Privacy Policy
Last updated: 2026-04-23
1. Who we are
Portage is a travel-discovery application that helps you explore landmarks, trips, and city stories, and pin your own photos and text memories to real-world places. Portage is operated by Cabildo Companies LLC, a Virginia limited-liability company with its principal place of business in Roanoke, Virginia ("Portage," "we," "us," or "our"). You can reach us at legal@portage.travel. A mailing address is available on written request.
Portage shares backend infrastructure with a sister product, Cour (mycour.app), operated by the same founder and entity. Where this policy mentions data shared between Portage and Cour, we explain what is shared and why.
2. Scope
This Privacy Policy covers personal information we collect when you:
- Create a Portage account or sign in.
- Use the Portage iOS app or the Portage web experience at admin.myportage.app (and successor domains).
- Create, edit, or interact with memory pins, comments, saved items, or editorial content.
- Contact us for support.
Portage is available to U.S. residents. Residents of the European Union and United Kingdom are welcome to view public content, but we do not currently process accounts or personal data from users located in the EU or UK. If you are in the EU or UK and wish to use Portage, contact privacy@portage.travel.
3. Information we collect
3.1 Information you provide
- Account information. Email address, display name, and authentication provider identifier. Apple Sign In and Google Sign In are planned features, not yet implemented; when they ship, we will update this section.
- Profile information. Any optional profile details you add (display name, avatar). Stored in the `profiles` table.
- Memory pins. Text you write, photos you upload, the location you pin them to, and the visibility you choose (public, private, or network-only). Stored in the `memory_pins` table and, for photos, in Cloudflare R2 object storage.
- Comments. Text of comments you leave on memory pins, including any @mentions directed at other users. Stored in `pin_comments` and `pin_comment_recipients`.
- Saved items. Landmarks, trips, or stories you bookmark. Stored in `saved_items` scoped to Portage.
- Moderation actions. Users you mute or block. Stored in `user_muted_contributors`.
- Support correspondence. Anything you send us when asking for help.
3.2 Information collected automatically
- Behavioral telemetry. We record events describing how you use Portage — screens viewed, features used, content interactions. Each event is stored in the `user_events` table with a device identifier, session identifier, user identifier (if signed in), event type, event properties (enumerated metadata, not free-text user content), and timestamps. Portage writes these events with `source_app='portage'`.
- Device and technical data. Device type, operating system version, app version, and IP address (used at request time for security and regional inference; not stored beyond 30 days in any user-linked form).
- Cookies and local storage (web). Session cookies for authentication and minimal local storage for user preferences. Portage does not use third-party advertising cookies and does not participate in cross-site tracking.
3.3 Information from third parties
- Authentication providers. Apple Sign In and Google Sign In are planned; when they ship, they will send us the identifier and email you authorize them to share.
- Social graph from Cour. Portage reads the `coeur_network_edges` social graph to determine which of your Cour connections can see memory pins you set to "network" visibility. We read this graph; we do not write to it from Portage.
- Public archives. For editorial content about landmarks and places, we may associate public-domain or openly licensed imagery (for example, from the Library of Congress, Wikimedia Commons, or the U.S. National Archives) with editorial entries. This is not personal information about you.
3.4 Information we do not collect
- We do not knowingly collect information from children under 13. See Section 10.
- We do not sell personal information for money and do not "sell" or "share" personal information in the statutory sense used by the California Consumer Privacy Act. If this changes, we will update this policy and provide the required notice and opt-outs.
4. How we use your information
We use your information to:
- Create and maintain your account and authenticate you on subsequent visits.
- Display the memory pins, comments, saved items, and editorial content you have permission to see.
- Enforce the visibility rules you set on your content (public, private, or network-only).
- Provide customer support and respond to your requests.
- Detect, investigate, and prevent abuse, fraud, and violations of our Terms of Use.
- Improve Portage — understand which features are used, diagnose errors, and measure performance. This is the primary use of `user_events` telemetry.
