Privacy Policy

Effective date: 18 June 2026 · Last updated: 18 June 2026

In short

Dive Together is a community directory for freedivers, built around being careful with your data.

Your email address and any street address are never shown publicly — this is enforced in our database, not just by convention.
Map pins are city-level only. We never publish your exact location.
We use no analytics, no advertising, and no tracking cookies — just one essential cookie to keep you signed in.
Some profiles and most school listings were imported from public sources. If one is about you, you can claim it or ask us to remove it.
You can see, correct, hide, export, or delete your data at any time.

The full policy below explains the details and your rights.

1. Who we are

Dive Together is operated by Office for Visual Affairs, registered at 19 Morris Ave, New York, United States. For the purposes of the EU/UK General Data Protection Regulation (GDPR), we are the data controller for the personal data described here.

If you have any privacy questions or want to exercise your rights, contact us at frontdesk@officeforvisualaffairs.com.

2. The data we collect, and where it comes from

Data you provide

When you create or edit a profile, we store:

your first and last name;
your email address (kept private — see section 3);
your city and country;
an optional bio, profile photo, and links to your Instagram, Facebook, and website;
your skills (for example freediver, instructor, spearfisher); and
any certifications you choose to list (self-reported).

Data from signing in with Google

You sign in with Google. From your Google account we receive your email address, name, and profile picture, which we use to create and identify your account. We don't receive your Google password, and we don't post anything to Google on your behalf.

Data we derive

Approximate (city-level) coordinates. When you save a city and country, we look them up with a geocoding service to place a pin on the map. We geocode only your city — never a street address — so your map pin is approximate by design.
A profile slug (a URL-friendly version of your name) so your profile has a shareable address.

Imported / publicly sourced data

Some content on Dive Together was not submitted by an account holder:

Imported profiles. A small number of profiles were created from publicly available information (such as a public Instagram profile): name, handle, the person's own public bio, and their city. These profiles have no email address and no account attached. If one is about you, see section 11.
School listings. Most school listings were imported from a public business dataset and may include the school's name, address, phone number, website, and a storefront photo. Schools can claim and correct their listing.

Technical data

Like any website, our hosting and infrastructure providers process technical data needed to serve the site, such as your IP address and standard request logs. We use a single essential cookie to keep you signed in (see section 6).

3. What's public, and what's never public

Dive Together is a public directory, so some of your profile is visible to anyone. But we enforce a strict line in the database itself:

Public (shown on your profile, in the directory, and on the map): your name, city, country, approximate city-level map location, photo, bio, social/website links, skills, and listed certifications.

Never public: your email address and any street address. Public pages, the directory, and the map all read from a restricted database view (directory_people) that simply does not include these fields — so they cannot appear publicly even by mistake.

For schools, contact details such as phone, website, and address are part of the public listing. If you deactivate your profile, it is hidden from the directory, map, and public profile pages.

4. How we use your data, and our lawful bases

What we do	Why	Lawful basis (GDPR)
Create and run your profile and account	To provide the service you asked for	Performance of a contract
Authenticate you (Google sign-in, session)	To let you sign in securely	Performance of a contract
Show the directory and map (city-level pins)	To run a useful community directory	Legitimate interests
Geocode your city to an approximate location	To place your pin on the map	Legitimate interests
Keep the site secure and prevent abuse	To protect members and the service	Legitimate interests
Maintain imported profiles and school listings from public sources	To build a useful, comprehensive directory	Legitimate interests

Where we rely on legitimate interests, we've weighed them against your rights and limited what we collect and publish accordingly (for example, city-level pins and never publishing email or street addresses). You can object — see section 10.

5. We don't sell your data

We do not sell your personal data, and we don't share it for advertising or to third-party marketers.

6. Cookies and tracking

We use one essential cookie: a secure, httpOnly session cookie that keeps you signed in. It's necessary for the site to work and isn't used to track you.

We use no analytics, no advertising, no social-media tracking pixels, and no fingerprinting. We don't load third-party tracking scripts.

Note that when your browser loads the map or web fonts, requests go directly to the providers listed in section 7, which necessarily see your IP address as part of serving those files — this is standard for any site that uses them, and isn't used to profile you.

7. Who we share data with (sub-processors)

We use a small number of trusted providers to run the site. Each only receives what it needs for its job.

Provider	Role	Data involved
Google	Sign-in (OAuth)	Your Google account email, name, and avatar at sign-in
Supabase	Database, authentication, and file storage	Your profile data, account, and uploaded photos
Vercel	Website hosting	Requests to the site, including your IP address and logs
OpenFreeMap	Map tiles	Your IP address and map view when you use the map
Nominatim / OpenStreetMap	Geocoding (city → coordinates)	Your city and country (no street address) and our server's request
Fontshare	Web fonts	Your IP address when a page loads our fonts
Unsplash	Stock imagery on the landing page	Your IP address when those images load

These providers process data on our behalf or as independent controllers for the limited interactions above. Where they act as our processors, they're bound by appropriate data-processing terms.

8. International data transfers

Our infrastructure and some providers may process data outside your country, including in the United States and other regions where our providers operate. Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

9. How long we keep data, and deletion

We keep your profile and account data for as long as your account exists.
Deactivating your profile hides it from public view but doesn't delete it — you can reactivate at any time.
Deleting your account removes your profile, your listed certifications, any listing claims you made, and the profile photos you uploaded. If you managed (claimed) any school listings, those listings remain but are unlinked from you. Deletion is permanent.
Imported profiles and school listings from public sources are kept until the listing is claimed or we receive a removal request (see section 11).
We may keep limited information for longer where we need to for legal, security, or dispute-resolution reasons.

Standard server logs held by our hosting providers are retained for their normal operational periods.

10. Your rights

Under the GDPR you have the right to:

access the personal data we hold about you;
rectify inaccurate or incomplete data;
erase your data ("right to be forgotten");
restrict or object to our processing, including processing based on legitimate interests;
data portability — receive your data in a portable format; and
withdraw consent where we rely on it, without affecting prior processing.

You can exercise many of these directly in the app — edit your profile, hide it, or delete your account at any time. For anything else, email frontdesk@officeforvisualaffairs.com and we'll respond within the time the law allows.

If you believe we've handled your data improperly, you can complain to your local data-protection authority. We'd appreciate the chance to put things right first.

11. Imported profiles — your options

If a profile about you was created from your publicly available information (such as a public Instagram profile), you have choices:

Claim it. Sign in and claim the listing to take ownership and edit or correct it. Approved claims merge the listing into your own profile.
Ask us to remove it. Email frontdesk@officeforvisualaffairs.com and we'll remove the imported profile. This is your right to object to and erase the processing, and we honour such requests.

The same applies to school listings imported from public sources — contact us to claim, correct, or remove one.

12. Children

Dive Together isn't directed at children. You must be at least 16 years old to create an account. If you believe a child has given us personal data, contact us and we'll delete it.

13. How we protect your data

We take security seriously and build it into the platform:

Row-level security in our database so members can only read and edit their own data, and email and street address are excluded from all public reads.
A secure, httpOnly session cookie rather than exposing tokens to scripts.
Server-side writes for sensitive operations rather than trusting the browser.
Hardened image fetching that blocks requests to internal or private addresses when we re-host an image from a URL.

No system is perfectly secure, but we work to protect your data and to limit what we collect and expose in the first place.

14. Changes to this policy

We may update this policy from time to time. When we make material changes, we'll update the "last updated" date above and, where appropriate, give notice on the site.

15. Contact

For any privacy question or request, email us at frontdesk@officeforvisualaffairs.com.