Privacy Policy

Information We Collect

Account Information

• Email address (when creating an account)
• Display name and profile photo (optional)
• Authentication credentials via Apple Sign In, Google Sign In, or email/password through Supabase
• When using Apple Sign In, we receive only the information you authorize. If you choose “Hide My Email,” Apple provides a private relay email address that forwards to your real email.
• A unique user identifier and optional friend code for social features

Guest Mode

You may use Dive Ledger without creating an account. In guest mode, all data is stored locally on your device only. We collect limited analytics data (described under “Automatically Collected” below) but this data is not linked to any account or identity.

Location Data

• Precise GPS coordinates when you tag a dive site
• Location is only accessed while the app is in use (foreground only) and only when you grant permission
• Location data is stored with your dive log locally and optionally synced to the cloud
• Location coordinates are shared with Mapbox (for map display) and OpenWeather (for weather data) but are not linked to your account when sent to these services

Photos

• Photos you attach to dive logs, your profile, or diver licenses
• Photos are stored on your device and, when cloud sync is enabled, encrypted before upload using XChaCha20-Poly1305 encryption
• Your encryption key is stored securely on your device and backed up in an encrypted vault. Only you can decrypt your photos.
• Photos are only accessed when you choose to add them

Dive Log Data

• Dive details: date, time, depth, duration, temperature, visibility, water type, current conditions
• Dive profile data (depth over time), ascent rates, altitude
• Gas information: tank size, start/end pressure, nitrox percentage, gas type
• Equipment: suit type, weights, gear used
• Notes, tags, and YouTube links
• Buddy information (names and linked friend references)
• Sea life and coral sightings

Diver Licenses

• Certification agency, level, and license number
• Issue and expiration dates
• Instructor name, license number, dive shop details
• Photos of certification cards (encrypted when synced)

Trips and Planned Dives

• Trip name, destination, dates, packing checklists
• Planned dive details: site, date, depth, conditions

Social and Friend Features

• Friend connections (bidirectional, stored as user IDs)
• Friend codes and QR codes for adding buddies
• Email discoverability setting (you control whether others can find you by email)
• Your display name and profile photo are visible to users who have your friend code or QR code

Subscription and Purchase Data

• Subscription status, plan type, and purchase history (managed by RevenueCat)
• Subscription status is synced to our servers to enable premium features
• We do not receive or store your payment card details. All payments are processed by Apple (App Store) or Google (Play Store).

Push Notifications

• Push notification token (stored on our servers to send notifications)
• Notification preferences per category: logging reminders, trip alerts, milestone celebrations, buddy activity, and sync status
• Push notifications are optional. You can enable or disable them at any time in Settings.

Feedback

If you submit feedback or feature requests through the app, your submission and associated user ID (if signed in) are stored to help us improve the service.

Automatically Collected Data

• Error and crash reports (via Sentry): error details, performance traces, device type, operating system version, and a pseudonymous user identifier. Used solely for diagnosing and fixing issues.
• Usage analytics (via PostHog): screens viewed, features used, session duration, subscription status, app version, and aggregate usage metrics (e.g., total dives). Analytics data is pseudonymous (linked to an internal identifier, not your name or email) and is used to understand feature usage and improve the app.

Analytics are collected for all users, including guest mode users. We do not use analytics for advertising, profiling, or selling data.

Legal Basis for Processing

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data under the following legal bases:

• Contract performance: processing necessary to provide the App's functionality (account management, cloud sync, data export)
• Legitimate interest: error tracking, usage analytics, security monitoring, and app improvement, where these interests are not overridden by your rights
• Consent: push notifications, location access, photo access, and optional cloud sync. You may withdraw consent at any time through your device settings or the App's settings.

How We Use Your Information

• Provide and maintain the Dive Ledger service
• Sync your dive data across devices (if you opt in to cloud sync)
• Enable social features (friend connections, buddy linking)
• Display weather conditions and maps for dive locations
• Manage subscriptions and premium feature access
• Send push notifications you have opted into
• Diagnose and fix errors and crashes
• Understand how features are used to improve the app
• Respond to feedback and support requests

Third-Party Services

We use the following third-party services to operate the App. Each service receives only the minimum data necessary for its purpose:

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. All third-party services are contractually required to protect your data and use it only for the purposes described above.

Data Storage and Security

Local-First Architecture

Dive Ledger is local-first. Your dive data is stored on your device in a local database and is fully functional without an internet connection. Cloud sync is optional and requires an account.

