Privacy Policy

Last updated: 2026-04-25

This Privacy Policy explains how Scubra ("we", "us", "our") collects, uses, and protects your personal information when you use our equipment lifecycle management platform at scubra.com.

Information We Collect

We collect the following categories of information:

  • Account information: name, email address, organization name, and authentication credentials, provided when you sign up.
  • Equipment data: serial numbers, photos, service history, and usage logs that you enter into the platform.
  • Usage data: pages viewed, features used, and basic device information collected via our self-hosted analytics (Umami) and server logs.
  • Billing information: processed by Clerk and Stripe; we do not store payment card numbers on our servers.

How We Use Your Information

  • To operate and improve the Scubra platform.
  • To send you service-related notifications (maintenance alerts, account activity).
  • To respond to support requests.
  • To meet legal, accounting, and tax obligations.

Legal Basis for Processing (GDPR)

We process personal data on the following legal bases: (a) performance of a contract — to deliver the service you have signed up for; (b) legitimate interests — to keep the service secure and improve it; (c) consent — for non-essential analytics; (d) legal obligation — for compliance and tax records.

Data Sharing

We share data only with subprocessors required to operate the service:

  • Clerk — authentication and user management.
  • Railway — hosting infrastructure.
  • Stripe — payment processing (via Clerk Billing).

We do not sell your personal data. We do not share your equipment or usage data with third parties for marketing.

Data Retention

Account and equipment data is retained for as long as your account is active. After account closure, we retain data for up to 90 days to allow recovery, after which it is permanently deleted, except where retention is required by law (typically 7 years for billing records).

Your Rights

Under the GDPR, UK GDPR, and similar regimes you have the right to: access your data, correct it, request deletion, restrict or object to processing, and request portability of your data. To exercise any of these rights, email hello@scubra.com.

Cookies & Tracking

Scubra uses essential cookies for authentication (set by Clerk) and a self-hosted analytics tool (Umami) for aggregated, cookie-less usage analytics. We do not use third-party advertising trackers.

Security

Data is transmitted over TLS 1.2+. Equipment data is stored in PostgreSQL with row-level security so each organization's data is isolated. Access by Scubra staff is limited to support and operations needs and is logged.

International Transfers

Our infrastructure is hosted in the European Union (Railway europe-west4). When data is transferred to subprocessors outside the EU, we rely on Standard Contractual Clauses or equivalent safeguards.

Children

Scubra is a B2B service intended for dive center operators. We do not knowingly collect data from anyone under 16.

Changes to This Policy

We will notify you of material changes by email or by prominent notice on the platform.

Contact

Questions or requests: hello@scubra.com.