DiveFill ("we", "us") provides a tank-fill order management platform for dive shops, dive boats, and fill stations. This Privacy Policy describes what personal data we collect, why, who we share it with, and the rights you have over it.
DiveFill operates a B2B platform. Fill stations using DiveFill act as data controllers for their dive shop customers' data; DiveFill acts as the data processor for that data. For data we collect directly from operators, fill station administrators, and DiveFill website visitors, DiveFill is the controller.
Account and profile data: name, email address, phone number, organization, role. Order data: order line items, gas types, tank types, dates, times, delivery method, notes, status history, edit history, and any free-text fields you submit. Messaging data: when you communicate with a fill station via WhatsApp, we receive and process the message contents, your phone number, and message metadata. Message contents are sent to Anthropic's Claude API for parsing into structured order data; see the Subprocessors page. Usage and technical data: pages visited, IP address, browser, and basic logs needed to run and secure the service. We do not collect special-category personal data and we do not knowingly collect data from minors.
We use personal data only to operate, secure, and improve the DiveFill service: to create and route orders, send transactional notifications, authenticate users, prevent abuse, and respond to support requests. We do not use customer order data for marketing, profiling, or sale.
Order data of one dive shop is never disclosed — directly, indirectly, or in aggregated/derived form — to any other dive shop, on the same fill station or elsewhere. We do not sell personal or order data, do not use it for advertising, and do not share it with any third party other than the subprocessors listed on our Subprocessors page. If we ever publish aggregated industry statistics, we will notify customers in advance and ensure no individual organization's volume can be inferred from the published figures.
Order data is isolated per organization at the database layer using PostgreSQL row-level security policies, so one organization cannot query another's data. Connections to the application and database are encrypted in transit (TLS); data at rest is encrypted by our hosting and database providers. Authentication uses Supabase Auth with industry-standard password hashing and email-based verification.
Today DiveFill is a small operation. Customer data is accessible only to the operator running the service. Support access to a customer's account data happens only when the customer asks for help with a specific issue, and is limited to what is needed to resolve that issue. As the team grows we will publish a more detailed access and audit policy.
We retain order and account data for as long as your organization is an active customer of a fill station that uses DiveFill. When the relationship ends — for example if a fill station offboards a dive shop, or a fill station leaves the platform — associated data is deleted within 30 days, except where we are required by law to retain it longer (for example for tax records). You can request deletion or export of your personal data at any time by contacting us; see the Contact section below.
Depending on where you live, you may have the right to access, correct, delete, restrict, or port the personal data we hold about you, and to object to certain processing. To exercise any of these rights, contact us at the address in the Contact section. We will respond within the time required by applicable law. If you are in the EU, EEA, or UK, you also have the right to lodge a complaint with your local data protection authority.
We use a small number of vetted third-party services to operate DiveFill. Each handles a specific category of data and is bound by data-protection commitments. The current list, updated as it changes, lives at the Subprocessors page.
Some of our subprocessors are based in the United States. Where personal data is transferred outside your jurisdiction, we rely on the lawful transfer mechanisms our subprocessors offer (for example Standard Contractual Clauses) and ensure equivalent protection.
We may update this policy from time to time. Material changes will be communicated to active customers in advance, with at least 30 days notice where reasonably possible. The effective date at the top of the page reflects the most recent revision.
Questions about this policy or about how we handle your data should be sent to the contact email below.
Dive Fill — privacy@divefill.com