This Privacy Policy ("Policy") describes how PortalKit ("we," "us," or "our") collects, uses, discloses, and safeguards information about you when you access or use the PortalKit platform, website, and related services (collectively, the "Service"). This Policy applies to all users of the Service, including individuals who create accounts, use the platform to manage client relationships, and any clients or third parties whose information is submitted to the Service by our users.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Policy. If you do not agree with the terms of this Policy, please discontinue use of the Service immediately. Your continued use of the Service following any updates to this Policy constitutes your acceptance of those changes.
This Policy is incorporated by reference into our Terms of Service and should be read in conjunction with those terms. In the event of any conflict between this Policy and our Terms of Service regarding the handling of personal information, this Policy controls. We are committed to protecting your privacy and handling your personal information with care, transparency, and respect for your legal rights.
The Service is directed exclusively to individuals who are at least eighteen (18) years of age. We do not knowingly collect personal information from individuals under the age of eighteen. If you believe we have inadvertently collected information from a minor, please contact us immediately using the contact information provided in Section 15 of this Policy.
2.1 Information You Provide Directly. When you register for an account, we collect your name, email address, and any other information you choose to provide during the registration process. When you set up your business profile within the Service, we may collect your business name, logo, brand colors, and other professional information. When you use the Service to manage client relationships, we may collect information about your clients that you voluntarily enter into the platform, including names, email addresses, event details, contractual information, financial information, and communications.
2.2 Information Collected Automatically. When you access and use the Service, we automatically collect certain information about your device and usage patterns. This includes your Internet Protocol (IP) address, browser type and version, operating system, referring URLs, pages visited within the Service, features used, time and date of access, time spent on pages, error logs, and other diagnostic data. This information is collected through standard web server logs, cookies, and similar tracking technologies as described in Section 13 of this Policy.
2.3 Payment and Billing Information. PortalKit uses third-party payment processing services to handle all financial transactions. We do not directly collect, store, process, or have access to your complete payment card information, bank account details, or other sensitive financial data. All payment information is submitted directly to our payment processing partner and is governed by that provider's privacy practices and security standards. We may receive and store limited transaction metadata, such as the last four digits of a payment card, transaction identifiers, billing status, and subscription information.
2.4 Information from Authentication Services. When you choose to authenticate using a third-party identity provider (such as signing in with Google or another social login provider), we receive certain profile information from that provider, such as your name, email address, and profile picture, as permitted by the settings on your third-party account and the authorization you grant at the time of authentication. The information we receive depends on the permissions you authorize and the privacy settings of the third-party service.
2.5 Communications and Support Information. If you contact us for support, submit feedback, or communicate with us through any channel, we collect and retain those communications and any information you provide therein, including your name, contact information, and the content of your inquiry. We use this information to respond to your requests, improve the Service, and train our support processes.
We use the information we collect for the following purposes, which collectively enable us to provide and improve the Service:
We do not use your personal information for targeted advertising, nor do we sell, rent, lease, or otherwise transfer your personal information to third parties for their own marketing or advertising purposes. Any use of your information beyond the purposes described in this Policy will be disclosed to you with an opportunity to consent or object before such use occurs, to the extent required by applicable law.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR) and applicable national data protection laws:
Performance of a Contract. The primary legal basis for processing your personal data is that such processing is necessary for the performance of the contract between you and PortalKit — specifically, to provide you with access to and use of the Service in accordance with our Terms of Service. This includes account creation, feature delivery, payment processing, and customer support.
Legitimate Interests. We process certain categories of personal data based on our legitimate business interests, where those interests are not overridden by your data protection rights. Our legitimate interests include improving and securing the Service, preventing fraud and abuse, understanding how users interact with the platform, and communicating with you about updates and improvements to the Service.
Legal Obligation. We may process your personal data where such processing is necessary to comply with applicable laws, regulations, court orders, or other binding governmental requirements, including tax and financial reporting obligations, data retention requirements, and responses to lawful requests from law enforcement or regulatory authorities.
Consent. Where we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal. In certain jurisdictions, we may obtain your explicit consent before processing sensitive categories of personal data or before using your information for purposes not described in this Policy.
We do not sell, rent, trade, or otherwise transfer your personal information to third parties for their own commercial purposes. We may share your information in the limited circumstances described below.
Service Providers. We engage carefully selected third-party vendors and service providers who assist us in operating the Service, processing transactions, delivering communications, providing infrastructure, and performing other business functions. These providers are granted access to your information only as necessary to perform their contracted functions and are contractually prohibited from using your information for any other purpose. We require all service providers to maintain appropriate security measures and to comply with applicable data protection laws.
Legal Requirements. We may disclose your information if we believe in good faith that such disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of PortalKit, our users, or third parties; (d) detect, prevent, or address fraud, security, or technical issues; or (e) respond to an emergency that threatens the life, health, or safety of any individual.
