Dive LogBook · Privacy

Privacy Policy

How the Dive LogBook app and the LogBook web app handle your data — in short: your dive data stays on your device.

Last updated
15 July 2026
Controller
Michael Held
Scope
GDPR & Swiss FADP

Preamble & Core Principle

This privacy policy applies jointly to the Android app “Dive LogBook” (hereinafter the “App”) and the web-based application “LogBook” (hereinafter the “Web App”). It informs you about the types of your personal data (hereinafter also referred to simply as “data”) that we process, for which purposes and to what extent.

Core principle: Both applications are designed so that your dive data is processed locally — in the App on the storage of your device, and in the Web App exclusively within your browser. This data is neither transmitted to us nor stored on our servers.

For easier orientation we label sections according to which application they apply to: App Web App App & Web

The terms used are not gender-specific.

Contents

Controller

Michael Held Josef-Priller-Str 36a
86159 Augsburg, Germany
logbook@divehero.de

Relevant Legal Bases

Relevant legal bases under the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Should more specific legal bases be relevant in an individual case, we will inform you of these in this privacy policy.

  • Consent (Art. 6(1)(a) GDPR) - You have given us your consent to process the data concerning you for a specific purpose. This applies in particular to the App's access to device features such as location, camera and contacts, which you confirm separately in each case.
  • Legitimate interests (Art. 6(1)(f) GDPR) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data. Our legitimate interest lies in providing our applications in a functional, secure and appealing manner.

National data protection provisions in Germany: In addition to the data protection provisions of the GDPR, national data protection provisions apply in Germany. These include in particular the Federal Data Protection Act (Bundesdatenschutzgesetz — BDSG). The BDSG contains, among other things, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and transmission, as well as automated decision-making in individual cases including profiling. Furthermore, the data protection laws of the individual federal states may apply.

Note on the applicability of the GDPR and the Swiss FADP: This privacy information serves to provide information both under the Swiss Federal Act on Data Protection (Swiss FADP) and under the General Data Protection Regulation (GDPR). For this reason, please note that, due to the broader geographical application and comprehensibility, the terms of the GDPR are used. However, insofar as the Swiss FADP applies, the legal meaning of the terms continues to be determined in accordance with the Swiss FADP.

Overview of Processing

The following overview summarises the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of data processed

  • Dive and logbook data (e.g. dive sites, date/time, depth, duration, equipment, notes, certificates) — locally on your device or in your browser.
  • Location data (App only).
  • Photo and media data (App only).
  • Contact data (display name of a contact you select; App only).
  • Usage as well as meta/procedural data (e.g. IP address towards third-party map and font services).

Categories of data subjects

  • Users of the App and the Web App.

Purposes of processing

  • Keeping a digital dive logbook.
  • Displaying dive sites on maps.
  • Provision of our applications and their functionality.

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
  • Right to withdraw consent: You have the right to withdraw consent you have given at any time — for example by revoking an App permission in your device's system settings.
  • Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain access to this data as well as further information and a copy of the data in accordance with the statutory requirements.
  • Right to rectification: In accordance with the statutory requirements, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.
  • Right to erasure and restriction of processing: In accordance with the statutory requirements, you have the right to request that data concerning you be erased without delay, or alternatively to request a restriction of the processing of the data. You can also remove locally stored dive data yourself at any time in the App, or by closing the Web App.
  • Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format, in accordance with the statutory requirements. For this purpose the App supports export to common, machine-readable formats (e.g. UDDF, FIT, CSV); the Web App reads UDDF files you provide.
  • Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the requirements of the GDPR.

Local Processing of Your Dive Data App & Web

Both applications serve to keep a digital dive logbook. All dive data you enter or import — such as dive sites, date and time, depth and time profiles, equipment, dive buddies, notes, images and certificates — is processed locally:

  • App: The data is stored in a database on the storage of your device.
  • Web App: A logbook file you open is evaluated exclusively client-side in your browser and is not transmitted to any server. Only your display setting (e.g. light/dark theme) is stored locally in your browser.

Import, export and sharing App: In the App you can import and export dive data in formats such as UDDF, FIT or CSV, and share individual dives or images with other apps. Where you pass on exported or shared data (e.g. to other apps, storage locations or recipients) is your own responsibility.

Opening a logbook file Web App: The Web App serves to view a logbook. To do so you open a UDDF file (file extension .uddf or .xml) from your device; this is evaluated exclusively in your browser. The Web App does not offer an export or sharing function.

