Portera — AI Concierge for Holiday Rentals

Summary (plain English)

Portera stores the property information you provide, the conversations your guests have with the AI concierge, and your account details. We use this data only to provide the service. We do not sell it. Guests are informed that they are speaking with an AI. You and your guests can request deletion at any time.

1. Who We Are

Portera operates as the data processor on behalf of property managers (agencies) who use our platform. Each agency using Portera is the data controller for their guests' personal data. Portera processes that data under the agency's instructions and in accordance with this policy.

For questions about how a specific agency handles your data as a guest, please contact that agency directly.

2. Data We Collect

For agency accounts:

Name, email address, and agency name (account registration)
Property information you enter (addresses, WiFi details, house rules, etc.)
Billing information (processed securely by our payment provider)

For guests interacting with the AI concierge:

Name and email address (where provided by the agency via reservation data)
The content of messages exchanged with the AI concierge
Timestamps of conversations

We do not collect payment card details directly (handled by Stripe). We do not track behaviour across third-party websites.

3. Why We Process This Data

Purpose	Legal basis (GDPR)
Providing the AI concierge service	Contract performance
Storing guest conversations in the agency inbox	Legitimate interest (service delivery and safety)
Sending journey messages and re-booking nudges	Legitimate interest (with opt-out available)
Improving AI response quality	Legitimate interest (aggregated, anonymised)
Billing and account management	Contract performance

4. AI Transparency

When guests interact with the Portera concierge, they are informed that they are communicating with an AI system. Conversations are logged and accessible to the property's agency team. The AI uses only the property information provided by the agency to generate responses — it does not have access to external personal data.

5. Data Retention

Guest conversation data is retained for as long as the agency account remains active, plus 90 days after account termination. Agencies can delete individual conversations or guest records at any time from within the platform. Upon a verified deletion request, we will remove the data within 30 days.

6. Data Sharing

We do not sell personal data. We share data only with:

Anthropic — to generate AI concierge responses (messages are processed per their API terms)
Postmark — to deliver email messages
Twilio — to deliver WhatsApp messages
Stripe — for payment processing

All sub-processors are contractually bound to process data only as instructed and in compliance with GDPR.

7. Your Rights (GDPR)

If you are located in the EEA or UK, you have the following rights:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of your data ("right to be forgotten")
Portability — receive your data in a machine-readable format
Objection — object to processing based on legitimate interest
Restriction — request that we limit processing of your data

To exercise any of these rights, email privacy@portera.app. We will respond within 30 days.

8. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest. Access to production data is restricted to authorised personnel only.

9. Contact

Data protection enquiries: privacy@portera.app

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Privacy Policy