Skip to content

Legal

Privacy policy

Privacy policy

Last updated: June 15, 2026

1. Who we are

Porthatch ("we", "us") operates the products Placet, Veneer, Cordon, and Sluice under the same operating entity. Each product is a distinct service, but the data-handling practices below apply to all of them unless stated otherwise.

2. What we collect

We collect only what we need to run the service and bill it.

Category Examples Why
Account identifiers Email, name (optional), hashed session cookie Authentication, magic-link sign-in
Workspace data Workspace name, plan, trial state Service provisioning, billing
Product-specific content (Placet) board posts, decisions; (Sluice) uploaded email lists; (Veneer/Cordon) audit metadata about what your clients viewed or edited Core service functionality
Billing identifiers Paddle customer id, subscription id Subscription and credit-pack management. Paddle is our Merchant of Record and payment processor; card details go directly to Paddle and never reach our servers
Technical telemetry Request id, route, latency, error class, hashed IP (sha256 with a server-side salt — never the raw IP) Operations and security

Veneer + Cordon proxy your own Airtable and Notion data through to your clients — we do not copy that content into our database. We store only the access rules you define and an audit log of which records were accessed or written, by which client email.

3. Why we collect it (legal basis)

We process personal data on three legal bases:

  • Performance of a contract — most of it. You signed up; we run the service you paid for.
  • Legitimate interest — operational telemetry (hashed IPs, request metrics) for keeping the service up and abuse-resistant.
  • Consent — for any non-essential cookies (we don't currently use any tracking cookies; see /legal/cookies).

4. Where it lives (subprocessors)

We keep the list of subprocessors and where they're located at /legal/subprocessors. Sub-processor changes get announced at least 30 days before they take effect; existing customers can object and exit if a new processor is incompatible with their compliance posture.

5. How long we keep it

Data Retention
Account + workspace Kept while your account is active; deleted within 30 days of a verified deletion request
Audit log (Veneer, Cordon) 180 days online, then archived to long-term storage with the same access controls; purgeable on DSAR
Workflow + job records (Sluice) Uploaded CSVs and per-row verdicts are purged automatically 90 days after the job runs; only retention-safe counters (no email addresses) remain
Billing records Kept as long as required for tax and accounting obligations
Technical telemetry 30 days

The Sluice 90-day purge is automated — a daily job removes the input CSV (from R2) and the stored per-row results once they pass the retention window. Account and workspace deletion is handled on request (see §6).

6. Your rights

If you live in the EU, UK, or a jurisdiction with comparable rights, you can:

  • Access / portability — email privacy@porthatch.app from the address tied to the account and we'll provide a copy of the personal data we hold (account, workspace metadata, access rules, audit log) within 30 days. Sluice job results are downloadable directly from the dashboard while they're within the retention window. Notion / Airtable content is excluded because we never store it — fetch it from the source.
  • Rectification — edit your account details in /app/settings. Workspace data is editable inside the product UI itself.
  • Erasure — email privacy@porthatch.app with the email address tied to the account. We confirm via reply (so we don't delete on a spoofed sender) and process within 30 days. Routing the request through a person also lets us catch obvious mistakes (e.g. you wanted to cancel billing, not erase everything).
  • Restrict processing / object — email privacy@porthatch.app. We respond within 30 days.
  • Lodge a complaint with your data protection authority.

We don't sell personal data and don't run automated decision-making that produces legal effects.

7. Children

The service is not directed at children under 16. If you believe a child has signed up, email privacy@porthatch.app and we'll delete the account.

8. Changes to this policy

Material changes get a notification to your account email at least 14 days before they take effect. Continued use after the effective date counts as acceptance.

9. Contact

For privacy questions or DSARs: privacy@porthatch.app.

For everything else: support@porthatch.app.