Privacy Policy

1. Introduction and Data Controller

Portizly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you use our service, and sets out your rights regarding your personal data.

Data controller: For the purposes of applicable data protection laws (including the GDPR and CCPA), the data controller responsible for your personal data is Portizly. For questions or to exercise your rights, contact us at privacy@portizly.com.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name
• Email address
• Password (encrypted)
• Company/business name (optional)

2.2 Email Data

With your explicit consent, we access your email account to:

• Read financial emails (invoices, bills, receipts, subscriptions)
• Extract billing information and transaction details
• Identify billing errors and anomalies

Important: We only request read-only access to your email. We never send emails on your behalf or access non-financial emails.

2.3 Payment Information

Payment processing is handled by Stripe. We do not store your credit card information. Stripe's privacy policy is available at stripe.com/privacy.

2.4 Usage Data

We automatically collect:

• Device information (browser type, operating system)
• IP address and location data
• Usage patterns and feature interactions
• Error logs and performance data

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Analyze financial emails for billing errors and anomalies
• Generate dispute letters and reports
• Send notifications about billing issues and product updates
• Process payments and manage subscriptions
• Improve service quality, security, and product features (we do not use your content to train general-purpose AI models)
• Provide customer support
• Comply with legal obligations and enforce our Terms

4. Data Security

We implement technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption: AES-256 (or equivalent) for data at rest; TLS/SSL for data in transit
• Access controls: Role-based access, authentication, and principle of least privilege
• Infrastructure: Secure cloud hosting (Google Cloud Platform / Firebase) with industry-standard safeguards
• Monitoring: Logging, intrusion detection, and incident response procedures
• Vendor oversight: We require service providers that process personal data to maintain appropriate security and comply with applicable data protection obligations

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities as required by applicable law.

5. Data Sharing and Disclosure

We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes. We may share or disclose your data only as follows:

• Service providers and sub-processors: We use trusted vendors to operate the Service (e.g., Google Cloud/Firebase for hosting and data storage, Stripe for payment processing). These providers are contractually bound to use your data only to perform services for us and to protect it in line with applicable law.
• AI and analytics: We may use third-party services (e.g., OpenAI) to process content for features such as dispute letter generation. Such processing is done under strict data processing terms; we do not permit use of your data for training general-purpose AI models.
• Legal and safety: We may disclose your data when required by law, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, to investigate fraud, or to enforce our Terms.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to the same privacy commitments.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction or update of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated data, subject to legal retention requirements
• Portability: Receive your data in a structured, commonly used, machine-readable format where technically feasible
• Restriction: Request restriction of processing in certain circumstances (e.g., while accuracy is contested)
• Object: Object to processing based on legitimate interests or for direct marketing
• Withdraw consent: Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of processing before withdrawal
• Revoke email access: Disconnect your email integration at any time from account settings
• Opt-out of marketing: Unsubscribe from marketing communications via the link in our emails or by contacting us

To exercise any of these rights, contact us at privacy@portizly.com. We will respond within the timeframes required by applicable law (e.g., 30 days under CCPA; one month under GDPR, extendable where necessary). You may also have the right to lodge a complaint with a supervisory authority in your country of residence.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Account and profile data: Retained while your account is active and for a reasonable period after closure for support and legal purposes.
• Email-derived data: Retained for as long as you use the Service and for a limited period after account deletion to allow recovery and to meet legal requirements.
• Upon account deletion: We will delete or anonymize your personal data within 30 days, except where we are required or permitted to retain it by law (e.g., tax records, dispute resolution, or regulatory compliance).

8. Cookies and Tracking

We use essential cookies for:

• Authentication and session management
• Security and fraud prevention
• Performance monitoring

We do not use third-party advertising or tracking cookies.

9. International Data Transfers

Your data may be stored and processed in the United States and other countries where we or our service providers operate. If you are located outside the United States, please be aware that we transfer and process data in the U.S. and other jurisdictions. We take steps to ensure that such transfers are subject to appropriate safeguards under applicable law, which may include Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms. By using the Service, you consent to the transfer of your data to countries that may have different data protection rules than your country of residence.

10. Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction, if higher). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without parental consent, please contact us at privacy@portizly.com, and we will take steps to delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will post the updated policy on this page and update the "Last Updated" date. For material changes, we will provide additional notice by email or a prominent notice within the Service. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy. If you do not agree, you should discontinue use and contact us to close your account.

12. Contact Us

For privacy-related questions, to exercise your rights, or to report a concern, contact us at:

Email: privacy@portizly.com

We will respond to your request in accordance with applicable law. If you are in the EEA or UK and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority.

13. GDPR Compliance (EEA/UK Users)

If you are in the European Economic Area or the United Kingdom, we process your personal data in accordance with the GDPR and UK GDPR. Our lawful bases for processing include:

• Contract: Processing necessary to perform our contract with you (e.g., providing the Service, billing).
• Consent: Where you have given clear consent (e.g., email access, optional marketing). You may withdraw consent at any time.
• Legitimate interests: Where necessary for our legitimate interests (e.g., security, analytics, improving the Service) provided your interests do not override them.
• Legal obligation: Where required by law (e.g., tax, anti-fraud).

In addition to the rights in Section 6, you have the right to object to processing based on legitimate interests, to restrict processing in certain cases, to data portability, and to lodge a complaint with a supervisory authority (e.g., in your EU member state or the UK ICO).

14. CCPA / CPRA (California Residents)

Under the California Consumer Privacy Act (CCPA) as amended by the CPRA, California residents have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and categories of third parties with whom we share it.
• Delete: Request deletion of your personal information, subject to certain exceptions.
• Correct: Request correction of inaccurate personal information.
• Opt-out of sale/share: We do not sell personal information. We do not share personal information for cross-context behavioral advertising in a way that qualifies as a "sale" or "share" under the CCPA.
• Limit use of sensitive personal information: To the extent we use sensitive personal information beyond what is permitted, you may limit such use.
• Non-discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, contact us at privacy@portizly.com. We may need to verify your identity before processing your request. You may designate an authorized agent to submit requests on your behalf; we may require proof of authorization.