Last updated: May 2025 · Version 1.0
Privacy Policy
Portlore Technologies Ltd ("Portlore", "we", "us") is committed to protecting your personal data. This policy explains what data we collect, why we collect it, how we use it, and your rights under UK GDPR and the UK Data Protection Act 2018.
Portlore Technologies Ltd is registered in England and Wales. Our data controller contact is: privacy@portlore.social.
1. Data we collect
| Data | Why we collect it | Legal basis |
|---|---|---|
| Email address | Account creation and communications | Contract |
| Display name | Community identity within Portlore | Contract |
| Sailing details (ship, departure date) | Core features: quests, ship social, itinerary | Contract |
| Quest photos | Shore Quest completion; port lore database | Consent |
| Location data (geo-tagged lore) | Port discovery map | Consent |
| Usage analytics | Product improvement | Legitimate interest |
| Marketing preferences | Sending you updates about Portlore | Consent |
We do not collect your phone number, date of birth, or payment card details. Payment processing is handled by Stripe under their own privacy policy; Portlore never receives or stores card data.
2. How we use your data
We use your data to:
- Provide the Portlore service (port maps, quests, social matching, itineraries)
- Manage your account and subscription
- Send transactional emails (sign-up confirmation, subscription receipts)
- Send marketing emails, if you have opted in
- Moderate community content and ensure platform safety
- Improve the product using anonymised usage analytics
3. Data storage and security
All Portlore user data is stored in AWS eu-west-2 (London, UK), keeping it within UK jurisdiction. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We use AWS Cognito for authentication and never store passwords in plain text.
4. Cookies
We use the following cookies:
| Cookie | Purpose | Duration | Can be declined? |
|---|---|---|---|
| portlore_cookie_consent_v1 | Stores your cookie consent choice | 1 year | No (essential) |
| Cognito auth tokens | Keeps you signed in | 30 days (refresh token) | No (essential) |
| Analytics (if consented) | Anonymised session analytics | Session | Yes |
You can change your cookie preferences at any time by clicking "Cookie settings" in the footer, or by clearing your browser's local storage.
5. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your account and personal data
- Portability — receive your data in a machine-readable format (JSON)
- Withdraw consent — for marketing emails, via the unsubscribe link in any email or via Account settings
- Object — to processing based on legitimate interest
To exercise any of these rights, email privacy@portlore.social or use the data controls in your Account settings. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.
6. Data retention
Active accounts: data is retained while your account is active. Inactive accounts (no login for 36 months) are anonymised — your port lore contributions remain but are detached from your identity. Logs and analytics are retained for 90 days.
7. Third-party processors
| Processor | Purpose | DPA in place? |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, authentication, storage | Yes |
| Stripe | Payment processing | Yes |
| Mapbox | Map tiles | Yes |
| Email provider (SES / Mailchimp) | Transactional + marketing email | Yes |
8. Children
Portlore is not intended for users under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us at privacy@portlore.social.
9. Changes to this policy
We will notify registered users of material changes to this policy by email. The version date at the top of this page always reflects the most recent update.