Privacy Policy
We want to be straightforward about how DiveCodex and DiveLog handle your information. No legalese walls — just a clear explanation of what we collect, why, and how you stay in control.
Last updated: 21 March 2026
The short version
- •We only collect data that makes the product work or helps us improve it.
- •Analytics are off by default. You choose whether to enable them via the cookie banner.
- •Your dive logs are private by default. Only you decide what becomes public.
- •We don’t sell your data. We don’t run ads. We don’t share personal information with third parties for marketing.
- •You can request deletion of your account and all associated data at any time.
Who we are
DiveCodex and DiveLog are personal projects created by Jouni Kuisma, based in Spain. This is not a large corporation — it’s an independent project built by a diver, for divers.
DiveCodex(divecodex.com) is a dive site reference — publicly accessible, no account needed to browse.
DiveLog(log.divecodex.com) is a dive log app — you create an account to log and manage your dives.
Both products share this privacy policy and the same underlying infrastructure.
What we collect and why
If you browse DiveCodex (no account)
Page visits and interactions
To understand which content is useful and where to focus improvements
Only collected if you accept analytics cookies. We use Google Analytics 4 with Consent Mode v2 — analytics are completely off until you say yes. We never send your search queries or any text you type to analytics; only aggregate signals like how many results a search returned.
Cookie consent preference
To remember your choice so we don't ask every visit
Stored in your browser's local storage. No personal data.
If you create a DiveLog account
Email address
To create your account and let you log in
Stored securely in our authentication system (Supabase Auth). We don't send marketing emails.
Username and display name
To identify you on your profile and dive logs
Your username is visible on your public profile if you choose to make it public. Your email is never shown to other users.
Profile photo (optional)
Shown on your profile if you add one
If you sign in with Google, your Google profile photo may be used. You can change or remove it.
If you log dives
Dive details (date, depth, duration, conditions, equipment, notes)
This is the core product — your personal dive log
All dive data is private by default. You control the visibility of each dive individually with the 'public' toggle. Private dives are only visible to you.
Buddy names (if you enter them)
To record who you dived with
If you mark a dive as public, the buddy name becomes visible. Be mindful about sharing others' names — it's your choice what to include.
Dive site associations
To link your dives to specific locations
When you select a dive site, we store the reference. We don't track your physical location or use GPS.
If you join a dive club
Club membership
To show you as a member of the club and give you access to the club's features
Other club members can see that you're a member. You can leave a club at any time.
Cookies
We use two categories of cookies:
Necessary cookies
These keep the site working — your login session, your cookie consent choice. They can’t be turned off because the site wouldn’t function without them.
Analytics cookies
Google Analytics cookies (_ga, _gid) that help us understand how people use the site. Off by default— only activated if you click “Accept all” in the cookie banner. If you decline, these cookies are deleted and no analytics data is collected.
You can change your cookie preferences at any time by clicking .
Third-party services
We use a small number of trusted services to run DiveCodex and DiveLog. Here’s exactly who has access to what:
| Service | What it does | Data shared |
|---|---|---|
| Supabase | Database and authentication | All account and dive data (encrypted in transit and at rest) |
| Google Analytics | Usage analytics | Page views and interactions (only with your consent, no personal data) |
| Vercel | Website hosting | Serves web pages (standard web server logs) |
| Cloudflare | DNS and domain management | Routes traffic to our servers (no app data) |
| Carto / OpenStreetMap | Map tiles | Anonymous map image requests when you view a map |
We do not sell data to anyone. We do not use advertising networks. We do not share your information with data brokers.
Your rights and choices
Under GDPR and similar privacy laws, you have the right to:
- →Access your data — see what we have about you
- →Correct your data — fix anything that’s wrong
- →Delete your data — request full deletion of your account and all associated dive data
- →Export your data — get a copy of your dives and profile in a portable format
- →Withdraw consent — change your cookie preferences at any time
Your dive logs are yours. You can make them public or private at any time. Your profile is private by default — you choose whether to make it visible.
Data security
All data is transmitted over HTTPS (encrypted). Our database provider (Supabase) encrypts data at rest. We enforce row-level security policies so that database queries can only access data the requesting user is authorised to see.
Passwords are hashed using industry-standard algorithms — we never store or see your password in plain text. If you sign in with Google, we never receive your Google password.
Contact
If you have questions about this policy, want to exercise your data rights, or just want to say hello:
Email: privacy@divecodex.com
We aim to respond to all privacy requests within 30 days.
Changes to this policy
If we make meaningful changes to how we handle your data, we’ll update this page and the “last updated” date above. For significant changes, we may also notify you via the cookie consent banner or email.