Portmind Privacy Policy

Last Updated: June 19, 2025

1. Introduction and Who We Are

Portmind Communications Ltd. and its subsidiaries ("Portmind", "we", "our" or "us") are strongly committed to being responsible custodians of the information you provide us and the information we collect in the course of operating our business.

This Privacy Policy explains how Portmind, as a data controller, may collect, use, share, and protect information that we obtain about you directly or indirectly in accordance with applicable data privacy laws. We use the words "personal data" in this Privacy Policy to describe information that is about you and that identifies you.

This Privacy Policy applies to personal data we collect from customers of our services (including individuals granted access to our services by our customers)—where you use our services, or your personal data is processed in connection with such services, and we control the purpose for which personal data is processed (e.g., account management, billing, marketing). In these situations, Portmind is considered a "controller" (or its equivalent, such as a "business" under California law) under applicable data protection laws.

When Portmind Acts as a Processor: When our customers use our services to process personal data (e.g., uploading their own data into our platform), the customer is the data controller, and Portmind acts as a "data processor" (or "service provider"). In cases where your organization and Portmind have entered into a separate services agreement and/or data processing agreement (DPA), the terms of that agreement with respect to privacy and data processing shall take precedence over this Privacy Policy for that specific context.

This Privacy Policy does not apply to, and Portmind is not responsible for, any third-party websites which may be accessible through links from this website.

2. Scope of Privacy Policy

This Privacy Policy explains and describes:

  • How we collect your personal data.
  • Legal basis for usage of your personal data.
  • How we use the personal data we collect, including the use of AI.
  • How and when we may disclose personal data that we collect.
  • International data transfers.
  • Your legal choices and rights (including GDPR and CPRA).
  • Our contact details.

3. When this Privacy Policy Applies

This Privacy Policy applies:

  • To your use of any of our services where we are performing a data controller function.
  • To your interaction with our website and online services, including portmind.com and any other website or online service hosted by us on which this Privacy Policy appears (together, our "online services").
  • To any personal information collected from third parties where we are the controller of such information.

4. How We Collect Your Personal Data

"Personal data" is any information that can be used to identify you or that we can link to you.

Information collected directly from you: We collect information that you voluntarily provide to us, including when you communicate with us via email or other channels; when you sign up for newsletters, webinars, or events; when you request a demo; and when you create an account for our services. This may include your name, contact details, title, employment details, login credentials, and information about the organization with which you are affiliated.

Information collected automatically via Online Services: When you use our online services, we may automatically collect details including the volume of traffic received, logs (including the IP address and approximate location of the device), browser type, operating system, and the resources accessed.

5. Legal Basis for Usage of Personal Data

Where we intend to use your personal data, we rely on the following legal grounds:

  • Performance of a contract: We may need to collect and use your personal data to enter into a contract with you or to perform a contract that you have with us (e.g., providing services in accordance with our terms of service).
  • Legitimate interests: Where we consider the use of your information as being (a) non-detrimental to you, (b) within your reasonable expectations, and (c) necessary for our own, or a third party's legitimate purpose. This may include:
    • For our own direct marketing or continued communication (where consent is not required by law).
    • The prevention of fraud and ensuring network and information security.
    • Our own internal administrative purposes.
    • Analyzing the use of our services to improve their functionality, including the development and training of our AI models (e.g., Portmind AI).
  • Compliance with a legal obligation: We may be required to process your information due to legal requirements, including tax laws and other regulatory provisions.
  • Consent: You may be asked to provide your consent for specific activities, for example, for certain marketing purposes or for the use of non-essential cookies on our website. Where we rely upon your consent, you may withdraw this at any time.

6. How We Use Your Personal Data

We use your information for the following purposes:

  • To provide you with Portmind's services that you or your employing organization request.
  • To respond to your inquiries, provide customer support, and manage billing.
  • To facilitate our internal business operations, including fulfilling our legal or regulatory requirements.
  • To maintain and develop our relationship with you and update our database of contacts.
  • For data analysis, detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement.
  • To provide you with relevant marketing communications related to Portmind, where permitted by law or where you have consented.
  • To ensure that content from our online services is presented effectively and securely, and to troubleshoot and improve such online services.

Use of AI and Automated Decision-Making

Portmind utilizes Artificial Intelligence (AI) and machine learning technologies to enhance the functionality of our services and analyze usage patterns. When acting as a data controller, this processing is based on our legitimate interests in improving our services, and we use aggregated or anonymized data where possible. Portmind does not use your personal data to make automated decisions (including profiling) that produce legal effects concerning you or similarly significantly affect you. Our AI tools are designed to support human decision-making and improve service efficiency.

API Integration and data Processing

When you use our APIs, we securely process data according to your configurations. We encrypt stored credentials (OAuth tokens, API keys), log API calls for monitoring and debugging, and validate all incoming data against defined schemas. Communications use TLS 1.3 encryption, webhooks include HMAC-SHA256 signatures for verification. You control data flows through field mapping, event filtering, and transformation rules. We support multiple formats (JSON, XML, CSV), offer optional end-to-end encryption for sensitive data, and provide both real-time processing. Authentication follows OAuth 2.0 standards with automatic token refresh, while our retry logic ensures reliable delivery.

7. How We Share Your Personal Data

We will not sell your personal data or share it for independent use, except as specified in this Privacy Policy or with your express prior permission.

We may allow access to your personal data to the different entities within the Portmind group for our internal administrative purposes.

