Privacy policy
Last updated: May 27, 2026
This is a working draft tailored to how porthatch products actually handle data. Have qualified counsel review it for your jurisdiction before pointing real customers at it.
1. Who we are
Porthatch ("we", "us") operates the products Placet, Veneer, Cordon, and Sluice under the same operating entity. Each product is a distinct service, but the data-handling practices below apply to all of them unless stated otherwise.
2. What we collect
We collect only what we need to run the service and bill it.
| Category | Examples | Why |
|---|---|---|
| Account identifiers | Email, name (optional), hashed session cookie | Authentication, magic-link sign-in |
| Workspace data | Workspace name, plan, trial state | Service provisioning, billing |
| Product-specific content | (Placet) board posts, decisions; (Sluice) uploaded email lists; (Veneer/Cordon) audit metadata about what your clients viewed or edited | Core service functionality |
| Billing identifiers | Stripe customer id, subscription id, last 4 of card (via Stripe) | Subscription management; card details never reach our servers |
| Technical telemetry | Request id, route, latency, error class, hashed IP (sha256 with a server-side salt — never the raw IP) | Operations and security |
Veneer + Cordon proxy your own Airtable and Notion data through to your clients — we do not copy that content into our database. We store only the access rules you define and an audit log of which records were accessed or written, by which client email.
3. Why we collect it (legal basis)
We process personal data on three legal bases:
- Performance of a contract — most of it. You signed up; we run the service you paid for.
- Legitimate interest — operational telemetry (hashed IPs, request metrics) for keeping the service up and abuse-resistant.
- Consent — for any non-essential cookies (we don't currently use any tracking cookies; see /legal/cookies).
4. Where it lives (subprocessors)
We keep the list of subprocessors and where they're located at /legal/subprocessors. Sub-processor changes get announced at least 30 days before they take effect; existing customers can object and exit if a new processor is incompatible with their compliance posture.
5. How long we keep it
| Data | Retention |
|---|---|
| Account + workspace | Until you delete your account, then 30 days in soft-delete before hard purge |
| Audit log (Veneer, Cordon) | 180 days online, then archived to long-term storage with the same access controls; purgeable on DSAR |
| Workflow + job records (Sluice) | 90 days, then aggregated to retention-safe counters |
| Billing records | 7 years (tax / accounting requirement) |
| Technical telemetry | 30 days |
Soft-delete means the workspace is hidden, your sign-in is invalidated, and billing is cancelled — but a 30-day window lets you cancel the deletion in case it was a mistake. After 30 days the cron purges the data permanently.
6. Your rights
If you live in the EU, UK, or a jurisdiction with comparable rights, you can:
- Access / portability — self-serve via your account settings
(
/app/settings) → "export data". Returns a JSON archive of your workspace, attached integrations metadata, access rules, and audit log. Rate-limited to once per 24 hours. Notion / Airtable content is excluded because we never store it — fetch it from the source. - Rectification — edit your account details in
/app/settings. Workspace data is editable inside the product UI itself. - Erasure — email privacy@porthatch.app with the email address tied to the account. We confirm via reply (so we don't delete on a spoofed sender) and process within 30 days. A self-serve "delete account" button is on the roadmap; until it ships, the email path is the canonical channel — and it lets a human catch obvious mistakes (e.g. you wanted to cancel billing, not erase everything).
- Restrict processing / object — email privacy@porthatch.app. We respond within 30 days.
- Lodge a complaint with your data protection authority.
We don't sell personal data and don't run automated decision-making that produces legal effects.
7. Children
The service is not directed at children under 16. If you believe a child has signed up, email privacy@porthatch.app and we'll delete the account.
8. Changes to this policy
Material changes get a notification to your account email at least 14 days before they take effect. Continued use after the effective date counts as acceptance.
9. Contact
For privacy questions or DSARs: privacy@porthatch.app.
For everything else: support@porthatch.app.