Business Transfers. In the event of a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar corporate transaction, your information may be transferred to the acquiring or surviving entity. We will provide notice before your personal information becomes subject to a materially different privacy policy, and we will provide you with the opportunity to exercise any applicable rights under applicable law.
With Your Consent. We may share your information with third parties in other circumstances with your explicit consent. You have the right to revoke any consent you provide at any time, subject to any contractual or legal obligations that may apply.
Aggregate and De-identified Data. We may share aggregate, anonymized, or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other purposes. This information is not personal information and is not subject to the restrictions described in this Policy.
The Service integrates with and relies upon a variety of third-party service providers to deliver its features and functionality. We have engaged providers across the following general categories, each of whom may receive certain information about you in connection with their respective roles:
Payment Processors. We use industry-standard, PCI-DSS compliant payment processing services to handle subscription billing and all financial transactions. These providers receive the payment information you submit and process it on our behalf. We never store your complete payment card number, CVV, or other sensitive payment credentials on our servers.
Authentication and Identity Providers. We use third-party authentication infrastructure to verify user identities, manage login sessions, and provide secure access to the Service. These providers process your authentication credentials and may store session tokens on your device.
Email and Communication Delivery Services. We use third-party email infrastructure providers to deliver transactional emails and notifications. These providers may process your email address and the content of communications sent on our behalf.
Cloud Infrastructure and Hosting Providers. We rely on enterprise-grade cloud infrastructure providers to host, operate, and scale the Service. These providers may have access to data stored on their infrastructure in the course of providing their services, subject to their own security and confidentiality obligations.
AI and Machine Learning Service Providers. Certain features of the Service are powered by third-party artificial intelligence and machine learning platforms. When you use AI-powered features, relevant portions of your input may be processed by these providers. We do not use your personal data to train third-party AI models without your consent, and we select providers that maintain appropriate data privacy protections. Each of these providers operates under their own privacy policies and data processing agreements, and PortalKit is not responsible for the privacy practices of these independent third-party services.
We implement and maintain commercially reasonable technical, administrative, and organizational security measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These measures include, but are not limited to, encryption of data in transit using industry-standard TLS protocols, encryption of sensitive data at rest, access controls limiting data access to authorized personnel who require it to perform their job functions, regular security monitoring and vulnerability assessments, and incident response procedures.
Despite our efforts, no security system is impenetrable, and no method of data transmission over the Internet or electronic storage is completely secure. We cannot guarantee the absolute security of your information. In the event of a data breach that affects your personal information, we will notify you as required by applicable law, including the nature of the breach, the information affected, and the steps we are taking to address it.
You are responsible for maintaining the security of your account credentials, including your password. You agree to notify us immediately of any unauthorized use of your account or any other security breach. We will not be liable for any loss or damage arising from your failure to maintain the security of your account. We recommend using a strong, unique password for your PortalKit account and enabling any available multi-factor authentication options.
We retain your personal information for as long as your account is active and for a period thereafter as described in this section. The specific retention period for different categories of information may vary based on the nature of the information, the purposes for which it is used, and our legal obligations.
Account information and user-generated content are retained for the duration of your active subscription plus a post-cancellation period of thirty (30) days. During this post-cancellation period, you may request a copy of your data or reinstate your account. After the expiration of this period, your account information and associated data will be permanently deleted from our active systems in accordance with our data deletion procedures.
Certain categories of information may be retained for longer periods where required by applicable law or regulation, including but not limited to financial transaction records, which may be retained for the period required by applicable tax and accounting laws, and information that must be preserved in connection with pending or anticipated litigation or regulatory proceedings.
We may retain de-identified or aggregated data derived from your information indefinitely, as this information can no longer reasonably be associated with any individual and is used for improving the Service and conducting research. Backup copies of data may persist in our secure backup systems for a limited period following deletion from our primary systems, consistent with our backup and disaster recovery procedures.
Depending on your jurisdiction of residence, you may have certain rights with respect to your personal information. We are committed to honoring these rights to the extent required by applicable law. To exercise any of the rights described in this section, please contact us using the information provided in Section 15. We will respond to verifiable requests within the timeframes required by applicable law, and in any event within forty-five (45) calendar days of receipt.
Right to Access and Know. You may have the right to request information about the personal data we hold about you, including the categories of personal information collected, the purposes for which it is used, the sources from which it was collected, and the categories of third parties with whom it is shared.
Right to Correction. You may have the right to request that we correct inaccurate or incomplete personal information we hold about you. In many cases, you can update your account information directly through the Service settings.
Right to Deletion. You may have the right to request that we delete your personal information, subject to certain exceptions under applicable law, including information we are required to retain for legal compliance, fraud prevention, or other legitimate purposes.
Right to Data Portability. Where technically feasible and legally required, you may have the right to receive a copy of your personal information in a structured, commonly used, machine-readable format and to transmit that information to another service provider.
