Privacy Policy

Last updated: March 2026

Who we are

DeliveryPortal is a client portal for project delivery, operated at deliveryportal.app. This policy describes how we collect, use, and protect your information when you use our service.

What data we collect

We collect the following categories of data:

  • Account data: When you sign up, we collect your email, name, and profile image (via Google OAuth through Clerk), and the username you choose during sign-up.
  • Organization data: Your workspace name, slug, logo, accent color, and footer text.
  • Project data: Project names, summaries, completion dates, status, scope items, deliverables (links and uploaded files), credentials (labels, values, notes), and support information you add to projects.
  • Client-submitted data (no account required): When visitors use a project portal, we may collect comments (author name, content), receipt confirmations (client name, email), and update requests (client name, description). These visitors do not need to create an account.
  • Portal analytics: We track page views and file downloads per project, including timestamps and user-agent strings. We do not use cookies for this; a session-storage flag prevents duplicate view counts.
  • Files: Logos and deliverable files you upload are stored in Convex file storage.

Sensitive data: credentials

You may store login credentials, API keys, and similar sensitive information in project portals. These are stored in our database and are visible to anyone with the portal share link (and optional password). DeliveryPortal does not encrypt credentials beyond what our infrastructure provider (Convex) provides at rest. You are solely responsible for what credentials you choose to share.

How we use your data

We use your data to:

  • Provide and operate the service
  • Authenticate users and manage organizations and billing
  • Display portal content to your clients
  • Track portal views and downloads for project owners
  • Support security and abuse prevention

Data sharing and subprocessors

We use the following subprocessors:

  • Clerk (clerk.com) — Authentication, user and organization management, and billing. Processes account data.
  • Convex (convex.dev) — Database, serverless functions, and file storage. Stores all application data.
  • Vercel (vercel.com) — Hosting, CDN, and edge network. Processes request and response data.
  • Google Fonts (fonts.googleapis.com) — Font delivery. Google receives visitor IP addresses when fonts load.

We do not sell, rent, or share personal data for advertising.

Cookies and local storage

We do not use marketing or analytics cookies.

Data retention

Account and project data are retained while your account is active. When you delete your account, we remove the associated data. Portal analytics are retained for the lifetime of the project.

Your rights

You have the right to access, correct, and delete your data, and to request a copy of your data (export). You may opt out of any future marketing. If you are in the European Economic Area, you also have rights under the GDPR, including the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us at the email address listed below.

International transfers

Our infrastructure providers (Clerk, Convex, Vercel) primarily operate in the United States. By using the service, you acknowledge that your data may be processed in the US.

Children

The service is not directed at anyone under 16. We do not knowingly collect data from children.

No marketing emails

We do not currently send marketing emails or newsletters. Service-related communications are delivered through the platform.

Changes to this policy

We may update this policy from time to time. We will update the "Last updated" date at the top. Material changes will be communicated through the app or by email.

Contact

For privacy inquiries, contact us at: info@deliveryportal.app