Effective Date: March 24, 2026 ยท Last Updated: March 24, 2026 ยท Document Version: 1.0
PortFlow is a maritime logistics SaaS platform designed for agencias portuarias (maritime agencies) throughout the Caribbean and Latin America. We understand that your data is critical to your business, and we treat it with the highest level of care and security.
This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have regarding your data. If you have any questions after reading this, please contact us at info@portflow.tech.
Your data is used exclusively for legitimate business purposes:
Providing, maintaining, and improving PortFlow. Processing vessel information and maritime operations. Generating quotations and managing invoicing.
Understanding feature usage patterns. Identifying performance bottlenecks. Improving user interface and user experience.
Responding to support requests and technical issues. Troubleshooting account or service problems. Providing training and documentation.
Detecting and preventing unauthorized access. Identifying suspicious activity patterns. Protecting against security threats.
Complying with legal and regulatory requirements. Responding to lawful government requests. Maintaining records for audit purposes.
Sending service announcements and system updates. Notifying you of planned maintenance. Responding to your inquiries.
We Do NOT:
| Data Type | Retention Period |
|---|---|
| Account data (active) | Duration of subscription |
| Account data (deleted) | 30 days (recovery window) |
| Login logs | 30 days (security auditing) |
| Operational data (vessels, ports) | 7 years (maritime industry standard) |
| Transaction & financial data | 7 years minimum (legal requirement) |
| Support tickets | 3 years |
| Email correspondence | 1 year (unless related to disputes) |
| Application & session logs | 30 days |
| Error logs | 90 days |
When you request deletion, we remove your data within 30 days. Data that cannot be deleted due to legal requirements will be anonymized.
If you are located in the EU or countries with similar privacy laws, you have the following rights regarding your personal data:
Request a copy of all personal data we hold about you, provided within 30 days in a portable, machine-readable format.
Request deletion of your personal data, except where we have a legal obligation to retain it (e.g., 7-year tax records). Completed within 30 days.
If your data is inaccurate or incomplete, request corrections. We will update your information promptly.
Request your data in a standard format suitable for transfer to another service provider within 30 days.
Object to certain data processing activities, particularly marketing communications. Honored immediately.
Request that we limit how we process your data while you resolve a dispute or we verify accuracy.
To exercise any of these rights, contact: privacy@portflow.tech. Include proof of your identity and specify which right you wish to exercise.
PortFlow works with trusted service providers who process data on our behalf under strict Data Processing Agreements (DPAs):
Database Provider ยท US (us-east-1); EU available
Storing all PortFlow databases
Hosting Provider ยท Global CDN
Hosting PortFlow frontend and API
Error Monitoring ยท US
Production error tracking and performance monitoring. PII filtered automatically.
Marina Chatbot AI ยท US
Processing chatbot queries. User queries only, not vessel data.
CRM & Support ยท US
Managing customer relationships and support tickets
All communications use TLS 1.3 encryption. HTTPS enforced on all PortFlow domains. Certificates issued by recognized certificate authorities.
Database data encrypted using AES-256. Backup files are encrypted. Encryption keys managed separately from encrypted data.
Only authorized personnel can access customer data. Admin access is logged and audited. Production database access restricted to designated engineers.
Firewalls restrict unauthorized network access. DDoS protection implemented. Regular security monitoring and intrusion detection.
Default: All PortFlow data is stored in Neon Postgres on AWS us-east-1 (Northern Virginia, USA).
EU Data Residency: If your organization requires EU data residency for GDPR compliance, contact sales@portflow.tech. We can configure your environment to use Neon Postgres on AWS eu-west-1 (Ireland) and Vercel EU infrastructure.
Data Transfers: For organizations outside the US, data transfers comply with GDPR Standard Contractual Clauses (SCCs), adequacy decisions where available, and your country's data transfer requirements.
Required for login and security. Cannot be disabled.
Your choices for language and display settings.
Aggregated usage data via Vercel Analytics (first-party only). Can be disabled in settings.
We do not use third-party tracking cookies (e.g., Facebook Pixel, Google Analytics). Only first-party analytics through Vercel Analytics.
If PortFlow experiences a security breach that compromises your personal data, we commit to:
PortFlow is not designed for children under 16. We do not knowingly collect data from anyone under 16. If we become aware that a child has provided personal data, we will delete it immediately.
For privacy-related questions or to exercise your data rights:
Privacy: privacy@portflow.tech
General Support: info@portflow.tech
Security Issues: security@portflow.tech
PortFlow ยฉ 2026 ยท All Rights Reserved ยท Document Version 1.0