- Communicate with you about service changes, security issues, and transactional matters (password reset, moderation notice, memory-pin receipt). Portage does not currently operate a marketing email program. If Portage introduces marketing communications in the future, you will have an opportunity to opt in or opt out at that time.
- Comply with legal obligations and enforce our agreements.
5. How we share your information
We share personal information only in the following cases.
5.1 With other Portage users, based on your visibility choices
Memory pins set to public are visible to any Portage user and may be surfaced on public landmark or city pages. Pins set to network are visible to accounts that share a network edge with you in `coeur_network_edges`. Pins set to private are visible only to you. Comments on a pin inherit the visibility of the pin they are attached to. @mentions you direct at another user are visible to that user.
5.2 With our service providers
We use the following processors to operate Portage:
- Supabase — database, authentication, and object storage metadata.
- Cloudflare R2 — object storage for your uploaded photos, at paths of the form `memories/{pin_id}/photo.{ext}` and `uploads/{namespace}/...`.
- Vercel — application hosting for the Portage web and admin surfaces.
Each processor is bound by its standard data processing terms and may process your data only on our instructions.
5.3 With Cour (our sister product)
Portage and Cour share a single Supabase project (`poitholddcvikahoouqa`) and several database tables: `profiles`, `memory_pins`, `pin_comments`, `pin_comment_recipients`, `user_events`, `coeur_network_edges`, `public_figures`, and `user_muted_contributors`. Practically:
- If you have accounts in both apps under the same identity, both apps see your shared profile and social graph, subject to the visibility settings you choose.
- Behavioral events from each app are stored in the same `user_events` table, tagged `source_app='portage'` or `source_app='coeur'`. Each app's analytics primarily read its own source tag.
- Users who have an account in only one product do not have their data exposed inside the other product's user-facing surfaces. Row-level security policies enforce this boundary.
5.4 For legal reasons
We may disclose information if we believe in good faith it is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Use; or to protect the rights, property, or safety of Portage, our users, or others.
5.5 In a business transfer
If Portage is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to the terms of this policy or a successor policy.
5.6 We do not sell your personal information
We do not sell your personal information for money and do not "sell" or "share" personal information as those terms are defined by California law or any comparable state privacy statute. See Section 13 for California-specific disclosures.
6. Where we store your information
Portage's infrastructure is hosted in the United States. If you access Portage from outside the U.S., you understand your information will be transferred to and processed in the U.S.
7. How long we keep your information
- Account data (profile, email, display name) is retained while the account is active. Inactive accounts (no login for 36 months) may be closed after 30 days' email notice. Users may request earlier deletion at any time.
- Behavioral events (`user_events`) are retained for 60 days in granular form, then aggregated into non-identifiable statistics.
- Private memory pins (visibility set to "private") are your personal archive. They are deleted upon your request or account closure, along with associated photos (purged from Cloudflare R2 backup storage within 30 days).
- Public memory pins (visibility set to "public") become part of the shared record of the place where they are pinned. When you create a public pin, you grant Portage a perpetual, irrevocable, worldwide, royalty-free license to preserve, display, and contextualize that pin and its associated media — including your authorship credit — as part of that place's communal story, including after your account is closed, deleted, or deactivated. You may edit or correct your public pins at any time while your account is active. On account closure, your public pins and your authorship credit remain intact as part of the record; your contribution is meaningful in part because it was yours, and preserving the byline preserves the meaning. Byline anonymization is opt-in. If at any time you wish your authorship credit changed to "Former contributor" or similar, contact moderation@portage.travel and we will make the change. You may not otherwise retract a public pin once it has entered the shared record, except through a removal request based on legal, privacy-harm, or safety grounds (harassment, doxxing, defamation, rights violation, court order).
- Comments are retained while the parent pin is published. Comments on private pins are deleted when the pin is deleted. Comments on public pins follow the same shared-record principle as the pin itself.
- Support correspondence is retained for 3 years for audit purposes, then deleted.
