← Home

Privacy Policy

Last updated 24 February 2026

This policy covers how Marulho Ventures (“we”, “us”) handles data across our products, including DiveTribe — a social dive logging app. We keep things straightforward: we collect what we need to make the product work, we don’t sell your data, and we give you control over it.

Data we collect

Account data

Name, email, profile photo, experience level, interests, certifications, gear, location, and bio. Gender is optional.

Business profiles

If you create a business profile: business name, logo, description, services, locations, website, contact email, and social links. This is optional.

Dive logs

Date, depth, duration, water temperature, location name, GPS coordinates, conditions, notes, and photos.

Garmin Connect data

When you connect your Garmin account via OAuth, we receive health and activity data from Garmin’s servers. This includes:

  • Heart rate (resting, active, and recovery)
  • Heart rate variability (HRV)
  • Pulse oximetry (SpO2) readings
  • Stress and Body Battery scores
  • Respiration rate
  • Activity summaries including dive depth profiles, water temperature, GPS coordinates, and duration

We only receive this data after you explicitly authorise the connection. You can disconnect at any time to stop future data syncing.

Messages & social content

1:1 and group chat messages (text and photos), posts, photos, likes, comments, and trip participation.

How we use it

  • Display your dive logs, depth profiles, and performance stats
  • Power the social feed, buddy matching, and trip coordination features
  • Parse Garmin health and activity data to surface training insights, recovery metrics, and dive performance analytics
  • Generate readiness and recovery indicators from heart rate, HRV, and SpO2 data

We do not sell your data. We do not share it with third parties for advertising or marketing.

Data storage

Your data is stored in Supabase (Postgres database and cloud storage). Photos are stored in Supabase Storage. All data is transmitted over HTTPS.

Third-party services

  • Supabase — database, authentication, file storage, real-time messaging
  • Garmin Health API — health metrics and activity data, only when you explicitly connect your account
  • Apple Sign-In / Google Sign-In — authentication only

Your rights

  • View and edit your profile and dive data in the app
  • Disconnect your Garmin account at any time — this stops future data syncing. Existing dive logs from Garmin remain unless you request deletion.
  • Request deletion of your account and all associated data by emailing privacy@marulho.co

Contact

Questions about this policy? Email privacy@marulho.co