We may exchange your personal data with third-party service providers contracted to Portmind where any of the following apply:

  • Service Providers (Processors): We use third-party service providers for activities such as cloud hosting, analytics, customer relationship management (CRM) software, IT support, professional advisory (legal, accounting), and payment processing. These providers will only use your information to the extent necessary to perform their functions and are bound by confidentiality obligations.
  • Legal Obligations: We may share data with law enforcement bodies, government authorities, or if we are under a legal or regulatory obligation to do so (e.g., to comply with a Court Order).
  • Business Transactions: If Portmind assets are merged with or acquired by a third party, or we reorganize our business, your personal data may form part of the transferred or merged assets.
  • Protection of Rights: If necessary to protect the rights, property, or safety of Portmind, our clients, or others, or to enforce our terms of service.

We may also provide anonymous, aggregated statistical information about users of our websites to reputable third parties.

8. International Transfers

Portmind's primary operational centers are located in Switzerland and the UAE. However, as a global business with service providers located around the world (including the United States), we may need to transfer your personal information across international borders to countries with different data protection laws.

Safeguards for Transfers outside the EEA, the UK, and Switzerland: When we transfer personal data from these regions to countries that have not been recognized as providing an adequate level of data protection, we rely on approved data transfer mechanisms, including:

  • Standard Contractual Clauses (SCCs): We implement the SCCs adopted by the European Commission (and the equivalent mechanisms approved for the UK, such as the International Data Transfer Agreement or Addendum) to provide safeguards for personal information transferred internationally.
  • Transfer Impact Assessments (TIAs) and Supplementary Measures: In accordance with the Schrems II ruling, we conduct TIAs to assess the laws and practices of the destination country. We implement supplementary technical and organizational measures (such as encryption and robust access controls) to ensure the protection of the transferred data is essentially equivalent to that in the EEA/UK.
  • Data Privacy Frameworks: For transfers to the United States, we may rely on the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) when transferring data to organizations certified under these frameworks.

9. Retention of Your Data

We retain the information we collect no longer than is reasonably necessary to fulfill the purposes for which such data was originally collected, in accordance with our internal data retention policies, or to comply with our legal, regulatory, accounting, and reporting obligations.

We determine the appropriate retention period based on the amount, nature, and sensitivity of the personal data; the purposes for which we process it; and applicable legal requirements (such as statutes of limitations).

Key retention periods include:

  • Customer Account Data: Retained for the duration of the active customer relationship and for a period thereafter as necessary for legal and auditing purposes (typically 7 years post-termination).

When personal data is no longer required, we will ensure it is securely deleted or anonymized.

10. How We Protect Your Personal Data

We take steps to hold information securely in electronic or physical form. Our information security policy is supported by a variety of processes and procedures. We use technical and organizational security controls to help protect your personal information from unauthorized access, use, disclosure, alteration, or destruction.

These controls include:

Cloud Data Center Security

  • Physically secured with 24x7x365 uniformed guard service.
  • Electronic key card access and physical access limited solely to authorized personnel.
  • Monitored video surveillance cameras and alarm systems.
  • Redundant facility HVAC cooling systems, fire detection, and prevention systems.
  • Redundant power utilizing uninterruptible power supplies (UPS).

System Security

  • Highly secure, reliable, and scalable IT infrastructures.
  • Use of anti-virus software and encryption (both in transit and at rest).
  • Mirrored active/active firewalls to ensure data security during failures.
  • Systems monitored 24/7 to protect against unauthorized intrusion.
  • Multi-factor authentication (MFA).
  • System alerts for unusual activities and regular security reviews and monitoring of security logs for anomalies.

Organizational and Legal Protection

  • All employees are subject to reference checks (where permitted by law) and must sign confidentiality and non-disclosure agreements.
  • Strict authorization protocols (principle of least privilege), logging, and monitoring for privileged systems access.

Third Party Validation

When we engage a third-party service provider, the third party is selected carefully and is contractually required to have appropriate security measures in place.

11. Cookies Policy

Portmind uses cookies and similar technologies (like pixels or web beacons) on our website to distinguish you from other users, improve the user experience, understand how our website is used, and personalize content and advertising. Cookies are small text files placed on your device.

Types of Cookies We Use:

  • Strictly Necessary Cookies: Essential for the operation of our website and services (e.g., enabling logins). These do not require your consent.
  • Analytical/Performance Cookies: Allow us to count visitors and see how visitors move around our website. This helps us improve how our website works.
  • Functionality Cookies: Used to recognize you when you return to our website and remember your preferences.

12. Your Rights Regarding Your Personal Data

Under applicable data protection legislation, you have various rights regarding the personal data we hold about you.

General Rights (subject to applicable law):

You can request:

  • Access to the personal data we hold about you.
  • Corrections or updates to your details.
  • The erasure of your personal data (right to be forgotten).
  • The portability of personal data in a structured, commonly used, and machine-readable format.

You also have the right to object to, or request the restriction of, our use of your personal data.

Withdrawing Consent and Opting Out: Where you have consented to our processing (e.g., marketing or cookies), you can withdraw such consent at any time by following the unsubscribe instructions on communications or by adjusting your cookie settings.

Rights for Residents of the EEA and the United Kingdom (GDPR): If you are located in the EEA or the UK, the General Data Protection Regulation (GDPR) and/or the UK Data Protection Act 2018 provide the rights listed above. You also have the right to lodge a complaint with a supervisory authority.

Exercising Your Rights: If you would like to exercise any of these rights, please contact us using the details in Section 14 (Contact). We may need to verify your identity before processing your request.

13. Status of this Statement

As technologies and data privacy laws evolve, we may need to revise this Privacy Policy. We will post any Privacy Policy changes on this page and, if the changes are significant or may materially impact your rights, we will provide a more prominent notice (including email notification).

14. Contact and Further Information

If you have any questions, concerns, or comments about this Privacy Policy, wish to exercise your rights, or want to submit a written complaint about how we handle your personal data, please contact us via any of the following means:

Email: hello@portmind.com