DiveOps.ai
Legal

Privacy policy.

Last updated: 20 May 2026

Who we are

DiveOps (“DiveOps.ai”, “we”, “us”, “our”) is a software platform for dive centre operations. DiveOps.ai is operated by Courtney Evans Holdings Limited (Company no. 07384166), a company registered in England and Wales.

Contact: hello@diveops.ai

What this policy covers

This policy explains what personal data we collect when you use DiveOps.ai, how we use it, who we share it with, and your rights under UK GDPR and the Data Protection Act 2018.

Data we collect

Account data: name, email address, phone number, dive centre name, role.

Usage data: pages visited, features used, session duration, IP address, browser type.

Customer data processed on behalf of dive centres: when dive centres use DiveOps to manage their customer bookings, we process personal data about their customers (names, phone numbers, dive certifications, booking history) as a data processor on the dive centre's behalf.

Messaging data: when dive centres integrate DiveOps with WhatsApp Business, we process message content, contact details, and message metadata necessary to provide the service.

Why we process your data

  • To provide the DiveOps service you signed up for
  • To communicate with you about your account
  • To improve the product based on usage patterns
  • To comply with legal obligations
  • To prevent fraud and abuse

Legal basis

We rely on the following legal bases under UK GDPR:

Contract: to deliver the service you signed up for

Legitimate interests: to improve the product and prevent abuse

Legal obligation: where required by law

Consent: for optional features like marketing emails, where applicable

How we share data

We share data only with the following categories of recipient:

Sub-processors that host or process data on our behalf:

  • Supabase (Frankfurt, EU) — primary database and authentication
  • Vercel (EU) — web application hosting
  • Hetzner (Falkenstein, EU) — workflow automation (n8n)
  • Anthropic (US) — AI assistant (Claude) for message replies, no training on customer data
  • Meta Platforms Inc. (global) — WhatsApp Business Platform infrastructure

Authorities where legally required

We do not sell personal data. We do not use customer message content for any purpose other than delivering the service, including not for marketing or AI model training.

WhatsApp Business and our role as a Tech Provider

DiveOps integrates with the WhatsApp Business Platform as an independent Tech Provider registered with Meta Platforms Inc. When a dive centre connects its WhatsApp Business number to DiveOps:

  • The dive centre is the data controller of all customer message content sent to or from that number
  • DiveOps acts as the data processor under UK GDPR Article 28, processing data on the dive centre's documented instructions
  • Meta provides the underlying WhatsApp Business Platform infrastructure; its terms and privacy policy apply to all WhatsApp message delivery
  • DiveOps onboards the dive centre's WhatsApp Business Account through Meta's Embedded Signup, manages message templates, sends and receives messages, and subscribes to relevant webhooks on the dive centre's behalf

Dive centres remain responsible for ensuring they have a lawful basis to message their customers via WhatsApp and for complying with Meta's WhatsApp Business Messaging Policy.

International transfers

Some providers (Anthropic) are based outside the UK/EEA. These transfers are protected by Standard Contractual Clauses and the UK International Data Transfer Addendum.

How long we keep data

  • Account data: while your account is active, plus 12 months after closure
  • Usage logs: 12 months
  • Billing records: 7 years (UK tax law)
  • Customer data processed for dive centres: per the dive centre's instructions

Your rights

Under UK GDPR you have the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Delete your data (“right to erasure”)
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent where processing relies on consent
  • Complain to the UK Information Commissioner's Office (ico.org.uk)

To exercise any of these rights, email hello@diveops.ai.

Cookies

DiveOps.ai uses essential cookies for authentication and session management. We use basic analytics to understand site usage. We do not use marketing or tracking cookies without consent.

Data deletion

To request deletion of your personal data, email hello@diveops.ai with the subject line “Data deletion request”. Include the email address associated with your DiveOps account.

We will action verified requests within 30 days and confirm completion by email. Some records are retained where law requires, in particular billing and tax records for 7 years under UK tax law. Audit logs are retained for 12 months for fraud and security review.

If you are an end customer of a dive centre that uses DiveOps and you want your message data deleted, please contact the dive centre directly. They are the data controller and the deletion instruction must come from them.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to account holders.

Contact

For any privacy questions, contact hello@diveops.ai.