Skip to main content

Privacy Policy

Your privacy matters to us. Learn how mydive.world handles your data.

Last Updated: April 1, 2026

1. Introduction

mydive.world Technologies Pvt. Ltd. ("mydive.world", "we", "us", or "our") operates the mydive.world platform (the "Platform"), a marketplace that connects recreational scuba diving providers with users seeking diving experiences across India. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, mobile application, or use any of our services (collectively, the "Services"). For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDPA"), mydive.world acts as the Data Fiduciary and you — the individual whose personal data is processed — are the Data Principal. By accessing or using our Services, you consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

Personal Information

  • Full name, email address, phone number, and date of birth
  • Government-issued identification details (for provider verification)
  • Profile photographs and biographical information you choose to provide
  • Emergency contact information
  • Medical fitness declarations relevant to scuba diving activities

Booking and Transaction Data

  • Booking history, preferences, and saved listings
  • Payment transaction records (note: full payment card details are processed by our third-party payment processors and are not stored on our servers)
  • Communication records between you and dive providers through the Platform
  • Reviews and ratings you submit

Device and Usage Data

  • IP address, browser type, operating system, and device identifiers
  • Pages visited, features used, time spent on the Platform, and clickstream data
  • Referring URLs and search queries
  • App crash reports and performance diagnostics

Location Data

  • Approximate location derived from your IP address
  • Precise geolocation data (with your explicit consent) to show nearby dive providers and experiences

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To facilitate bookings between divers and certified dive providers
  • To communicate booking confirmations, reminders, and updates via WhatsApp, SMS, email, and in-app notifications
  • To process payments through our split-pay model (15% upfront commission, 85% on-site payment)
  • To generate and deliver digital vouchers and QR codes for confirmed bookings
  • To calculate and display Trust Scores for providers
  • To verify provider certifications and Seva Crew eligibility
  • To improve, personalise, and optimise our Services and user experience
  • To detect, prevent, and address fraud, security breaches, and technical issues
  • To comply with applicable laws, regulations, and legal processes
  • To send promotional communications (with your consent; you may opt out at any time)

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

  • With dive providers: When you make a booking, we share relevant details (name, contact information, number of participants, medical declarations) with the provider to fulfil your booking.
  • With payment processors: Transaction data is shared with our authorised payment gateway partners for processing payments securely.
  • With service providers: We engage trusted third-party vendors for hosting, analytics, customer support, and communication services who process data on our behalf under strict confidentiality agreements.
  • For legal compliance: We may disclose information when required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of mydive.world, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • SSL/TLS encryption for all data transmitted between your device and our servers
  • Encrypted storage of sensitive personal data at rest
  • Role-based access controls limiting employee access to personal data on a need-to-know basis
  • Regular security audits and vulnerability assessments
  • Secure development practices in accordance with industry standards

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Digital Personal Data Protection Act, 2023 (DPDPA)

We process personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDPA"), the primary data-protection statute in India. This section explains our role, your role, and how we handle DPDPA-specific obligations.

Our Role — Data Fiduciary

  • mydive.world Technologies Pvt. Ltd. is the Data Fiduciary — we determine the purpose and means of processing your personal data.
  • We process personal data only for the purposes stated in this Privacy Policy and on the basis of your consent, a contract, a legal obligation, or other legitimate uses permitted under the DPDPA.
  • We maintain reasonable security safeguards, notify the Data Protection Board of India and affected Data Principals in the event of a personal-data breach, and erase personal data when it is no longer required or when you withdraw consent (subject to legal retention obligations).
  • Where we engage other processors (e.g. payment gateways, WhatsApp/SMS providers, cloud hosting), they act as Data Processors bound by contract to handle personal data only on our documented instructions.

Your Role — Data Principal

  • You are the Data Principal — the individual to whom the personal data relates. For children under 18, the parent or lawful guardian acts as the Data Principal.
  • You can withdraw consent at any time; processing that occurred before withdrawal remains lawful.
  • You must furnish accurate information and not impersonate another person or suppress material information when exercising your DPDPA rights.

7. Your Rights as a Data Principal

Under the DPDPA and other applicable laws, you have the following rights over your personal data:

  • Right to information: You may request a summary of the personal data we process and the processing activities undertaken.
  • Right to correction, completion, updating and erasure: You may request that inaccurate or incomplete personal data be corrected or erased, subject to legal exceptions.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. We will stop further processing of that data once we have confirmed withdrawal.
  • Right to grievance redressal: You may raise a complaint with our Grievance Officer (details below). If you are not satisfied with our response, you may approach the Data Protection Board of India.
  • Right to nominate: You may nominate another individual to exercise your rights in the event of your death or incapacity.
  • Data portability & marketing opt-out: You may request your data in a commonly used, machine-readable format and unsubscribe from promotional communications at any time.

To exercise any of these rights, please write to our Grievance Officer at grievance@mydive.world. We will acknowledge receipt within 72 hours and respond substantively within 30 days.

8. Grievance Officer

In accordance with the DPDPA and the Information Technology Act, 2000, we have appointed a Grievance Officer to address questions or complaints relating to the processing of your personal data:

If a grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India as constituted under the DPDPA.

Name: Grievance Officer, mydive.world Technologies Pvt. Ltd.

Email: grievance@mydive.world

Phone: +91 1800-DIVE-IN (1800-3483-46)

Postal address: mydive.world Technologies Pvt. Ltd., Panaji, Goa 403001, India

Hours: Monday to Friday, 10:00–18:00 IST (excluding Indian public holidays)

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Platform. These include:

  • Essential cookies: Required for the Platform to function (e.g., session management, authentication).
  • Analytics cookies: Help us understand how users interact with our Platform so we can improve it.
  • Preference cookies: Remember your settings and preferences for a personalised experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services.

10. Third-Party Links

Our Platform may contain links to third-party websites or services, including dive provider websites, certification body portals, and social media platforms. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party website you visit.

11. Children's Privacy

Our Services are available to individuals aged 10 years and above for scuba diving experiences, in line with international diving certification standards. For users under 18 years of age, parental or guardian consent is required to create an account and make bookings. Parents or guardians may contact us to review, modify, or delete their child's personal information. We do not knowingly collect personal information from children under 10 without verifiable parental consent.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the "Last Updated" date. Where required by law, we will seek your consent before implementing material changes. Your continued use of our Services after such modifications constitutes your acceptance of the updated Privacy Policy.

Legal References

This Privacy Policy has been drafted in accordance with the following Indian laws and regulations:

  • Digital Personal Data Protection Act, 2023 (DPDPA)
  • Information Technology Act, 2000
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Consumer Protection Act, 2019
  • Consumer Protection (E-Commerce) Rules, 2020