← Back to home

Privacy Policy

Last updated: March 5, 2026

1. What We Collect

When you create an account, we store your email address and authentication credentials via Supabase Auth. Subscription data you enter (names, costs, notes, URLs) is encrypted in your browser using AES-256-GCM before being stored. We cannot read your encrypted data.

We also collect basic usage information: page views, feature usage events, and error reports to improve the service. If you enable push notifications, we store your browser push subscription endpoint.

2. How We Use Your Data

  • Authentication: Your email is used for login, password resets, and renewal alert digests (if enabled).
  • Renewal alerts: We use your alert settings and subscription renewal dates to send email and/or push notifications.
  • Analytics: Aggregated, anonymous usage data helps us improve Dive Sonar. We do not sell your data.

3. Client-Side Encryption

Sensitive subscription fields (name, notes, URL) are encrypted in your browser before being sent to our database. The encryption key is derived from a passphrase you set and is never transmitted to our servers in plaintext. If you lose your passphrase, we cannot recover your encrypted data.

4. Third-Party Services

  • Supabase: Database hosting and authentication (PostgreSQL with Row Level Security).
  • Vercel: Application hosting and serverless functions.
  • Stripe: Payment processing for premium purchases. We do not store your card details — Stripe handles all payment data.
  • Resend: Email delivery for renewal alert digests.
  • Google AdSense: Ads shown to free-tier users. Google may use cookies for ad personalization. See Google's Privacy Policy.

5. Data Retention & Deletion

Your data is retained as long as your account is active. You can export all your data at any time from Settings. You can delete your account from the Settings page, which permanently removes all your data from our systems including subscriptions, categories, alerts, budgets, and notification preferences.

6. Cookies

We use essential cookies for authentication session management. Google AdSense may set additional cookies for ad personalization on free-tier accounts. No tracking cookies are set by Dive Sonar itself.

7. Your Rights

You have the right to access, export, correct, and delete your personal data. To exercise these rights, use the Data Management section in Settings or contact us. If you are in the EU/EEA, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification. Continued use of Dive Sonar after changes constitutes acceptance.

9. Contact

For privacy-related questions, contact us at privacy@divesonar.com.