Portalry Data Map
What we store, why, where, and for how long (Effective 1 March 2026)
| Data category | Purpose | Location / processor | Retention |
|---|---|---|---|
| User accounts (name, email, username, password hash, profile, connected accounts) | Core service, authentication, profile display | Primary app database on DigitalOcean; user images in encrypted object storage | For the life of the account; inactive accounts deleted after notice period (see privacy policy) |
| Portalries and portals (names, descriptions, links, settings, images) | Deliver portalry and portal content to members/visitors | Primary app database on DigitalOcean; images in encrypted object storage | Until deleted by owners or via inactive owner deletion workflow |
| Memberships and invitations (including admin-applied member tags) | Manage access/roles to portalries; organiser filtering/CRM for members | Primary app database on DigitalOcean | For the life of the portalry or until removal; invitations per business need |
| Portalry join permission records (email + consent flags, integrations snapshot, accepted timestamp, IP, user agent) | Record and evidence member consent for sharing with portalry hosts/integrations | Primary app database on DigitalOcean | Retained indefinitely for compliance and audit |
| RSVPs, attendance, and placeholder member profiles (name/email/tags provided by organisers) | Event coordination, headcounts, and CRM follow-up by organisers | Primary app database on DigitalOcean | Business need; removed on account deletion, inactive-owner deletions, or when organisers delete placeholder members |
| Portalry lobby presence (last-seen timestamps) | Show who is currently present in a portalry lobby | Primary app database on DigitalOcean | For the life of the portalry or until account deletion |
| Email reminders and logs | Scheduling and troubleshooting reminder sends | Primary app database on DigitalOcean; email delivery via AWS SES | Reminder logs kept 12 months |
| Web push subscriptions and delivery logs | Send browser notifications for portalry reminders | Primary app database on DigitalOcean; web push delivery via browser vendors | Subscriptions retained until disabled; delivery logs kept 12 months |
| Login audits | Security and account activity review | Primary app database on DigitalOcean | 36 months |
| Portal creation failure logs | Support/troubleshooting unsupported platforms | Primary app database on DigitalOcean | 12 months |
| Portal integration sync logs | Audit integration sync requests/responses | Primary app database on DigitalOcean | 12 months |
| System notification and transactional email delivery logs | Troubleshoot what emails/notifications were sent and to whom (including calendar invites) | Primary app database on DigitalOcean; email delivery via AWS SES | 30 days |
| Audit logs (portalries where enabled) | Trace admin actions for compliance/support | Primary app database on DigitalOcean | 12 months |
| Backups | Disaster recovery | Encrypted object storage in managed cloud (DigitalOcean) | Operational retention as needed; subject to deletion schedules on restore |
Questions? Contact our Data Protection Officer: [email protected]