Legal notices
This page consolidates data attributions, terms of use, privacy, compliance and limitations. It is linked from the footer of every page.
Attributions & licences
- AIS terrestre : aisstream.io — flux communautaire AIS (terms of use libres pour usage technique dérivé).
- Météo : Open-Meteo — données sous licence CC-BY 4.0. Source citée à chaque affichage.
- Imagerie radar : « Contains modified Copernicus Sentinel data », ESA — données ouvertes Copernicus.
- Cartographie : tuiles © CARTO (CC BY 3.0) sur fond © OpenStreetMap contributors (ODbL 1.0).
- VIIRS Boat Detection : produit commercial du Payne Institute, Colorado School of Mines (licence requise) — connecteur prêt côté code, activation après contrat. Citation à inclure : Elvidge, C.D., et al., « VIIRS Boat Detection (VBD) ».
- Données AIS satellite premium(Spire / MarineTraffic / Orbcomm) : aucune utilisation par défaut. Activation contractuelle requise — termes du fournisseur s'appliquent.
Maritime notice
Not for navigation. The positions, ETAs, anomalies and indicators published by Port Flow are derived from public AIS signals and from weather and satellite imagery data. They may contain errors, delays and omissions. This platform does not replace any certified navigation system or operational pilot station. Use for maritime safety, pilotage or critical operational decisions is explicitly excluded.
Terms of use
- Platform provided "as is", without warranty of availability, accuracy or fitness for any particular purpose.
- Service commitments detailed on the methodology page (SLA v1).
- Displayed data may be derived and transformed. The platform is not a reseller of raw AIS data.
- Any commercial use requires compliance with the source providers' terms (in particular Spire / MarineTraffic / Orbcomm subscriptions if enabled).
Privacy policy (GDPR)
Data controller
Laurent Guglielmetti — French sole proprietorship (entrepreneur individuel, micro-entreprise regime)
Trade name: octopodus · Operating brand: Port Flow
Registered office: 21 rue Hippolyte Noiret, 08300 Rethel, France
SIREN 491 489 654 · SIRET 491 489 654 00047 · NAF/APE 6201Z
VAT not applicable — French CGI art. 293 B (small-business exemption)
Contact: [email protected]
This section describes the personal data collected, its purposes and the user's rights pursuant to GDPR (EU) 2016/679. For EU customers, a signable DPA is available on request at [email protected].
Data collected and purposes
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Email + Clerk identifier | Authentication, support | Contract performance | While account active + 12 months |
| Stripe customer ID + payment history | Billing, subscription | Contract performance | 10 years (accounting requirement) |
| Slack/Discord/Telegram webhook URLs, alert emails | Sending alerts you configure | Explicit consent (UI input) | Until removed by user |
| Third-party API keys (Spire/VIIRS/Orbcomm) encrypted AES-256-GCM | BYO key integration | Explicit consent (UI input) | Until removed by user |
| Watchlist (vessel MMSIs, port IDs) | Dashboard personalization | Contract performance | While account active |
| API logs (timestamp, key prefix, endpoint) | Audit, security, anti-abuse | Legitimate interest | 90 days rolling |
Sub-processors
- Clerk Inc. (US) — user authentication · clerk.com (DPA available)
- Stripe Inc. (US) — billing · stripe.com (DPA + SCCs available)
- DigitalOcean LLC (Frankfurt EU region) — hosting · digitalocean.com (DPA)
- Cloudflare Inc. (US) — DNS + DDoS · cloudflare.com (DPA + SCCs)
- Resend Inc. (US) — alert email delivery (when enabled) · resend.com (DPA)
- aisstream.io — public AIS feed (no user personal data transmitted)
- Copernicus Data Space (ESA) — Sentinel-1 satellite imagery (public)
Non-EU transfers
Clerk, Stripe, Cloudflare and Resend operate from the US. All have EU-US Standard Contractual Clauses (SCCs) in place. AIS and port data (public by nature) do not constitute transferred personal data.
Your rights
- Access, rectification — everything is visible in /account, editable directly
- Erasure — delete your account via Clerk (cascade to API keys + watchlist + alerts)
- Portability — CSV export of your watchlist/fleet from /fleet (Starter+)
- Objection, withdrawal of consent — disable alerts or remove keys at any time in /account and /sources
- Complaint — to the CNIL (France) or any European supervisory authority
Technical security
- HTTPS TLS 1.3 mandatory (Let's Encrypt). HTTP redirected.
- At-rest encryption of user secrets (third-party API keys): AES-256-GCM with server master key
- Passwords managed by Clerk (PBKDF2/Argon2id, never plaintext)
- Auditable logs (audit_log table) on subscription changes and API access
- Displayed MMSIs = vessel identifiers, assigned by ITU to the flag — not personal identifiers
- No third-party analytics cookies. The only local storage is the browser tab-resilience cache, purgeable.
Data Processing Agreement (DPA) — summary
For any EU professional customer using Port Flow to process data as part of a B2B activity, a DPA compliant with GDPR Article 28 is provided.
- Port Flow acts as a processor for data processed as part of the service (watchlist, alerts, API keys)
- No secondary processing: no advertising, no resale, no commercial profiling
- Notification of any data breach within 72 hours
- Cooperation with the customer's annual audits (with 30-day notice)
- Deletion or return of data at end of contract (CSV export + DB purge on request)
- Sub-processor list above, modifiable with 30-day notice
DPA signed on request at [email protected] — typical lead time 48 business hours.
Sanctions & compliance
- The platform automatically reconciles vessels against four public official lists (UK Sanctions List, OFAC SDN, UN Security Council Consolidated List, EU Consolidated FSF) — see the methodology page for detailed coverage and refresh cadence.
- The customer (trader, insurer, freight forwarder) remains responsible for applying its own complementary lists and screening procedures (KYC, EDD, proprietary watchlists).
- The platform is commercially neutral: no vessel is hidden on criteria other than the public official lists cited above.
Academic citation
If you cite Port Flow in a publication, please include:
Port Flow — Multi-port AIS dashboard with predicted ETA. Data sources: aisstream.io (terrestrial AIS), Open-Meteo (weather), Copernicus Sentinel-1 (SAR imagery), EOG/Colorado School of Mines (VIIRS Boat Detection, when active). Tile providers: CARTO + OpenStreetMap.