GDPR Readiness Statement · March 24, 2026 · Document Version: 1.0
PortFlow is a maritime logistics SaaS platform designed for agencias portuarias throughout the Caribbean and Latin America. Many of our customers operate internationally and work with shipping companies that fall under European Union data protection requirements.
This statement outlines PortFlow's commitment to GDPR compliance and explains how we protect the personal data of users, crew members, and other individuals referenced in maritime operations.
"We treat your data like it's our own. This is our core principle."
The General Data Protection Regulation (GDPR) is the EU's comprehensive data protection law that applies to:
Maritime agencies often work with European shipping companies, EU-citizen crew members, EU-based vessel owners, European customers and partners, and EU regulatory authorities. This data falls under GDPR protection, even if your agency is located outside the EU.
PortFlow provides a comprehensive Data Processing Agreement that includes:
Status
DPA is available upon request and will be finalized by Q2 2026.
To request a DPA, email privacy@portflow.tech with your organization name, data protection officer contact, and intended use cases.
| Sub-Processor | Function | Location |
|---|---|---|
| Neon Postgres | Database storage | US (default); EU available |
| Vercel | Application hosting | Global |
| Anthropic Claude | Chatbot AI | US |
| Zoho CRM | Support / CRM | US |
You will be notified of any sub-processor changes and have the right to object.
Database: Neon Postgres on AWS us-east-1 (Northern Virginia, USA). Application servers: Vercel Global Edge Network.
For organizations requiring GDPR adequacy compliance, we can configure your environment to keep data within EU/EEA boundaries.
Contact: sales@portflow.tech
For default US-based configuration: Standard Contractual Clauses (SCCs) approved by the EU Commission. PortFlow implements encryption making data unreadable, contractual restrictions on government access, and transparency procedures.
Request a copy of all personal data we hold, including how it's processed, who we share it with, and retention periods.
Correction of inaccurate or incomplete data (e.g., vessel name, crew member information).
Deletion of personal data, including crew information. Limited by maritime legal requirements (7-year retention for some data).
Limit how we process your data while you resolve a dispute or verify accuracy.
Export your data in portable, machine-readable format (CSV, JSON) suitable for transfer to another service provider.
Object to marketing communications or analytics. Honored immediately.
PortFlow does NOT use automated decision-making to determine access to services or restrict features. Humans make all important decisions.
To exercise any right, email privacy@portflow.tech with proof of identity.
Maritime operations involve names, passport numbers, visas, medical information, certifications, salary, and next-of-kin contacts. This is personal data covered by GDPR if crew are EU residents.
Your agency controls this data (controller). PortFlow provides secure storage (processor). Crew members retain GDPR rights including access and deletion.
Company names and details are NOT personal data. Individual names, email addresses, and phone numbers within companies ARE personal data under GDPR. PortFlow separates personal and non-personal data where possible.
Cargo declarations, crew lists, customs information submitted to port authorities may require specific handling. PortFlow helps you organize data for submission and does not retain submission copies beyond 30 days.
"We treat your data like it's our own."
Response timeline: Acknowledgment within 2 business days · Preliminary response within 15 days · Final response within 30 days
PortFlow © 2026 · All Rights Reserved · Document Version 1.0