PortfolioFast

Privacy Policy

Last updated: 22 March 2026

1. Who we are

PortfolioFast (“we”, “us”, “our”) is a web application that generates developer portfolio websites from GitHub. Our website is www.portfoliofast.com. For any privacy-related questions, contact us at PortfolioFastSupport@gmail.com.

2. Data we collect

We collect the following categories of personal data:

2.1 Account data (via GitHub OAuth)

  • GitHub user ID and username
  • Display name
  • Email address
  • Profile avatar URL

2.2 Repository metadata

  • Repository names, descriptions, and URLs
  • Primary programming languages and language breakdowns
  • Star count, fork count, and last updated date
  • Public/private status

We do not access or store your source code, commit history, issues, or pull requests.

2.3 Profile data you provide

  • Display name, email, and bio (editable in your profile)
  • Profile picture (if you upload a custom avatar)
  • Template preference and portfolio visibility settings

2.4 Payment data

Payments are processed by Stripe. We do not store your card number, CVC, or billing address. Stripe provides us with a customer ID, subscription status, and the last four digits of your card for display purposes. See Stripe's Privacy Policy.

2.5 Technical data

  • Error reports and performance data collected by Sentry (IP addresses are not stored)
  • Authentication session tokens (stored as cookies)

3. How we use your data

  • To provide the service: generating and hosting your portfolio website
  • To process payments: managing your subscription via Stripe
  • To improve reliability: monitoring errors via Sentry
  • To communicate: responding to support requests

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 5.

4. Lawful basis for processing (GDPR)

  • Contract: processing your data is necessary to provide the service you subscribed to
  • Legitimate interest: error monitoring and service security
  • Consent: where you choose to publish private repository metadata on your public portfolio

5. Third-party services

We share data with the following processors:

  • GitHub (OAuth authentication, repository API) — USA
  • Supabase (database, authentication, file storage) — EU (eu-west-2)
  • Stripe (payment processing) — USA
  • Vercel (application hosting) — Global CDN
  • Sentry (error monitoring) — USA

Where data is transferred outside the EU/UK, these providers maintain appropriate safeguards (Standard Contractual Clauses or equivalent).

6. Cookies

We use only essential cookies:

  • Supabase auth session cookies — required to keep you signed in. These are first-party, HTTP-only, and expire when your session ends or after 7 days of inactivity.
  • Cookie consent preference — stored in localStorage (not a cookie) to remember your banner dismissal.

We do not use advertising, tracking, or analytics cookies. Because we only use strictly necessary cookies, no opt-in consent is required under GDPR/ePrivacy regulations. We display an informational notice for transparency.

7. Data retention

  • Account and profile data: retained until you delete your account
  • Repository metadata: refreshed on each sync, deleted when you delete your account
  • Uploaded avatars: deleted when you remove them or delete your account
  • Payment records: retained by Stripe per their retention policy and applicable financial regulations
  • Error logs: retained by Sentry for 90 days

8. Your rights (GDPR)

If you are in the UK or EU, you have the following rights under data protection law:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data via your profile settings
  • Erasure: request deletion of your account and all associated data
  • Portability: request your data in a machine-readable format
  • Objection: object to processing based on legitimate interest
  • Restriction: request that we limit processing of your data

To exercise any of these rights, email PortfolioFastSupport@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

9. Security

We protect your data through encryption in transit (TLS), row-level security policies on all database tables, secure authentication via OAuth 2.0, and access controls that ensure you can only access your own data. Uploaded files are stored in private Supabase Storage buckets with authenticated access.

10. Children's privacy

PortfolioFast is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at PortfolioFastSupport@gmail.com.

← Back to home