Privacy Policy

Version 2026-04-03 · Last updated 3 April 2026 · Operator: PORTMASTER platform (the “Service”).

Important. This document is provided to support transparency and good practice (including alignment with the Digital Personal Data Protection Act, 2023 (India) where applicable). It is not legal advice. Have it reviewed by a qualified lawyer for your business and jurisdiction.

1. Who we are

The Service is operated by the organisation responsible for this website (the “Controller”). Contact details published on this site (e.g. support email) apply for general enquiries.

2. Personal data we may process

Depending on how you use the Service, we may process categories such as:

  • Identity & account: name, company name, email address, account type, verification status.
  • Authentication & security: password hashes (never stored in plain text), login audit records (timestamp, success/failure, approximate identifier such as email entered, client IP address, browser user-agent string), session identifiers.
  • Operational & maritime features: port preferences, directory listings, vessel/lineup-related data you submit, alerts, and similar content required to provide the Service.
  • Communications: messages you send us, outbound email/WhatsApp metadata where those features are enabled.
  • Technical: server logs, cookies/session data as needed for security and basic functionality.

3. Purposes and lawful bases

We process personal data for:

  • Providing the Service (performance of contract / steps prior to contract).
  • Security, fraud prevention, and legal compliance (including login audit trails, abuse detection) — legitimate interests and/or legal obligation where applicable.
  • Registration and marketing consents — where you have expressly agreed (e.g. accepting this Policy and Terms at sign-up).

4. Login audit logging

To protect accounts and demonstrate accountability, we maintain tamper-resistant records of sign-in attempts (including failed attempts) for user and administrator accounts. These records may include time, email address used in the attempt, outcome, client IP, and browser user-agent. They are not used for advertising.

5. Retention

We retain personal data only as long as needed for the purposes above, unless a longer period is required by law. Login audit logs may be retained for up to approximately 2 years unless a shorter period is configured or a lawful erasure request applies. Account data is generally kept until you request deletion and we can honour it without breaking legal obligations.

6. Security measures

We use industry-standard measures including hashed passwords, HTTP-only session cookies (with SameSite restrictions where configured), CSRF protection on sensitive forms, prepared SQL statements, and access controls for administrative functions. No system is perfectly secure; you should use a strong, unique password and protect your devices.

7. Sharing and subprocessors

We do not sell your personal data. We may share data with hosting providers, email/SMS/WhatsApp gateways, payment processors, and analytics only as needed to operate the Service, subject to contracts and applicable law.

8. Your rights (India — DPDP)

Depending on eligibility, you may have rights to access, correction, erasure, grievance redressal, and to withdraw consent (where processing is consent-based), as well as nomination in line with the DPDP Act. To exercise rights, contact us using the grievance channel below. We may need to verify your identity before fulfilling requests.

9. Grievance / Data Protection contact

For privacy requests or complaints, email the address published for support on this website, with subject line “Privacy / DPDP request”. We aim to acknowledge without undue delay. You may also have the right to escalate to the Data Protection Board of India where applicable law allows.

Note: Replace generic contact text in your deployment with a monitored inbox and, where required, appoint a Data Protection Officer or Data Protection Officer / grievance officer with published contact details.

10. Children

The Service is not directed at children. Do not register if you are below the age of majority required in your jurisdiction (e.g. 18 in many Indian contexts) unless a parent/guardian lawfully consents as required by law.

11. International transfers

If servers or subprocessors are located outside India, we will take steps required by applicable law (including notices and safeguards where mandated).

12. Changes

We may update this Policy from time to time. Material changes will be indicated by updating the version and “last updated” date. Continued use after notice may constitute acceptance where permitted by law.

Terms of Use · Home