Pods logo - two sperm whales divingPodsbeta

GDPR

Pods is GDPR compliant.

We have made it a priority to protect your data. Privacy is not a checkbox — it's a principle we built the entire system around, from day one.

Your data rights

Right to be informed

We tell you clearly what data we collect, why we collect it, and how long we keep it — before you sign up and whenever we make changes.

Right of access

You can request a full export of all personal data we hold about you at any time by contacting us.

Right to rectification

You can update your profile, certifications, and all personal details directly inside the app at any time.

Right to erasure

You can permanently delete your account from the Settings page. All your data is fully removed within 30 days.

Right to restriction

You can request that we restrict processing of your data while a dispute is being resolved.

Right to data portability

You can request your data in a structured, machine-readable format so you can take it with you.

Right to object

You can object to processing of your personal data at any time, including for direct marketing.

No automated decision-making

Pods does not make legally significant automated decisions about you using your personal data.

What is GDPR?

The General Data Protection Regulation (GDPR) is a data privacy law enacted by the European Union, in effect since May 25, 2018. It is considered one of the world's leading privacy frameworks, giving individuals control over how their personal data is collected, stored, and used.

Is Pods GDPR compliant?

Yes. Pods was designed with GDPR principles as a core constraint — not as an afterthought. We self-audited our architecture, data flows, and user rights implementation against the GDPR controls. Like most companies at our stage, this is a self-audit. We intend to move toward a more formal compliance process as the platform grows.

What data do we collect?

We collect only what is necessary to provide the Pods service: your name, email address (via PropelAuth), diving profile information (certifications, specialties, logbook entries), and activity within the app (pod membership, messages). We do not sell your data. We do not share it with third parties except the sub-processors required to run the service (listed below).

Who audited Pods?

Unlike SOC 2 or ISO 27001, GDPR is a law — not a certification scheme. Most companies, including well-known SaaS providers, self-audit to align with GDPR controls. Pods followed the same approach. Our architecture was designed from the ground up with data minimization, purpose limitation, and user rights in mind.

Where is data stored?

Pods data is stored in the United States (US) on infrastructure managed by WavePeople, using Cloud Providers such as AWS and MongoDB Atlas, whom are themselves GDPR-compliant.

Sub-processors

We use a small number of carefully chosen third-party services to operate Pods: PropelAuth, MongoDB Atlas, and Resend. Each of these sub-processors maintains their own GDPR compliance and DPAs.

Contact & requests

To exercise any of your data rights, or if you have any privacy questions, contact us at privacy@wavepeople.io. We respond to all requests within 30 days.

Last updated: May 2026. This page may be updated as our processes mature. If you have questions or wish to exercise your rights, contact privacy@wavepeople.io.