Privacy Policy
Last updated: 28 June 2026
This Privacy Policy explains how Coral Playground ("we", "us", "our") collects, uses, shares, and protects your personal data when you use https://coralplayground.com and our related services (the "Platform"). We are committed to handling your data responsibly and in line with the UK GDPR, the EU GDPR, and applicable data-protection law in the regions where we operate, including Egypt.
By using the Platform you agree to the practices described here. If you do not agree, please do not use the Platform.
1. Who is responsible for your data
Coral Playground is the data controller for personal data processed through the Platform. For privacy questions or to exercise your rights, contact support@coralplayground.com.
2. Data we collect
You provide to us:
- Account details — name, email, password, and profile information.
- Booking details — the experiences you book, dates, group members, and special requests.
- Diver details — certification level and agency, dive experience, and, where an Operator requires it for safety, health/medical-fitness declarations and emergency-contact information. Health data is treated as a special category and is only collected and shared where necessary to deliver the dive safely.
- Dive logs — dives you record, including sites, dates, depths, and notes.
- Business details (Operators) — company information, listings, and payout details.
- Communications — messages you send to us, Operators, or support.
Collected automatically:
- Usage and device data — pages viewed, actions taken, IP address, browser, and device type, via analytics (PostHog) and performance tooling (Vercel Analytics).
- Cookies and similar technologies — see our Cookie Policy.
- Approximate location — to show nearby dive sites and centres, where you allow it.
Payment data is processed by our payment provider (Stripe). We do not store full card details on our systems.
3. How we use your data
We use your data to:
- Create and manage your account and provide the Platform.
- Process bookings, collect the deposit, and pass necessary details to the relevant Operator so they can deliver your experience safely.
- Send transactional emails (booking confirmations, reminders, receipts) via our email provider (Brevo).
- Provide diver tools such as dive logs and saved sites.
- Improve and secure the Platform, prevent fraud, and analyse usage.
- Send marketing communications where you have opted in — you can unsubscribe at any time.
- Comply with legal obligations and enforce our Terms.
Legal bases (UK/EU GDPR) include: performance of our contract with you (bookings, account), your consent (marketing, non-essential cookies, health data sharing with Operators), our legitimate interests (security, improving the service), and legal obligation.
4. How we share your data
We share data only as needed:
- With Operators — the details required to fulfil your booking (name, contact, relevant certification/medical and emergency-contact information).
- With service providers acting on our behalf — including Supabase (database/auth hosting), Stripe (payments), Brevo (email), Meta (advertising pixel, where you have consented), and mapping providers (Google Maps, Mapbox) — under appropriate contractual safeguards.
- For legal reasons — where required by law or to protect rights, safety, and the integrity of the Platform.
- In a business transfer — if Coral Playground is involved in a merger, acquisition, or asset sale.
We do not sell your personal data.
5. International transfers
Your data may be processed outside your country, including by providers in other jurisdictions. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or an equivalent legal mechanism.
6. Data retention
We keep personal data only as long as necessary for the purposes described here — typically for the life of your account and a reasonable period afterwards to meet legal, tax, accounting, and dispute-resolution obligations. You can ask us to delete your account at any time (see your rights below).
7. Your rights
Depending on your location, you have the right to access, correct, delete, restrict, or object to the processing of your personal data; to data portability; and to withdraw consent at any time. Where applicable (e.g. under CCPA), you may also opt out of certain data uses. To exercise any right, contact support@coralplayground.com. You also have the right to complain to your local data-protection authority.
8. Cookies and tracking technologies
We use the following categories of cookies and similar technologies:
- Strictly necessary — Supabase authentication tokens that keep you signed in and secure. These are required for the Platform to function.
- Analytics — PostHog and Vercel Analytics collect anonymised usage data (pages visited, actions taken, device type) to help us improve the Platform. These fire only with your consent.
- Advertising — We use the Meta Pixel (Facebook/Instagram) to measure the effectiveness of our marketing campaigns. This fires only after you accept all cookies via the cookie banner. You can withdraw consent at any time by clearing your browser storage or using your browser's privacy settings.
See our Cookie Policy for a full breakdown.
9. Security
We use technical and organisational measures — including encryption in transit, access controls, and row-level security on our database — to protect your data. No system is perfectly secure, but we work to protect your information and to respond promptly to any incident.
10. Children
The Platform is not intended for children under 18. We do not knowingly collect data from children except where a minor is included in a booking made by a responsible adult and the Operator's policy permits their participation.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, where appropriate, notify you of material changes.
12. Contact
For any privacy question or request, contact info@coralplayground.com.