Portara
TermsPrivacy

Privacy Policy

Last updated: March 6, 2026

This Privacy Policy describes how Portara (“we,” “us,” or “our”) collects, uses, and shares information when you use our personal homepage service at portara.me and related Chrome extension (collectively, the “Service”).

Data Controller: Portara — legal@portara.me

1. Information We Collect

1.1 Information You Provide

  • Account information: When you create an account via Google OAuth, we receive your name, email address, and Google profile picture from Google. When you use magic link sign-in, we collect your email address.
  • Dashboard content: Card configurations (bookmarks, notes, RSS feeds, stock tickers, world clock zones), layout preferences, and wallpaper settings you create or import.
  • Payment information: If you subscribe to a Pro plan, payment is processed by LemonSqueezy. We receive only confirmation of your subscription status; we do not store payment card details.

1.2 Information Collected Automatically

  • Log data: Our hosting provider (Vercel) automatically collects IP addresses, browser type, operating system, referring URLs, and pages visited when you access the Service.
  • Session data: Supabase stores authentication session tokens in browser cookies to keep you signed in.
  • Local storage: The Service uses browser localStorage to cache your Supabase session client-side for performance.

1.3 Chrome Extension Data

If you install the optional Portara Chrome extension, it requests permission to access your browser bookmarks solely to display them in your Portara dashboard. Bookmark data is transmitted to the web application through a local bridge and is stored in your Portara account if you choose to import it. The extension does not send bookmark data to any third party beyond your own Portara account.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and authenticate you securely.
  • Provide, maintain, and improve the Service.
  • Sync your dashboard configuration across devices.
  • Process subscription payments and manage billing.
  • Send transactional emails (magic link authentication, account notifications).
  • Respond to your support requests.
  • Detect, investigate, and prevent fraudulent or unauthorized access.
  • Comply with legal obligations.

Legal Bases for Processing (EU/EEA Users)

Where the GDPR applies, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you requested (account creation, dashboard sync, authentication).
  • Legitimate interests: Security, fraud prevention, service improvement, and abuse detection — where these interests are not overridden by your rights.
  • Legal obligation: Where we are required to process data to comply with applicable law.
  • Consent: Where you have provided specific, informed consent for a particular processing activity (e.g., optional analytics). You may withdraw consent at any time.

3. Third-Party Services

The Service relies on the following third-party processors and providers. Each has their own privacy policy and data processing practices:

  • Supabase — database, authentication, and storage provider. Your account data, dashboard configuration, and session tokens are stored in Supabase infrastructure hosted on AWS (US East). See Supabase Privacy Policy.
  • Google — OAuth sign-in provider. When you use “Sign in with Google,” your browser communicates with Google. See Google Privacy Policy.
  • Vercel — web hosting and CDN. Vercel processes request logs including IP addresses. See Vercel Privacy Policy.
  • LemonSqueezy — payment processing for Pro subscriptions. See LemonSqueezy Privacy Policy.
  • OpenWeather — weather data API. Your approximate location (city or coordinates) is sent to OpenWeather only when you use a Weather card and have configured a location. See OpenWeather Privacy Policy.
  • Yahoo Finance / RapidAPI — stock price data. No personal data is sent; only ticker symbols.
  • Unsplash — wallpaper images. Search queries you enter for wallpapers are sent to the Unsplash API. See Unsplash Privacy Policy.
  • Google Fonts — custom fonts for the World Clock card. Font requests are made to Google servers. See Google Privacy Policy.

4. Cookies and Local Storage

We use the following browser storage mechanisms:

  • Authentication cookies: Supabase sets session cookies necessary to keep you logged in. These are essential and cannot be disabled without breaking the Service.
  • localStorage: We store your Supabase session client-side to improve performance between page loads.
  • No advertising or tracking cookies: We do not use any advertising networks, tracking pixels, or third-party analytics cookies.

You can control cookies through your browser settings. Deleting cookies will sign you out of the Service.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your data:

  • With service providers: The third-party services listed above, only to the extent necessary to operate the Service.
  • For legal compliance: When required by law, court order, or governmental authority.
  • To protect rights: When necessary to prevent fraud, enforce our Terms of Service, or protect the safety of users or the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, subject to standard confidentiality obligations.

6. International Data Transfers

Portara is operated from the United States. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data is transferred to and processed in the United States. Supabase and Vercel maintain Standard Contractual Clauses (SCCs) with their EU customers to facilitate compliant cross-border transfers under GDPR Chapter V. By using the Service, you acknowledge and consent to this transfer.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data (including all dashboard content, settings, and card configurations) within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention records).

Supabase authentication logs may be retained for up to 90 days after account deletion for security purposes.

8. Your Rights

All Users

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may update your account information through your account settings or by contacting us.
  • Deletion: You may delete your account at any time, which will trigger deletion of your personal data as described in Section 7.
  • Data portability: You may request an export of your dashboard content and configuration data.

EU / EEA Residents (GDPR)

In addition to the rights above, you have the right to:

  • Restrict processing: Request that we limit how we use your data in certain circumstances.
  • Object to processing: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint: File a complaint with your local data protection authority (e.g., the supervisory authority in your EU member state).

California Residents (CCPA / CPRA)

California residents have the following additional rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, or sell.
  • Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at legal@portara.me. We will respond to verified requests within 45 days as required by applicable law.

9. Children’s Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at legal@portara.me and we will delete it promptly.

10. Security

We implement industry-standard security measures including HTTPS/TLS encryption in transit, row-level security policies in our database (Supabase RLS), and secure session management. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. Links to Third-Party Sites

The Service may contain links to third-party websites (e.g., through RSS feed cards, bookmark links, or iframe embeds). We are not responsible for the privacy practices of those sites and encourage you to review their policies.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the “Last updated” date at the top of this page and notify you via email where practicable. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact Us

For privacy-related questions, data access requests, or to exercise your rights:

  • Email: legal@portara.me
  • Website: portara.me

For EU residents, if you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.

Terms of ServicePrivacy PolicyBack to app