Privacy Policy
Last updated: June 2025
This policy explains what data 4divers collects, why, and how it is used. By using the Service you agree to this policy.
1. Data We Collect
- Account info: your name, email address, and profile photo from Google sign-in (Google OAuth).
- Dive logs: dive records you create — date, depth, duration, site, notes, photos.
- Certifications: certification records you add manually or verify via PADI/SSI/TDI/CMAS.
- Usage data: request logs (URL, timestamp, response code) for operating and debugging the Service.
2. How We Use Your Data
- Providing and improving the Service (displaying your logbook and certifications).
- Authentication — verifying your identity on each visit via a session cookie.
- Aggregated, anonymised statistics (e.g. popular dive sites).
We do not sell or share your personal data with third parties for marketing purposes.
3. Storage
Your data is stored in a Cloudflare D1 database hosted in Cloudflare's global network. Photos are stored in Cloudflare R2. Both are subject to Cloudflare's Privacy Policy.
4. Cookies & Session
We set one first-party session cookie (session) when you sign in. It is HttpOnly, Secure, and scoped to app.4divers.app. See our Cookie Policy for details.
5. Google Sign-In
We use Google OAuth to authenticate you. Google's handling of your data during sign-in is governed by Google's Privacy Policy. We only store the user ID, name, email, and avatar URL returned by Google.
6. Your Rights
You may request access to, correction of, or deletion of your personal data at any time by contacting us. Account deletion removes your dive logs and personal data from our systems within 30 days.
7. Data Retention
Your data is retained for as long as your account is active. Inactive accounts (no sign-in for 24 months) may be purged after notice.
8. Changes to This Policy
We will notify users of material changes via the app or email. Continued use after the effective date constitutes acceptance.
9. Contact
Privacy questions? Contact us.