8. Your rights
Depending on where you live, you may have some or all of the following rights over your personal information:
- Access — ask us for a copy of the personal information we hold about you.
- Correction — ask us to correct information that is inaccurate or incomplete.
- Deletion — ask us to delete your account and the personal information we hold about you, subject to the public-pin shared-record exception described in Section 7, and other exceptions allowed by law.
- Portability — ask us to provide the information you have given us (including your own public pins) in a machine-readable format.
- Do not sell or share / limit use of sensitive information — California residents may exercise these rights. Portage does not currently engage in conduct that would trigger these rights substantively, but the disclosure is required.
- Nondiscrimination — we will not discriminate against you for exercising these rights.
8.1 How to exercise your rights
You can delete your account from within the app at any time. For any other request, contact us at privacy@portage.travel. We will verify your identity before fulfilling requests. We aim to respond within 30 days (45 days for complex requests, as permitted by law).
8.2 Deletion and cascade behavior
When you delete a private memory pin, the database row and the associated photo in Cloudflare R2 are removed (backup purge within 30 days). When you delete your account, we delete your profile, private pins, private-scoped comments, saved items, and mute records. Public pins and the comments attached to them persist as part of the shared record, with your authorship credit preserved unless you have requested anonymization. Behavioral events associated with your account are severed from your account identifier and retained only in aggregated, non-identifiable form.
8.3 Appeals
If we deny a rights request, you may appeal by replying to our response email or writing to privacy@portage.travel. We will respond within 45 days. Residents of states with formal privacy-appeal requirements (for example, Virginia, Colorado, Connecticut) have the additional rights described in Section 13.
9. Security
We use reasonable technical and organizational measures to protect your information, including encryption in transit (TLS), encryption at rest for the database and object storage, row-level security policies that enforce your visibility settings, an email-verified-users-only policy for content creation, and access controls on administrative tooling. No system is perfectly secure; we cannot guarantee that unauthorized access, breach, or misuse will not occur.
10. Children
Portage is intended for users 13 and older. We do not knowingly collect personal information from children under 13. If a parent or guardian believes their child has provided information to Portage, contact us at privacy@portage.travel and we will delete it. Portage does not knowingly target or advertise to children.
11. Third-party content and attribution
Portage displays editorial content that may include imagery sourced from public archives and openly licensed repositories. We retain source and license information for that imagery in internal fields (`image_source`, `image_license`). This is not personal information about you, but we disclose it here for transparency.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via (a) a notice on the Portage website at least 30 days before they take effect, or (b) email to the address associated with your account where we have one. Your continued use of Portage after the effective date means you accept the updated policy.
13. U.S. state-specific notices
California residents (CCPA / CPRA). Portage collects the following statutory categories of personal information: identifiers (email, device identifier, session identifier); internet or other network activity (usage events, interactions); geolocation (approximate location you pin to public content); and commercial information (if you have saved items). We collect this information from you directly, from authentication providers, and through automated telemetry. We use it for the service-operation, improvement, and legal-compliance purposes listed in Section 4. We disclose it to the processors listed in Section 5.2 and, in limited and controlled ways, to the sister product Cour. We do not sell or share (in the CCPA sense) your personal information. You may exercise access, correction, deletion, and limit-use rights by contacting privacy@portage.travel.
Virginia, Colorado, Connecticut, Utah, and other U.S. state residents. If your state grants you rights under a comprehensive privacy statute (Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and similar), you may exercise those rights by contacting privacy@portage.travel. We will respond within the timelines required by your state's law (typically 45 days, with a 45-day extension for complex requests). If we deny a request, you may appeal, and we will respond within the statutory appeal window. Virginia, Colorado, and Connecticut residents who are not satisfied with our appeal may contact their state Attorney General.
Nevada residents may opt out of the sale of certain personal information. Portage does not sell personal information.
14. Contact
Questions? Contact us at legal@portage.travel. A mailing address is available on written request.