Cloud Sync

When cloud sync is enabled, your data is stored on Supabase servers located in the United States. All data is transmitted over encrypted connections (HTTPS/TLS). Photos are encrypted on your device before upload. Your database records are protected by row-level security policies ensuring only you can access your data.

Encryption

• In transit: all data transmitted over HTTPS/TLS
• Photos at rest: encrypted with XChaCha20-Poly1305 before upload. Your encryption key is stored in your device's secure keychain and backed up in an encrypted server-side vault.
• Authentication tokens: stored in your device's secure keychain

International Data Transfers

Your data may be transferred to and processed in the United States, where our servers and third-party service providers are located. If you are located in the EEA, UK, or Switzerland, we rely on standard contractual clauses and/or the service providers' compliance frameworks to ensure adequate data protection for international transfers.

Data Export and Portability

You can export your dive data at any time through Settings > Import & Export in the following formats:

• UDDF (Universal Dive Data Format) — industry-standard XML format for dive logbook interchange
• CSV — spreadsheet-compatible format
• JSON — structured data format
• PDF — printable dive reports with photos

Account Deletion

You can delete your account and all associated data through Settings > Account & Sync > Delete Account. This permanently removes:

• Your account and authentication credentials (including revoking Apple Sign In tokens if applicable)
• All dive logs, buddy data, gear, licenses, trips, and milestones stored in the cloud
• All photos stored on our servers
• Your push notification tokens and notification preferences
• All synced data from our servers

Local data on your device is also removed upon account deletion.

Important: Deleting your account does not cancel active App Store or Google Play subscriptions. You must cancel subscriptions separately through your device's subscription settings to stop future billing.

Data Retention

We retain your data as follows:

• Active accounts: data is retained for as long as your account is active
• Account deletion: all cloud-synced data is permanently deleted from our servers within 30 days. Backups that may contain your data are purged on the same schedule.
• Local data: removed immediately upon account deletion
• Error logs (Sentry): retained for 90 days, then automatically purged
• Analytics data (PostHog): retained in pseudonymous form. Not linked to your identity after account deletion.

Advertising and Tracking

Dive Ledger does not:

• Display advertisements
• Track you across other apps or websites
• Sell or share data for targeted advertising
• Use cookies or tracking pixels
• Collect advertising identifiers (IDFA)

We use Sentry for error tracking and PostHog for first-party usage analytics. PostHog analytics are collected only within Dive Ledger and do not track you across other apps or websites. Analytics data is pseudonymous and used solely to understand feature usage and improve the app.

Your Rights

All Users

• Access and export your data at any time (Settings > Import & Export)
• Delete your account and all associated data at any time
• Control cloud sync, location, camera, photo, and notification permissions through your device settings
• Control email discoverability for friend features (Settings > Account)

European Economic Area, UK, and Swiss Users (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access: request a copy of your personal data
• Rectification: request correction of inaccurate data
• Erasure: request deletion of your data (“right to be forgotten”)
• Restriction: request that we limit processing of your data
• Portability: receive your data in a portable format (supported via UDDF, CSV, JSON, and PDF export)
• Object: object to processing based on legitimate interest
• Withdraw consent: withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing

To exercise these rights, contact us at support@hdblabs.com. You also have the right to lodge a complaint with your local data protection supervisory authority.

California Users (CCPA/CPRA)

Under the California Consumer Privacy Act, you have the right to:

• Know: what personal information we collect and how it is used
• Delete: request deletion of your personal information
• Opt-out of sale or sharing: we do not sell or share your personal information for cross-context behavioral advertising
• Non-discrimination: we will not discriminate against you for exercising your rights

Categories of personal information we collect: identifiers (email, user ID), internet activity (usage analytics), geolocation data, and commercial information (subscription status). Sources: directly from you and automatically via the App. Purpose: to provide and improve the service. We do not sell personal information to third parties.

To exercise your rights, contact us at support@hdblabs.com.

Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email and/or in-app notification within 72 hours of becoming aware of the breach, in accordance with applicable laws.

Children's Privacy

Dive Ledger is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@hdblabs.com and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy within the App, updating the “Last updated” date, and/or sending an email notification. Continued use of the App after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

• Email: support@hdblabs.com
• Website: hdblabs.com/diveledger

For data protection inquiries, we aim to respond within 30 days.