Legal
Privacy Policy
Effective date: March 21, 2026
Your privacy matters to us. This policy explains what personal information Portloft collects, why we collect it, how we use it, and what rights you have — in plain language.
1. Who We Are
Portloft ("we", "us", "our") is a federally incorporated Canadian company that operates the Portloft portfolio hosting platform at portloft.com and its subdomains (the "Service").
We are the "organization" responsible for the personal information we collect and hold, as defined under the Personal Information Protection and Electronic Documents Act (PIPEDA). Questions or concerns about this Privacy Policy or our privacy practices can be directed to us at hello@portloft.com.
2. Information We Collect
We collect personal information only to the extent necessary to provide the Service. The categories of information we collect are:
Account information
When you create an account, we collect your email address, full name, and a hashed version of your password (we never store your password in plain text). If you sign in via Google OAuth, we receive your name and email address from Google.
Portfolio content
We store the content you choose to add to your portfolio — including your display name, bio, location, profile photo, social media links, project titles and descriptions, and any images or media files you upload.
Payment information
Payments are processed by Stripe. We do not store your credit card number or full payment details on our servers. We retain the Stripe Customer ID and subscription status associated with your account.
Usage and technical data
We collect aggregate view counts on portfolio pages. We also use Google Analytics (see Section 5) to collect information about how visitors interact with the Service, including approximate location, browser type, device type, pages visited, and time spent.
Communications
If you contact us by email, we retain the content of that communication and your email address in order to respond.
3. How We Use Your Information
We use the personal information we collect for the following purposes:
- To create and manage your account
- To provide, operate, and maintain the Service
- To process payments and manage your subscription
- To send transactional communications — including account verification, password resets, billing receipts, and service notifications
- To send marketing and promotional communications, where you have given your express consent (see Section 6)
- To measure and analyse how the Service is used, in order to improve it
- To detect, investigate, and prevent fraudulent or unauthorised activity
- To comply with our legal obligations under Canadian federal and applicable law
We will not use your personal information for purposes other than those listed above without obtaining your consent first.
4. Legal Basis for Processing (PIPEDA)
Under PIPEDA, we rely on the following bases for collecting and using personal information:
- Your express or implied consent at the point of collection (e.g. creating an account)
- Contractual necessity — processing required to fulfil our agreement with you to provide the Service
- Legitimate interest — such as fraud prevention, service security, and aggregate analytics
- Legal obligation — where we are required to process information to comply with applicable law
You may withdraw your consent at any time (see Section 9 — Your Rights), subject to legal or contractual restrictions.
6. Marketing Communications
We will only send you marketing or promotional emails if you have provided your express consent, as required under Canada's Anti-Spam Legislation (CASL).
You may withdraw your consent at any time by clicking the unsubscribe link in any marketing email, or by emailing us at hello@portloft.com. Withdrawal of consent will not affect the lawfulness of any communications sent before the withdrawal.
We will always send transactional emails (such as receipts, account notices, and security alerts) regardless of your marketing preferences, as these are necessary to operate the Service.
8. Data Location & International Transfers
Portloft is a Canadian company and we store personal information in Canada where possible. Our primary database uses Canadian data centres through our hosting provider.
Some of our third-party service providers — including Stripe and Google — process data in the United States. By using the Service and consenting to this Privacy Policy, you acknowledge and consent to the transfer of your personal information to these jurisdictions, which may have different privacy laws than Canada.
We take reasonable steps to ensure that any personal information transferred outside of Canada is afforded a comparable level of protection, including contractual safeguards with our service providers.
9. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service.
If you delete your account, we will delete your personal information — including your profile, portfolio content, and uploaded media — within 90 days. Some information may be retained for a longer period where required by law (for example, billing records for tax compliance purposes) or for legitimate business purposes such as fraud prevention.
Anonymised or aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement purposes.
10. Your Rights
Under PIPEDA, you have the right to:
- Access the personal information we hold about you
- Request correction of any inaccurate or incomplete personal information
- Withdraw consent to our use of your personal information (subject to legal or contractual restrictions)
- Request deletion of your personal information (subject to our retention obligations)
- Be informed of any automated decision-making that significantly affects you
- File a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe we have violated your privacy rights
To exercise any of these rights, contact us at hello@portloft.com. We will respond within 30 days. We may need to verify your identity before processing your request.
11. Minimum Age
The Service is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@portloft.com and we will delete it promptly.
12. Security
We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, and destruction. These include encrypted data transmission (TLS), hashed password storage, and access controls limiting who within our organisation can access personal information.
No method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users and the Office of the Privacy Commissioner of Canada in the event of a material data breach, as required under PIPEDA's mandatory breach reporting rules.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. If the changes are material, we will notify you by email or through a prominent notice in your account dashboard.
Your continued use of the Service after any update constitutes your acceptance of the revised policy.
14. Contact & Complaints
If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:
If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada: