Privacy Policy

Last updated: 28 April 2026

This Privacy Policy explains what personal data PORTIQA ("we", "us") collects, how we use it, and the choices you have. It applies to portiqa.ai and the PORTIQA API service.

1. Data we collect

Account data

When you sign up, our identity provider (Auth0) processes your email address and a hashed password (or your social-login identifier). We store an internal user ID, your email, plan tier, and timestamps for account events.

Billing data

Subscription payments are handled by Stripe. We do not see or store your card number. We retain a Stripe customer ID, subscription status, billing cycle, and invoice metadata so we can show your billing history and apply plan changes.

API usage data

Each request to POST /evaluate is logged with a timestamp, the API key used, and the HTTP status returned. We do not retain the request or response payload bodies. Aggregated usage is shown in your dashboard and used to enforce plan limits.

Site analytics

The marketing pages on portiqa.ai use Google Analytics to measure visitor counts and traffic sources. See our Cookie Policy for details and how to opt out.

2. How we use data

• To authenticate you and provide the service you signed up for.
• To process payments and prevent fraud (via Stripe).
• To enforce plan limits and prevent abuse of the API.
• To respond to your support requests.
• To send service notices (e.g., billing issues, security alerts). We do not send marketing emails without an explicit opt-in.

3. Legal basis (GDPR)

We process personal data on the basis of (a) contract — to deliver the service you have purchased; (b) legitimate interest — to keep the service secure and improve it; and (c) consent — for analytics cookies, where applicable.

4. Sub-processors

We rely on the following providers to operate PORTIQA. Each is bound by a data-processing agreement:

• Auth0 (Okta, Inc.) — authentication and identity.
• Stripe, Inc. — payment processing and subscription management.
• Google LLC — Google Analytics on marketing pages.
• Hosting provider — application and database hosting.

5. Data retention

Account data is kept while your account is active and for up to 12 months after closure for accounting and dispute purposes. API usage logs are kept for 24 months. Invoices are retained for the period required by applicable tax law (typically 5–10 years).

6. Your rights

If you are in the EEA, the UK, or another jurisdiction with comparable rules, you have the right to access, correct, export, or delete your personal data, and to object to or restrict its processing. To exercise these rights, email privacy@portiqa.com. We will respond within 30 days.

7. Security

We use TLS for all traffic, hash passwords via Auth0, never store card numbers, and follow the principle of least privilege for internal access. Vulnerability reports can be sent to security@portiqa.com.

8. International transfers

Some of our sub-processors are based in the United States. Where personal data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Children

PORTIQA is not directed at children under 16. We do not knowingly collect data from children.

10. Changes

We may update this policy. Material changes will be announced by email or in-app notice at least 14 days before they take effect.

11. Contact

Questions about this policy: privacy@portiqa.com.