Subscription management and billing — performance of the contract and legal obligation.
- Customer support — performance of the contract and legitimate interest.
- Security, fraud and abuse prevention — legitimate interest.
- Product improvement and aggregated analytics — legitimate interest.
- Service emails — performance of the contract.
- Compliance with legal obligations — legal obligation.
4. Recipients and subprocessors
We only share personal data with selected providers acting as processors:
- Paddle — Merchant of Record for purchases: subscription management, payments, billing and tax compliance.
- Hosting and infrastructure providers — cloud hosting of the database and media, transactional email delivery.
- Professional advisors (legal, tax) when strictly necessary.
- Competent authorities when required by law.
5. International transfers
Some providers may process data outside the European Economic Area. In such cases we adopt appropriate safeguards such as European Commission adequacy decisions or Standard Contractual Clauses.
6. Data retention
We retain data only as long as necessary for the purposes above. When the account is closed, data is deleted or anonymised within a reasonable period, subject to legal retention obligations (e.g. tax data).
7. Your rights
Under GDPR you may at any time:
- access your data and receive a copy;
- request rectification or update;
- request erasure;
- request restriction of or object to processing;
- request data portability;
- withdraw any consent given;
- lodge a complaint with the supervisory authority.
To exercise your rights write to privacy@divelogs.app. We respond within 30 days.
8. Security
We adopt appropriate technical and organisational measures to protect data: in-transit encryption (HTTPS/TLS), at-rest encryption, access controls, least-privilege principle, regular backups and intrusion monitoring.
9. Cookies
We use strictly necessary technical cookies (session, authentication) and aggregated analytics cookies to understand product usage. We do not use profiling or third-party advertising cookies. You can manage cookies from your browser settings.
10. Changes
We may update this policy. Significant changes will be notified via email or in-service.
11. Contact
Enea Del Lama — privacy@divelogs.app