Privacy Policy
Last updated: June 4, 2026
Data controller:Tribal House LLC, a limited liability company registered in Ghana (“Tribal House”, “we”, “us”). Privacy questions or data requests: privacy@portbay.app.
PortBay is a local-first desktop app. The short version: your projects, their configuration, and your secrets live on your own machine. We collect as little as possible, we never sell your data, and the data that does reach our servers — only when you turn on a hosted feature — is minimal and, for sync, end-to-end encrypted.
This website
- No cookies, no trackers. portbay.app sets no cookies and runs no analytics, advertising, or tracking scripts. Fonts are self-hosted. See the cookie notice.
- Server logs. Our hosting infrastructure (Cloudflare) transiently processes your IP address and request metadata to deliver the site and protect it from abuse (legitimate interest, GDPR Art. 6(1)(f)).
- Checkout. The checkout page loads Paddle, our payment provider — see “Payments” below.
The desktop app
By default, everything stays on your device. You can use PortBay anonymously, fully offline, without an account — in that mode we receive no personal data from you at all. Telemetry and crash reporting are off by default and opt-in; when enabled, they carry app and environment metadata, never your project contents, file paths, or secrets.
PortBay accounts
Creating an account is optional and only needed for hosted features. What we store, and the legal basis for it (GDPR Art. 6):
| Data | Why | Lawful basis |
|---|---|---|
| GitHub identity (id, login, avatar URL, email) or your email address | Identify your account | Contract (Art. 6(1)(b)) |
| Session records (hashed refresh token, timestamps) | Keep you signed in securely | Contract |
| License (tier, source, timestamps, revocation status) | Grant and verify your entitlement | Contract |
| Registered devices (name — defaults to your computer’s hostname — platform, last seen) | Show and let you revoke synced devices | Contract |
| Sync metadata (version, size, timestamp of your encrypted blob) | Reconcile multi-device sync | Contract |
| Operational logs / IP address (transiently, via Cloudflare) | Security, abuse prevention | Legitimate interest (Art. 6(1)(f)) |
If you enable sync, your project registry is encrypted on your machine before it leaves it — only ciphertext reaches our servers, and we cannot read it.
Payments (Paddle)
Pro subscriptions are sold through Paddle, our Merchant of Record. Paddle collects your name, billing address, and payment details under its own privacy policy and is an independent controller for that data — your card details never reach our systems. We receive only a purchase reference, the account it belongs to, and the amount.
Sub-processors and international transfers
| Party | Purpose | Location | Transfer safeguard |
|---|---|---|---|
| Cloudflare | Hosting, database, encrypted blob storage | Global (US et al.) | EU–US Data Privacy Framework + SCCs |
| Paddle | Payments (independent controller) | UK / US | Paddle’s own DPF / SCC safeguards |
| AcumbaMail | Transactional + lifecycle email | EU | EU-based |
| GitHub (only with GitHub sign-in) | OAuth identity, avatar CDN | US | EU–US Data Privacy Framework |
| PostHog (only if you enable telemetry) | Aggregate analytics dashboard | US | EU–US Data Privacy Framework / SCCs |
Tribal House LLC is registered in Ghana and our infrastructure runs on Cloudflare’s global network, so data may be processed outside your country. Transfers of EEA/UK data rely on the safeguards above; where we access account data from outside the EEA, the same contractual safeguards and encryption measures apply.
Your rights
Under the GDPR you may access, rectify, erase, restrict, or port your data and object to legitimate-interest processing; under the CCPA/CPRA you may know, delete, and correct. We don’t sell or “share” personal information.
- Delete your account: Settings → Account → Delete account in the app signs you out everywhere and schedules the erasure of your account, license, devices, sessions, and encrypted sync blob. The purge completes 30 days after the request; signing back in within those 30 days cancels it. You can also email privacy@portbay.app.
- Export your data: Settings → Account → Export my datadownloads the account data we hold as JSON — or email us and we’ll send it.
- We respond within the statutory window (30 days GDPR / 45 days CCPA). For billing data, contact Paddle or ask us to pass the request along.
You may also complain to your local supervisory authority (GDPR) or the California Privacy Protection Agency.
Retention
Account, license, device, and sync records are kept while your account exists and deleted when you delete it. Sessions expire automatically. Magic-link and login-flow records live for minutes. Aggregated, anonymous telemetry may be retained for analysis.
The full policy
The complete product privacy policy — including the app’s local data handling, certificate issuance, and email practices — lives in the docs: docs.portbay.app/legal/privacy. Material changes are noted there and surfaced in-app.
Contact
Privacy questions or data requests: privacy@portbay.app. Security reports: security@portbay.app.