Privacy Policy

As of May 2026 · GDPR compliant

Controller

Dominik Rutz (private operator) · E-Mail: kontakt@surfacelog.app

Data collected

We collect personal data you provide during registration (name, email, password hash) as well as usage data (dives, logbook entries, uploaded photos). Processing is based on Art. 6(1)(b) GDPR (contract performance).

Storage

All data is stored in the EU (Supabase, Frankfurt). Photos are stored in secure cloud storage and automatically deleted after the retention period specified in your plan.

Sharing with third parties

We do not share your data with third parties unless required for contract performance (e.g. payment processing via Stripe) or required by law. Stripe is subject to its own privacy policy.

Cookies

Surfacelog uses only technically necessary cookies for session management (Supabase Auth). No tracking or marketing cookies are used.

Your rights

You have the right to access, rectify, delete, and restrict processing of your data. To exercise these rights, contact: kontakt@surfacelog.app

Data deletion

After account cancellation, all personal data is deleted within 30 days, unless statutory retention obligations apply.

Changes

We reserve the right to update this privacy policy. The current version is always available at /datenschutz.