Privacy Policy

Last updated: February 2026

Data We Collect

We collect only what you provide: your name, email, profile information, and emergency data you choose to enter. We do not collect data you haven't explicitly provided.

Scan Logs

When your emergency profile is scanned, we log the event. IP addresses are SHA-256 hashed before storage — we never store raw IP addresses. We do not use tracking cookies on public profile pages.

Data Encryption

Sensitive fields (passport numbers, national ID numbers) are encrypted at the application level before storage. Your account password is managed by Supabase Auth and is never accessible to us.

Your Rights (GDPR)

  • Right to access: you can export your data at any time
  • Right to rectification: edit your profile at any time
  • Right to erasure: delete your account to remove all data
  • Right to portability: data export coming soon

Third Parties

We use Supabase (hosted in the EU) for authentication and database. We use Vercel for hosting. We do not sell your data to third parties.

Contact

Questions? Contact us at privacy@scubaid.co

← Back to ScubaID