No Cookies. No Tracking Scripts.
Just simple, transparent email verification
Email-Based Auth
Stakeholders verify identity via email with a 6-digit code. No passwords to manage.
No Third-Party Cookies
We don't use tracking cookies, fingerprinting, or any invasive tracking techniques.
Transparent Tracking
Only track what's needed for engagement analytics. No personal browsing data.
Complete Audit Trail
Every access event logged with timestamps for compliance and security reviews.
Data We Collect (And Don't)
Minimal data collection by design
What We Track
- Email addressIdentity verification
- Access timestampsAudit and analytics
- Pages viewedEngagement analysis
- Time on pageContent effectiveness
- File downloadsResource tracking
- Session durationUsage patterns
What We Don't Track
- Full IP addressOnly anonymized/hashed
- Browsing historyOutside portal scope
- Location detailsNot needed
- Device fingerprintsToo invasive
- Third-party cookiesNot used
- Personal dataBeyond email
GDPR Compliant by Design
Built with privacy regulations in mind. Handle data subject requests, manage retention, and maintain compliance without extra work.
Data Minimization
Only collect essential engagement data. Purpose-limited collection.
Configurable Retention
Set retention periods per data type. Automatic cleanup when expired.
Data Subject Rights
Handle access, rectification, erasure, and portability requests.
GDPR Requirements
Legitimate interest for business portals
Only essential data collected
Data used only for analytics
Configurable retention policies
Audit logs and data export
Session revocation supported
Secure Access Control
Control who sees your portals with granular access management
Email Verification
6-digit codes with 15-minute expiration. Maximum 3 attempts per code.
Pre-Approved Access
Add stakeholders during portal creation for instant verified access.
Access Requests
Approve or deny access requests from non-stakeholders in real-time.
Enterprise-Grade Data Protection
TLS
Encryption in Transit
AES-256
Encryption at Rest
100%
Audit Trail Coverage
Security FAQ
Is noceanPortals GDPR compliant?
Yes. We're designed with GDPR principles: data minimization, purpose limitation, user rights, and privacy by design.
Do you use third-party cookies?
No. We use email verification for identification, not tracking cookies.
How long is data retained?
Configurable by your organization. Default retention periods apply with options to extend or shorten.
Can I delete stakeholder data?
Yes. Session revocation and data deletion are supported for data subject requests.
Is data encrypted?
Yes. Data is encrypted in transit (TLS) and at rest (AES-256).
Do you share data with third parties?
No. Engagement data is not shared with or sold to third parties.