  • Types of data processed: Dive and logbook data, photo and media data, location data.
  • Data subjects: Users of the App and the Web App.
  • Purposes of processing: Keeping a digital dive logbook; import and export of dive data.
  • Storage location: Exclusively local — on your device (App) or in your browser (Web App).
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); insofar as device features are concerned, your consent (Art. 6(1)(a) GDPR).

Device Permissions of the App App

Applies exclusively to the Android app. The Web App does not request any device permissions.

The App requests certain permissions only when you use a function that requires them. You can refuse to grant them or later withdraw a granted permission in your device's system settings; the relevant function may then be unavailable. The data collected via these permissions remains locally on your device.

  • Location: To record the position of a dive site or to centre the map on your current location. Legal basis: consent (Art. 6(1)(a) GDPR).
  • Camera: To take dive photos and to scan codes (e.g. on certification/brevet cards). Legal basis: consent.
  • Photos and media: To assign images to a dive, the App uses your device's system photo picker. In doing so, the App only receives access to the images you specifically select; no separate permission for access to your entire media storage is requested. The selected images are cropped and stored locally. Legal basis: consent.
  • Contacts: Only when you select a contact via the “Add dive buddy” function. Only the display name of the contact you choose is used; your entire address book is not read out. Legal basis: consent.
  • Notifications: To display information, such as the progress of an export running in the background. Legal basis: consent or legitimate interests.

Map Display App & Web

To display dive sites on maps, we integrate map services. For technical reasons, the IP address of your device is transmitted to the respective provider, as they could not deliver the map data without it.

  • Google Maps & Google Places App: In the App we integrate the maps of the “Google Maps” service; when searching for places, search queries may also be transmitted to “Google Places”. IP addresses and location data in particular are processed. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Privacy policy: https://policies.google.com/privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF).
  • Leaflet, CARTO & OpenStreetMap Web App: The Web App uses the map library “Leaflet”, which is loaded via the content delivery network unpkg.com, as well as map tiles from the provider “CARTO” (basemaps.cartocdn.com); the map data originates from OpenStreetMap. When the map is loaded, the IP address and technical information (e.g. browser type) are transmitted to these providers. Service providers: CARTO (CARTO, Inc., USA), unpkg (provided via Cloudflare, Inc., USA), OpenStreetMap Foundation (United Kingdom); Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Privacy policies: carto.com/privacy, cloudflare.com/privacypolicy, osmfoundation.org.

External Fonts & Libraries Web App

Applies exclusively to the Web App. The App does not embed any external fonts from third-party servers.

  • Google Fonts (obtained from the Google server): The Web App loads the fonts “Sora” and “IBM Plex Mono” from Google's servers. In doing so, the IP address of your device is transmitted to Google so that the fonts can be provided in your browser; in addition, technical data (e.g. browser and operating system version) is transmitted. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Privacy policy: https://policies.google.com/privacy; Basis for third-country transfer: EU-US Data Privacy Framework (DPF); Further information: developers.google.com/fonts/faq/privacy.
  • JavaScript libraries (obtained via unpkg.com): To render the interface, the Web App loads the program libraries “React” and “ReactDOM” as well as the map library “Leaflet” (see the “Map Display” section) via the content delivery network unpkg.com. When loading, the IP address of your device and technical information (e.g. browser type) are transmitted to the network operator. Service provider: unpkg (provided via Cloudflare, Inc., USA); Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Privacy policy: cloudflare.com/privacypolicy.

App Store, Updates & Backup App

Applies exclusively to the Android app provided via Google Play.

  • Provision via Google Play: The App is obtained via the Google Play Store. When downloading and using it, Google, as an independent controller, processes data (e.g. your Google account and device details). Privacy policy: https://policies.google.com/privacy.
  • In-app updates and reviews: The App uses the “In-App Update” and “In-App Review” functions of Google Play to notify you of available updates or to allow you to leave a review. Legal bases: Legitimate interests (Art. 6(1)(f) GDPR).
  • Automatic backup (Android Backup): If enabled in your device settings, Android may back up app data to your Google account. This backup is carried out by Google within the scope of the system settings you have chosen; you can disable it in the Android settings.

Amendments and Updates to This Privacy Policy

We ask you to inform yourself regularly about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing we carry out make this necessary. We will notify you as soon as the changes require an act of cooperation on your part (e.g. consent) or any other individual notification.

Where we provide addresses and contact information of companies and organisations in this privacy policy, please note that the addresses may change over time and please verify the details before making contact.

Structure created in part with the free Datenschutz-Generator.de by Dr. Thomas Schwenke