Privacy Policy

Last updated: April 2026

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and profile information (bio, location, certification level, diving experience). If you sign in with Google, we receive your name, email, and profile picture from Google.

Usage Data: We collect information about how you use the Service, including pages visited, destinations browsed, and features used.

User Content: Photos, dive logs, and other content you voluntarily submit to the Service.

Location Data: If you use the "Near me" feature, we request your browser location (with your permission). You may also provide a home location in your profile settings.

2. How We Use Your Information

We use your information to: provide and improve the Service; personalize your experience (e.g., destination recommendations); enable social features (profiles, follows, community); send important service-related communications; and analyze usage patterns to improve the platform.

3. Third-Party Services

We use the following third-party services:

  • Supabase β€” Database hosting and authentication (data stored in AWS ap-southeast-2)
  • Google OAuth β€” Optional sign-in method
  • Mapbox β€” Map rendering (receives location coordinates)
  • Vercel β€” Hosting and analytics
  • Stripe β€” Payment processing (if applicable)

4. Data Storage & Security

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies. We use HTTPS encryption for all data in transit. Authentication tokens are managed securely via Supabase Auth with JWT tokens.

5. Cookies & Local Storage

We use browser localStorage to store: your dark mode preference; authentication session tokens; and onboarding progress. We do not use third-party tracking cookies.

6. Your Rights

You have the right to: access your personal data; update or correct your information via your profile settings; delete your account and associated data; export your data; and opt out of non-essential communications.

To exercise these rights, contact us at hello@diverslist.com.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where required by law.

8. Children's Privacy

Diverslist is not intended for users under 16 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on the Service.

10. Contact

For questions about this Privacy Policy, contact us at hello@diverslist.com.