Legal
Privacy Policy
Effective date: March 26, 2026
This policy explains what personal data we process, why we process it, the legal bases we rely on, how long we keep data, and your rights under applicable laws including GDPR/UK GDPR where relevant.
1) Who we are / developer contact
PortTrip provides cruise-focused planning tools, itinerary generation, and account features for travelers. PortTrip is the data controller for personal data you provide to use our services.
Data Controller: PortTrip. Privacy contact: privacy@porttrip.com.
2) What data we collect
- Identity and account data (for example: full name, email, account identifiers, and authentication metadata).
- Planner and content data (for example: itinerary inputs, generated plans, and related interactions).
- Transaction and billing metadata from payment processing providers (for example: plan status, payment event IDs, and billing lifecycle information).
- Customer support and communication records.
- Technical and usage data (for example: log events, browser/device details, and security telemetry).
3) How we use data
- To provide and operate account, planning, and support services.
- To protect users, enforce terms, prevent abuse, and maintain platform security.
- To process subscriptions, invoicing, and payment-related operations.
- To improve product quality, reliability, and user experience.
- To comply with legal obligations and respond to lawful requests.
4) Legal bases / consent (GDPR-focused)
For users in the EEA/UK and where GDPR-like regimes apply, we rely on the following legal bases under Article 6 GDPR:
- Contract performance: Processing required to provide requested services, including account access, itinerary generation, and core app functionality.
- Legitimate interests: Security monitoring, fraud prevention, product improvement, and service reliability where these interests are not overridden by your rights.
- Consent: Where required by law, such as specific communications or optional processing, and you may withdraw consent at any time.
- Legal obligation: Retention or disclosure required by tax, accounting, consumer protection, anti-fraud, or other legal requirements.
5) Third-party services used (processors/providers)
We use third-party providers to operate key functionality. These providers may process personal data under their own privacy policies and contractual terms.
- OpenAI: AI itinerary and assistant responses ( privacy policy).
- Tavily: Web research enrichment for travel answers ( privacy policy).
- Stripe: Payment processing and billing operations ( privacy policy).
6) Data retention
We retain personal data only as long as needed for the purposes in this policy, including operational, contractual, legal, tax, accounting, and dispute-resolution requirements. We then delete or de-identify data where feasible.
7) Data deletion
You may request deletion from our public deletion URL. We verify identity before deletion. Certain records may be retained when required for legal, security, anti-fraud, or accounting reasons.
Public deletion URL: /delete-account.
8) User rights
- Right of access to your personal data.
- Right to rectify inaccurate or incomplete personal data.
- Right to erasure (right to be forgotten), subject to legal exceptions.
- Right to restrict processing in certain circumstances.
- Right to data portability for data processed by automated means on legal bases that support portability.
- Right to object to certain processing, including processing based on legitimate interests.
- Right to withdraw consent where processing is based on consent.
- Right to lodge a complaint with your local supervisory authority.
To exercise rights, contact privacy@porttrip.com. We may need to verify identity before completing a request.
9) Security
We use administrative, technical, and organizational safeguards intended to protect personal data, including access controls and secure handling practices. No system can guarantee absolute security.
10) Children's privacy
PortTrip is not directed to children under 13 (or the higher age required in your jurisdiction), and we do not knowingly collect personal data from children.
11) International transfers
Personal data may be processed in countries outside your country of residence. Where required, we implement transfer safeguards such as contractual measures and service-provider protections.
Primary operating jurisdictions: United States and other jurisdictions where our users are located.
12) Contact information
General support: support@porttrip.com.
Privacy requests: privacy@porttrip.com.
Additional GDPR transparency notes
PortTrip may use automated systems to generate recommendations, but we do not use solely automated decision-making that produces legal or similarly significant effects without meaningful human oversight.
If you are in the EEA/UK, you may also lodge a complaint with your local data protection supervisory authority.