Privacy Policy
Effective date: May 16, 2026
This Privacy Policy is reviewed periodically and may be updated as the platform evolves or as legal counsel advises. Material changes will be notified to active users by email at least 14 days before taking effect.
Privacy Officer and Accountability
Portis is operated by Timothy Pryor (Belle River, Ontario, Canada), who serves as the designated Privacy Officer accountable for compliance with this Privacy Policy and applicable privacy law. Privacy inquiries, access requests, correction requests, and complaints should be directed to [email protected].
Scope and Consent
This Privacy Policy describes how Portis collects, uses, discloses, and protects personal information. By creating an account or using Portis, you provide informed consent to the practices described in this policy. You may withdraw consent at any time by closing your account; withdrawal of consent will end your access to the Service.
Personal Information We Collect
We collect the following categories of personal information:
Account information — name, email address, username, password (hashed), subscription status, account creation date.
Operational content you create — vessel registry entries, captain's log entries, private port notes, photographs you upload.
Payment information — handled exclusively by Stripe. Portis does not store credit card numbers, CVV codes, or full payment details. We receive only Stripe customer ID, subscription status, and last four digits of the card for receipts.
Technical and usage information — IP address, browser type and version, operating system, device type, session duration, pages visited, features used, error logs. This information is used for security, debugging, fraud prevention, and aggregated usage statistics. We do not build behavioural profiles or track you across other websites.
Communications — emails or messages you send to [email protected] or [email protected].
How We Use Personal Information
We use personal information to: (a) provide and operate the Service; (b) process subscriptions and payments through Stripe; (c) send account-related emails (account confirmation, password reset, billing notices, material changes to Terms or Privacy Policy, security alerts); (d) provide customer support; (e) improve and secure the platform; (f) detect and prevent fraud or abuse; (g) comply with legal obligations including Canadian tax and regulatory requirements.
We do not sell personal information. We do not use personal information for targeted advertising. We do not train artificial-intelligence models on your personal information or Your Content.
Data Storage and Cross-Border Transfers
Account data, vessel records, log entries, and port notes are stored on Supabase infrastructure in the Canadian region (ca-central-1), encrypted at rest.
Payment processing is performed by Stripe (Stripe, Inc., United States); Stripe may store and process payment information in the United States and other jurisdictions in accordance with its own privacy policy and applicable security standards. Web hosting and DNS are provided by Cloudflare, which operates a global edge network; non-personal page requests may be routed through edge nodes outside Canada.
By using Portis, you consent to the cross-border processing described above. We use contractual and technical safeguards consistent with Canadian privacy law to protect personal information transferred outside Canada.
Disclosure to Third Parties
We share personal information only with: (a) Stripe — payment processing; (b) Supabase — database and authentication hosting; (c) Cloudflare — web hosting and content delivery; (d) law enforcement or regulators where required by law, court order, or legal process. We do not share Your Content with any government data source (NOAA, ECCC, etc.) — the data flow is one-way: from those sources into Portis. We do not share or sell personal information for marketing purposes.
Quebec Residents and Provincial Privacy Laws
Portis is committed to compliance with Quebec's Act respecting the protection of personal information in the private sector (Law 25) for users resident in Quebec, and with British Columbia's Personal Information Protection Act (PIPA) and Alberta's PIPA for users resident in those provinces. Quebec residents have additional rights including data portability and the right to be informed of automated decision-making (Portis does not currently use automated decision-making). Quebec residents should direct privacy inquiries to [email protected] with "Quebec — Law 25" in the subject line.
Your Rights
You have the right to: (a) access the personal information we hold about you; (b) request correction of inaccurate personal information; (c) request deletion of your account and Your Content; (d) withdraw consent and discontinue use of the Service; (e) request a copy of your captain's log and port notes (export); (f) file a complaint with Portis about how we handle your personal information.
To exercise any right, email [email protected]. We will respond within 30 days. There is no fee for reasonable requests.
If you are unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or, if you are a Quebec resident, with the Commission d'accès à l'information du Québec (cai.gouv.qc.ca).
Data Retention
Active accounts: personal information retained while your account is open.
After account closure: Your Content (log entries, port notes, vessel records) is exportable for 30 days, then permanently deleted from active systems. Encrypted backups may persist for up to 90 days for disaster-recovery purposes, then are deleted.
Billing records and audit logs: retained for 7 years for Canadian tax and regulatory compliance.
Email correspondence: retained for up to 2 years for support continuity, then deleted.
Security
We protect personal information through: (a) encryption in transit (TLS 1.2 or higher) and at rest (Supabase storage encryption, password hashing via Supabase Auth); (b) access control via row-level security policies; (c) audit logging of administrative actions; (d) regular review of third-party processor security posture. No system is perfectly secure; we cannot guarantee that personal information will never be accessed by unauthorized parties despite our safeguards.
Breach Notification
If a breach of personal information occurs that poses a real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as required by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial law. Notification will describe the nature of the breach, the personal information involved, and steps you can take to protect yourself.
Cookies and Local Storage
Portis uses localStorage and sessionStorage in your browser to maintain your session, store theme preferences, and cache reference data for performance. Portis does not use third-party tracking cookies, advertising cookies, or analytics services that build behavioural profiles. You can clear local storage at any time through your browser settings; this will sign you out of Portis.
Children
The Service is intended for users aged 18 and older. We do not knowingly collect personal information from individuals under 18. If you believe we have inadvertently collected information from a minor, contact [email protected] and we will delete it promptly.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify active users by email at least 14 days before material changes take effect. We will not retroactively expand how we use personal information already collected without obtaining your fresh consent.
Contact
Privacy Officer: Timothy Pryor
Portis, Belle River, Ontario, Canada
[email protected]
Office of the Privacy Commissioner of Canada: priv.gc.ca
Commission d'accès à l'information du Québec: cai.gouv.qc.ca