LucidSeas
Back to Home

Privacy Policy

Last updated: March 18, 2026

1. Introduction

This Privacy Policy explains how the Lucid Seas application ("App," "we," "us," or "our"), operated by DigiSea Labs LLC, collects, uses, and protects your information. This policy is designed to be consistent with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA). By using the App, you agree to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

  • Account Data: When you sign in with Google or Apple, we receive your email address, display name, and profile photo URL from the identity provider. Your email and name are managed by our authentication system; your avatar URL is stored in your profile.
  • Profile Data: Display preferences, saved settings, and any profile information you choose to provide.
  • Favorites: If you save favorite dive or snorkel spots, we store those preferences linked to your account.
  • Waitlist Email: If you join our waitlist, we store the email address you provide.
  • Device Location (optional): If you grant permission, we access your device's approximate location to show nearby spots. This data is processed in your browser and is not stored on our servers.
  • Device & Browser Data: We collect browser type, operating system, and screen size to improve app functionality and troubleshoot issues.
  • Support Communications: If you contact us by email or other means, we retain the correspondence and any information you provide in it.
  • Billing & Subscription Data: When you subscribe to a paid plan, we collect your plan type, billing dates, subscription status, and payment transaction identifiers. Full payment card details are processed and stored by Stripe — we do not store your full card numbers.
  • Local Storage Data: We store preferences, disclaimer acceptance status, and cached data locally on your device using browser localStorage. This data does not leave your device unless explicitly synced.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

  • Consent: When you sign in via Google or Apple OAuth, submit your email to our waitlist, or accept cookies and local storage.
  • Legitimate Interest: To improve app functionality, prevent fraud and abuse, and maintain service quality.
  • Contract Performance: Processing necessary to deliver the services you request, including account management and subscription processing.
  • Legal Obligation: Where required for tax records, legal compliance, or regulatory requirements.

4. How We Use Your Information

We use collected information to:

  • authenticate your identity and maintain your session
  • sync your favorite spots across devices
  • display estimated conditions for dive and snorkel locations
  • show locations near you (if location permission is granted)
  • send waitlist notifications and product updates
  • process subscriptions, billing, and payment-related communications
  • remember your preferences and consent acknowledgments
  • respond to support requests and communications
  • improve app functionality, performance, and user experience
  • prevent fraud, abuse, and unauthorized access

5. Third-Party Services & Processors

We use the following third-party services to operate the App:

  • Google / Apple: Authentication providers that facilitate sign-in. Their respective privacy policies govern data they collect during the OAuth flow.
  • Supabase: Database hosting, authentication infrastructure, and backend services. Supabase processes account data and app data on our behalf.
  • Storm Glass: Marine, weather, and tide data provider. We send location coordinates to retrieve forecast data for specific sites. No personal user data is shared with Storm Glass.
  • Google Gemini: AI service used to generate condition summaries and related outputs. Lucid Seas sends relevant app data, prompts, and contextual information — such as site conditions, scoring data, and location context — necessary to generate AI summaries. We do not intentionally send personal user information to Gemini beyond what is necessary for those features.
  • Stripe: Payment and subscription processing. Stripe processes your payment information directly. Lucid Seas does not store full payment card details. Stripe's privacy policy governs their handling of your payment data.

We do not sell, rent, or trade your personal information to third parties.

6. Marketing & Email Communications

We may send you the following types of emails:

  • Transactional: Account confirmations, billing receipts, security alerts, and service-related notices
  • Product Updates: New features, improvements, and app announcements

You can unsubscribe from non-essential communications at any time via the unsubscribe link in any email or by contacting us at hello@digisealabs.com. We do not sell your email address to third parties.

7. International Data Transfers

Your data may be processed and stored on servers located outside the European Union or European Economic Area (EU/EEA), including in the United States, through our infrastructure providers. Where required by applicable law, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure your data is protected in accordance with applicable data protection laws.

8. Data Retention

We retain your data only as long as necessary for the purposes described in this policy:

  • Account data and favorites: Retained while your account is active. Deleted within 30 days of an account deletion request.
  • Waitlist emails: Retained until you unsubscribe or request deletion.
  • Support communications: Retained for up to 2 years after the last interaction.
  • Forecast cache: Expires automatically (approximately 2 hours) and is not linked to individual users.
  • Billing records: Retained as required by tax and accounting law.
  • Local storage data: Stored on your device until you clear it through your browser settings.

9. Cookies, Local Storage & Tracking

We do not use third-party tracking cookies. The App uses browser localStorage for:

  • authentication session tokens
  • user preferences (such as disclaimer acceptance)
  • cached forecast data for performance
  • consent state

We do not use fingerprinting or cross-site tracking. This data is stored on your device and can be cleared at any time through your browser settings.

10. Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Data Portability: Request your data in a structured, machine-readable format
  • Restrict Processing: Request that we limit how we use your data
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Lodge a Complaint: File a complaint with your local data protection supervisory authority

We will respond to requests within 30 days. In certain cases, we may extend this period by up to 60 additional days, and we will notify you if an extension is necessary.

11. Your Rights Under CCPA/CPRA

If you are a California resident, you have the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale: We do not sell your personal information as defined under the CCPA/CPRA
  • Right to Limit Use of Sensitive Information: You may request limitations on how we use sensitive personal information, where applicable
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights

We do not share your personal information for cross-context behavioral advertising.

12. How to Exercise Your Rights

To exercise any of the rights described above, contact us at hello@digisealabs.com.

To protect your privacy, we may require identity verification before fulfilling your request. Verification may include confirming your email address or providing additional identifying information.

We will respond to your request within 30 days. If we need additional time, we will notify you of the reason and the expected timeline.

13. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. If you become aware of a security vulnerability or breach, please contact us immediately at hello@digisealabs.com.

14. Children's Privacy

The App is not directed at children under the age of 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If we learn that we have collected information from a child under the applicable age threshold, we will delete it promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@digisealabs.com.

15. Sale or Sharing of Personal Information

We do not sell your personal information as defined under the CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising. If our practices change in the future, we will update this policy and provide you with the ability to opt out as required by law.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. For significant changes, we may also provide notice through the App. We encourage you to review this policy periodically.

17. Contact

For questions or requests regarding this Privacy Policy, contact us at:

hello@digisealabs.com

DigiSea Labs LLC