Privacy Policy

Your privacy matters. Here's how we handle your data.

1. Data Controller

Your personal data is processed by Onosia EURL, the company behind DiveToolbox. For any privacy-related questions,

2. Data We Collect

We collect the following personal data:

  • Email address — for account creation and communication
  • Username — for account identification
  • Profile picture (optional) — for account personalization
  • Diver profile data — certification level, preferences, units
  • Saved dive plans and tank configurations — to provide the service
  • Usage data — pages visited, features used (via privacy-friendly analytics)

3. Legal Basis

We process your data based on:

  • Contract performance — to provide the DiveToolbox service you signed up for
  • Legitimate interest — to improve the service and ensure security
  • Consent — for optional features like analytics tracking

4. Cookies

DiveToolbox uses only functional cookies strictly necessary for the service: authentication session tokens, language preference, theme preference (light/dark). We do not use advertising cookies or third-party tracking cookies.

5. Analytics

We use Matomo, a privacy-friendly analytics solution, self-hosted on our own servers in France. IP addresses are anonymized (last 2 octets masked). No data is shared with third parties. You can opt out of analytics tracking at any time from the footer of any page or by enabling "Do Not Track" in your browser.

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — limit processing of your data
  • Objection — object to processing based on legitimate interest

To exercise any of these rights,

7. Data Retention

Your personal data is retained for the duration of your account registration. Upon account deletion, your data is permanently erased immediately. Analytics data is retained for a maximum of 13 months.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), secure password hashing, and regular security updates. Data is hosted on servers located in Europe.

9. Children's Privacy

DiveToolbox is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data,

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email. The latest version is always available on this page.