Legal

Privacy Policy

Last updated: 1 June 2026 · Effective date: 1 June 2026

DivePilot is operated by a Swiss company and your data is hosted in Europe. We take privacy seriously and collect only what is necessary to provide the service. We never sell your data.

1. Who We Are

DivePilot ("we", "us", "our") is a dive center management platform developed and operated in Switzerland. Our platform is accessible at my.divepilot.app and our marketing website at divepilot.app.

For any privacy-related matters, you can reach us at privacy@divepilot.app.

2. Data We Collect

We collect the following categories of data:

  • Account data: Name, email address, password (hashed), role, language preference and last login timestamp for staff users.
  • Dive center data: Business name, email, country, timezone, currency and subscription status.
  • Customer data: First name, last name, email, phone, date of birth, nationality, sex, certifications, dive history, equipment preferences, medical notes and address — entered by dive center staff or by customers themselves via the self-registration form.
  • Booking and trip data: Booking records, boat trip schedules, dive group assignments and participant information.
  • Payment data: Subscription and billing information is processed by Stripe. We do not store card numbers or sensitive payment data on our servers.
  • Usage data: Log data including IP address, browser type, pages visited and timestamps, used for security and debugging purposes.

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate and maintain the DivePilot platform
  • Process subscription payments through Stripe
  • Send transactional emails (account verification, password reset, invite links, subscription notifications)
  • Respond to support requests
  • Monitor security, prevent fraud and maintain platform stability
  • Comply with legal obligations

We do not use your data for advertising, profiling or any purpose beyond operating the service.

4. Legal Basis for Processing

We process personal data on the following legal bases under GDPR:

  • Contract performance: To provide the service you have subscribed to.
  • Legitimate interests: For security monitoring, fraud prevention and service improvement.
  • Legal obligation: Where required by applicable law.
  • Consent: Where you have explicitly provided consent, such as during customer self-registration.

5. Data Storage and Security

All data is stored on servers located within the European Union. We use industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • Encrypted passwords using bcrypt hashing
  • JWT-based authentication with 7-day expiry
  • Role-based access controls within the platform
  • Regular security reviews

6. Data Sharing

We share data only with the following third-party service providers who process data on our behalf:

  • Stripe: Payment processing. Subject to Stripe's own privacy policy.
  • PurelyMail: Transactional email delivery.
  • Hosting provider: Cloud infrastructure within the EU.

We do not sell, rent or trade personal data to any third parties. We will disclose data to authorities only if required by law.

7. Data Retention

We retain data for as long as your account is active. Upon account deletion:

  • Account and customer data is soft-deleted and permanently purged within 90 days
  • Billing records are retained for 10 years as required by Swiss accounting law
  • Log data is retained for 90 days for security purposes

8. Your Rights

Under GDPR and Swiss data protection law (nDSG), you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing

To exercise any of these rights, contact us at privacy@divepilot.app. We will respond within 30 days.

9. Cookies

DivePilot uses only essential cookies required for authentication and session management. We do not use advertising cookies or tracking cookies. No third-party analytics scripts are loaded on our platform.

10. Children's Privacy

DivePilot is a business-to-business platform intended for dive center operators and their adult customers. We do not knowingly collect data from children under 16 without parental consent. If you believe a minor's data has been entered without consent, contact us immediately.

11. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify account holders by email and update the "Last updated" date above. Continued use of the platform after notification constitutes acceptance of the updated policy.

12. Contact

For any questions about this privacy policy or how we handle your data:

Email privacy@divepilot.app
Company DivePilot, Switzerland 🇨🇭
Website divepilot.app
© 2026 DivePilot · Made in Switzerland 🇨🇭
Privacy Policy Terms of Service