Privacy Policy

Last updated: May 3, 2026

Operated by Hernan Jorge Fuccillo. Moo 1, Koh Tao, Surat Thani 84360, Thailand. Contact: info@scubacloud.co.

This Privacy Policy explains how ScubaCloud ("we", "us", "our") collects, uses, and protects personal data when you visit scubacloud.co or use our dive center management platform. We aim to be transparent and to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and applicable privacy laws in other regions where we operate.

1. Who we are

ScubaCloud is operated by Hernan Jorge Fuccillo, who is the data controller for personal data processed through this website and the ScubaCloud platform. For any privacy-related request, contact us at info@scubacloud.co.

2. What data we collect

Depending on how you interact with us, we may collect:

  • Contact form data — name, email, message, and any information you choose to include when filling out our forms.
  • Usage data — pages visited, referring URL, approximate location (country/region), device type, browser, and language. This is collected by Google Analytics 4 and Google Ads in aggregate form.
  • Technical data — IP address and user agent for security, fraud prevention, and route-visit tracking on specific campaign landing pages.
  • Marketing preferences — your cookie consent choice, stored locally in your browser.

We do not knowingly collect data from children under 16.

Data processed when you use the ScubaCloud platform

If your dive center is a ScubaCloud customer, we process the following on your behalf, as a data processor acting under your instructions:

  • Customer profiles your dive center records — names, emails, phone numbers, certifications, dive history, medical declarations, equipment sizes, and emergency contacts. Customers typically provide this information themselves through your unique QR registration link.
  • Financial and operational records — invoices, payments, expenses, payroll, commissions, and retail sales tied to customer profiles.

This data belongs to your dive center. We do not sell it, share it for advertising, or use it to train any model. Our role and responsibilities for this data are governed by the Terms of Service and any data processing agreement in force.

3. Legal bases for processing

We process personal data under the following GDPR legal bases:

  • Consent — for analytics, advertising, and marketing cookies (Art. 6(1)(a) GDPR).
  • Performance of a contract — to respond to inquiries and provide the services you request (Art. 6(1)(b)).
  • Legitimate interests — for essential site security, fraud prevention, and basic functionality (Art. 6(1)(f)).

4. Cookies and tracking

We use cookies and similar technologies to understand how visitors use our site and to measure the effectiveness of our marketing. When you first visit, a banner asks for your consent.

We use Google Consent Mode v2, which means that if you reject non-essential cookies, Google still receives cookieless signals (without identifiers) so we can see aggregate traffic trends. If you accept, the following services are enabled:

  • Google Analytics 4 (Google Ireland Ltd.) — measures site usage. Data retention: 14 months.
  • Google Ads (Google Ireland Ltd.) — conversion tracking and remarketing.

You can change or withdraw your consent at any time by clearing your browser's site data for scubacloud.co, which will make the consent banner reappear.

5. Third-party processors

We share data with the following processors strictly to operate our services:

  • SMTP2GO — transactional and contact-form email delivery.
  • Google (Analytics + Ads) — analytics and advertising, subject to your consent.
  • Stripe — payment processing for ScubaCloud platform subscribers. Stripe receives only what's necessary to process payments (billing details and amount); it does not receive any of the customer or operational data described in section 2.
  • Cloud infrastructure providers — hosting and data storage.

These processors are bound by Data Processing Agreements and may transfer data outside the EU/EEA under European Commission Standard Contractual Clauses where required.

6. Google advertising and sensitive data

We use Google Ads and Google Analytics to measure marketing performance and reach prospective customers. We do not share sensitive personally identifiable information with Google — including medical declarations, dive certifications, financial records, customer contact details, and payroll data.

We comply with Google's advertising policies, including the policies on Personalized Advertising, Restricted Categories, and Healthcare and Medicines content. Google receives only website usage signals (pageviews, conversions, audience signals) under your consent choice — see section 4.

7. Data retention

  • Contact form submissions: kept for up to 24 months, then deleted or anonymized.
  • Analytics data: retained by Google Analytics for 14 months.
  • Marketing consent: stored in your browser until you clear it.

8. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate data;
  • Request deletion ("right to be forgotten");
  • Restrict or object to processing;
  • Request data portability;
  • Withdraw consent at any time;
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights — including a request for a copy of your data or its deletion — email info@scubacloud.co with the subject line Data request. We respond within 30 days.

9. Security

We apply reasonable technical and organizational measures — including HTTPS encryption in transit, restricted access controls, and regular backups — to protect personal data from unauthorized access, loss, or disclosure. Customer data is stored on encrypted servers operated by our cloud infrastructure providers, with backups encrypted at rest and access restricted to authorized personnel. No method of transmission over the internet is fully secure, and we cannot guarantee absolute security.

10. International transfers

Some of our processors (including Google) are based in the United States. Transfers from the EU/EEA are covered by Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via a notice on this page. The "Last updated" date above reflects the most recent revision.

12. Contact

Questions about this policy or about how we handle your data? Reach us at info@scubacloud.co.