Right to Opt-Out of Sale or Sharing. We do not sell your personal information. To the extent that any of our data sharing practices could be characterized as a "sale" or "sharing" under applicable state privacy laws, you have the right to opt out. Please contact us if you wish to exercise this right.
Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws may have additional rights, including the right to appeal our decision regarding a privacy rights request. If your request is denied, we will provide you with the reasons and information about how to appeal. To appeal a decision, contact us at the address provided in Section 15.
If you are a California resident, this section applies to you in addition to the rights described in Section 9, and is provided in compliance with the California Consumer Privacy Act of 2018 ("CCPA") and the California Privacy Rights Act of 2020 ("CPRA"). Under California law, you have specific rights regarding your personal information.
Categories of Personal Information Collected. In the preceding twelve (12) months, we have collected the following categories of personal information: (a) Identifiers, such as name, email address, and IP address; (b) Commercial information, including subscription and transaction records; (c) Internet or other electronic network activity information, including browsing and usage data within the Service; (d) Professional or employment-related information, such as business name and professional details you provide; and (e) Inferences drawn from the above to create a profile reflecting your preferences and usage patterns.
Right to Know and Right to Delete. You have the right to request that we disclose what personal information we collect, use, disclose, and sell, and the right to request deletion of your personal information, subject to certain exceptions. To submit a request, contact us as described in Section 15. We will verify your identity before processing your request and will respond within forty-five (45) days.
Right to Opt-Out of Sale or Sharing. We do not sell your personal information to third parties, and we do not share your personal information with third parties for cross-context behavioral advertising. Accordingly, there is no need to submit an opt-out request with respect to these practices.
Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide a different level of quality, or suggest that you may receive a different price or quality of goods or services for exercising your rights under the CCPA.
Shine the Light. California Civil Code Section 1798.83 permits California residents to request, once per year, information about how we disclose certain personal information to third parties for their direct marketing purposes. As stated throughout this Policy, we do not share personal information with third parties for direct marketing purposes.
The Service is not directed to, and we do not knowingly collect personal information from, individuals under the age of eighteen (18). Our Terms of Service expressly prohibit use of the Service by individuals under eighteen years of age. If you are under eighteen, please do not use the Service or provide any personal information to us.
If we learn or have reason to suspect that we have collected personal information from a child under eighteen years of age without verification of parental consent, we will take immediate steps to delete such information from our systems. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately using the information in Section 15, and we will promptly investigate and take appropriate action.
PortalKit is operated from the United States, and the personal information we collect is stored and processed in the United States and other countries where our service providers maintain facilities. These countries may have data protection laws that differ from the laws of your country of residence. By accessing or using the Service, you acknowledge that your personal information will be transferred to and processed in the United States and other jurisdictions.
For users in the European Economic Area, the United Kingdom, or Switzerland, we take appropriate safeguards to ensure that transfers of personal data comply with applicable data protection laws. Where required, we rely on Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other appropriate transfer mechanisms. You may contact us to obtain information about the specific safeguards applicable to the transfer of your personal data.
We use cookies and similar tracking technologies (such as local storage, session storage, and pixel tags) to operate and improve the Service. Cookies are small text files placed on your device that enable us to recognize your browser, maintain your session state, remember your preferences, and understand how you use the Service.
Essential Cookies. These cookies are strictly necessary for the Service to function and cannot be disabled. They include session authentication cookies that keep you logged in, security tokens that protect against cross-site request forgery, and similar operational cookies without which core features of the Service cannot be provided.
Analytics and Performance Cookies. We may use analytics technologies to understand how users interact with the Service, which features are most popular, where errors occur, and how the Service's performance can be improved. Where these technologies collect personally identifiable information, we will seek your consent as required by applicable law.
Most browsers allow you to control cookies through their settings. You can typically instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, disabling certain categories of cookies may affect the functionality of the Service. For more information about managing cookies, consult your browser's help documentation.
We reserve the right to update or modify this Privacy Policy at any time and at our sole discretion. When we make material changes to this Policy — meaning changes that significantly affect your rights or how we handle your personal information — we will notify you by sending an email to the address associated with your account and by posting a prominent notice on the Service prior to the change becoming effective. The effective date at the top of this Policy will be updated to reflect the date of the most recent revision.
Non-material changes, such as clarifications, reorganization, or updates that do not significantly affect your rights, may be made without individual notice. We encourage you to review this Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of the Service following the effective date of any changes to this Policy constitutes your acceptance of those changes.
If you have questions, concerns, or requests regarding this Privacy Policy, your personal information, or our privacy practices, please contact us by email at hello@getportalkit.com. We will make every effort to respond to your inquiry within five (5) business days. For formal privacy rights requests, please clearly identify your jurisdiction of residence and the specific right you wish to exercise so that we can route your request appropriately and respond within the timeframe required by your applicable law.
PortalKit is a product of Kilpian LLC. This Privacy Policy is governed by the laws of the State of Maryland, United States, without regard to conflict of law principles.