[ar] Privacy Policy

[ar] Diveity is a diving community platform that connects divers with dive sites, resorts, shops, and instructors worldwide. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform.

[ar] By using Diveity, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

[ar] We collect the following categories of data:

[ar] Account Data

• [ar] Name and email address provided during registration
• [ar] Password (stored as a one-way cryptographic hash, never in plain text)
• [ar] Profile information such as dive certification level

[ar] Review Content

• [ar] Written reviews, star ratings, and sub-ratings you submit
• [ar] Photos uploaded with your reviews
• [ar] Visit dates and certification level at the time of review

[ar] Usage Analytics

• [ar] We use analytics to understand how our service is used, including page views, feature usage, and navigation patterns
• [ar] Analytics data is collected only with your explicit consent
• [ar] Data is anonymised and cannot be used to identify you personally

[ar] Error Tracking

• [ar] We use Sentry for error monitoring to maintain platform stability and quickly resolve technical issues
• [ar] Error reports contain technical context (browser type, error stack traces) but no personal data
• [ar] Sentry is classified as an essential service for platform reliability and operates under legitimate interest

[ar] Photos

• [ar] Review photos are processed and optimised via Viucraft, our image processing service, and served through a content delivery network (CDN)
• [ar] EXIF metadata (camera settings, GPS coordinates) is stripped during processing

[ar] We use the information we collect to:

• [ar] Provide and maintain the Diveity platform and its features
• [ar] Display your reviews and ratings to help other divers make informed decisions
• [ar] Send transactional emails (via Brevo) such as account verification, password resets, and review status notifications
• [ar] Monitor and resolve errors to ensure platform stability (via Sentry)
• [ar] Improve the platform based on anonymised usage analytics, with your consent
• [ar] Detect and prevent spam or abusive content in reviews

[ar] We use two categories of cookies and tracking technologies:

[ar] Essential Cookies

[ar] These are necessary for the platform to function and cannot be disabled. They include authentication session cookies and error monitoring (Sentry).

[ar] Non-Essential Cookies (Require Consent)

[ar] Analytics cookies are only loaded after you provide explicit consent via our cookie consent banner. You can accept or reject analytics cookies at any time using the "Cookie Settings" link in the footer.

• [ar] Your data is stored on Amazon Web Services (AWS) infrastructure in the Asia-Pacific (Singapore) region
• [ar] All data is encrypted at rest and in transit via HTTPS
• [ar] Passwords are hashed using bcrypt with industry-standard salt rounds
• [ar] We follow security best practices including parameterised queries, input validation, and rate limiting

[ar] Under the General Data Protection Regulation (GDPR) and applicable privacy laws, you have the right to:

• [ar] Access your data [ar] — Request a copy of the personal data we hold about you
• [ar] Export your data [ar] — Download your personal data in a portable format via the GDPR data export feature in your account settings
• [ar] Delete your account [ar] — Request deletion of your account and personal data. After a 30-day grace period, your data will be permanently anonymised
• [ar] Rectify your data [ar] — Request correction of inaccurate personal data
• [ar] Withdraw cookie consent [ar] — Change your cookie preferences at any time via the "Cookie Settings" link in the footer

[ar] To exercise any of these rights, contact us at privacy@diveity.com.

• [ar] Active accounts: data is retained for as long as your account is active
• [ar] Deleted accounts: personal data is anonymised after a 30-day grace period following account deletion
• [ar] Audit and security logs are retained for 90 days
• [ar] Anonymised analytics data may be retained indefinitely for aggregate trend analysis

[ar] We use the following third-party services to operate the platform:

• [ar] Sentry [ar] — Error monitoring and platform stability (essential service)
• [ar] Viucraft [ar] — Image processing and CDN delivery for review photos
• [ar] Brevo [ar] — Transactional email delivery (account notifications, review status updates)
• [ar] Amazon Web Services (AWS) [ar] — Cloud infrastructure, database hosting, and file storage

[ar] Each third-party service processes data in accordance with their own privacy policies. We only share the minimum data necessary for each service to function.

[ar] Diveity is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us at privacy@diveity.com [ar] and we will take steps to delete such information.

[ar] We may update this Privacy Policy from time to time. For material changes, we will notify you via email at the address associated with your account. We encourage you to review this page periodically for the latest information on our privacy practices.

[ar] If you have any questions about this Privacy Policy or how we handle your data, please contact us:

• [ar] Email: privacy@diveity.com