Privacy Policy
Privacy Policy
Last updated: May 2025. This policy explains what data DiamOps collects, why, and how you can control it.
1. Who we are
DiamOps is an operational workforce-readiness platform. The service is operated by DiamOps (contact: privacy@diamops.co.uk). References to "DiamOps", "we", "us" or "our" in this policy mean DiamOps.
2. What data we collect
We collect only what is necessary to provide the service:
- Account data: email address and username when you create an account.
- Activity data: investigation completions, scores, time spent, and proof reports you generate. This data powers your progress tracking and proof outputs.
- Payment data: if you subscribe to DiamOps Pro, payment is processed by Stripe. DiamOps does not store card details. We receive a customer ID and subscription status from Stripe.
- Feedback: any feedback you submit through the platform is stored and used to improve the service.
- Usage analytics: we use Plausible Analytics, a privacy-first analytics tool that does not use cookies and does not track you across sites. It collects aggregate page view data only.
3. How we use your data
- To provide and maintain your account and investigation history.
- To generate your proof reports and portfolio outputs.
- To process payments and manage your subscription.
- To improve the platform based on aggregate usage patterns.
- To contact you about your account if required (for example, subscription changes or security notices).
We do not sell your data. We do not use your data for advertising.
4. Data sharing
We share data only with the services that operate DiamOps:
- Supabase — authentication and, where enabled, user data storage. Supabase is hosted on AWS infrastructure.
- Stripe — payment processing for Pro subscriptions. Stripe processes card data under its own PCI-compliant systems.
- Render — cloud hosting infrastructure where DiamOps runs.
- Plausible Analytics — privacy-first aggregate page analytics. No personal data is shared.
5. Proof reports and public sharing
If you choose to share a proof report link publicly (for example, with a recruiter), the contents of that report become accessible to anyone with the link. You remain responsible for the content you choose to share. DiamOps investigation reports describe your practice activity — they are not employment records, certifications, or official assessments.
6. Data retention
We retain your account and investigation data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, subject to any legal retention requirements. Anonymised aggregate data may be retained for platform improvement.
7. Your rights (UK/EEA residents)
Under UK GDPR and the Data Protection Act 2018, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data.
- Object to or restrict certain processing.
- Data portability where applicable.
To exercise any of these rights, contact privacy@diamops.co.uk.
8. Cookies
DiamOps uses session cookies to maintain your login state. We use Plausible Analytics which does not set cookies. We do not use advertising or tracking cookies.
9. Security
We use industry-standard security practices including encrypted connections (HTTPS), hashed passwords, and access controls. No method of transmission over the internet is 100% secure. We will notify affected users of any data breach as required by law.
10. Changes to this policy
We may update this policy. If changes are material, we will notify you via email or a notice on the platform. Continued use of DiamOps after changes are posted means you accept the revised policy.
11. Contact
Questions about this policy: privacy@diamops.co.uk