Portura

Privacy Policy

Portura Privacy Policy

Version: 2025-10-09
Effective Date: 2025-10-09

Portura helps you create and share a professional portfolio, with optional AI-powered features. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

If you do not agree with this Policy, please do not use Portura.

1) Who We Are

Portura is operated by an individual (sole proprietor) doing business as Portura.
Owner/Operator: Arbi Stepanian (sole proprietor)
Location: Burbank, California, USA
Contact: support@portura.ai

2) Scope

This Policy applies to the Portura website, apps, and related services (the Service). It covers information we collect when you access, use, or interact with the Service, and from third parties we integrate with.

3) Information We Collect

A. Information you provide

  • Account & profile: first and last name, display name, email address, avatar/photo, tagline, skills, languages, location, social links, portfolio content (text, images, projects, case studies), and settings (e.g., theme, privacy).
  • Authentication: if you sign in with Google, GitHub, or LinkedIn, we receive identifiers from the provider (e.g., provider name, provider user ID, email if available, avatar URL) to create or link your account.
  • Email verification: we generate a 6‑digit code; we store only a hash of the code along with expiration and rate‑limit metadata (e.g., lastSentAt, resendCount, attempts). We do not store the plaintext code.
  • Payments: if you purchase a plan or tokens, we store references needed for billing such as your plan, token balance/usage, and Stripe identifiers (e.g., stripeCustomerId, stripeSubscriptionId). Full payment card data is handled by our payment processor (see Third‑Party Services below).
  • Communications: messages you send us (support requests, feedback); marketing email opt‑in status.

B. Information collected automatically

  • Usage and device data: IP address, approximate location derived from IP, browser/OS information, pages or features used, timestamps (createdAt, updatedAt, lastActiveAt, lastLoginAt), and diagnostic logs.
  • AI usage metrics: counts of input/output tokens and associated cost to operate AI features.
  • Cookies and similar technologies: essential cookies for sign‑in/session, and optional cookies for preferences and analytics (see Cookies below).

C. Information from third parties

We receive data from:

  • Authentication providers (Google, GitHub, LinkedIn) to sign you in or link identities.
  • Payment processors (e.g., Stripe) for subscription and transaction events.
  • Email service providers (e.g., Resend) for sending transactional/verification and optional marketing emails.
  • Media storage/transformation (e.g., Cloudinary) for hosting images and generating URLs.
  • Analytics and error monitoring (if enabled).

4) How We Use Information

We use information to:

  • Provide and operate the Service (account creation, authentication, onboarding, portfolio publishing, search indexing of public portfolios, AI feature delivery).
  • Secure the Service (fraud prevention, abuse detection, rate limiting, logging, and auditing).
  • Process payments and manage subscriptions/tokens (via Stripe and our internal accounting).
  • Communicate with you (transactional messages like verification codes, service notices, and—if you opt in—marketing emails).
  • Improve and develop the Service (feature usage analysis, UX improvements, performance tuning). We may use aggregated or de‑identified data to understand trends.
  • Comply with legal obligations and enforce our Terms of Service.

AI features. When you use AI functionality, your prompts/inputs and outputs are processed to provide the requested feature. We may use third‑party AI providers to deliver these features. Review AI outputs carefully before relying on them.

We do not sell your personal information.

5) Legal Bases (EEA/UK)

Where applicable law (e.g., GDPR/UK GDPR) requires a legal basis, we process information on the basis of:

  • Contract (to provide the Service you request);
  • Legitimate interests (to secure and improve the Service, prevent fraud, and communicate essential updates);
  • Consent (for optional cookies/marketing where required);
  • Legal obligations (tax, accounting, compliance).

You may withdraw consent at any time where consent is the basis.

6) Sharing of Information

We share information only as needed to provide and operate the Service, including with:

  • Service providers / processors: hosting, storage/CDN (e.g., Cloudinary), authentication providers, email providers (e.g., Resend), analytics/error monitoring, and payment processors (e.g., Stripe).
  • Other users / the public: content you set to public may be viewable on the web and by search engines. You control portfolio visibility in settings.
  • Legal and safety: to comply with law, legal process, or lawful requests, and to protect rights, property, and safety.
  • Business transfers: in connection with a merger, acquisition, or asset sale (you will be notified where required by law).
  • With your direction or consent: for example, when you link accounts or share a portfolio.

We do not allow our processors to use your personal information for their own unrelated purposes.

7) International Data Transfers

We are based in the United States and may transfer information to the U.S. and other countries where we or our service providers operate. These countries may have different data protection laws than your country. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

8) Retention

We retain information for as long as necessary to provide the Service and for legitimate business needs, including security, fraud prevention, and compliance with legal obligations. Illustrative examples:

  • Account/profile/portfolio: retained while your account is active; deleted or anonymized following account deletion subject to backup and legal retention requirements.
  • Verification codes: stored as hashes with short expiration (e.g., ~15 minutes) plus limited rate‑limit metadata.
  • Logs and analytics: retained for a limited period (e.g., 12–24 months) to ensure security and improve the Service.
  • Payment and tax records: retained as required by law (often 3–7 years).

We may retain de‑identified or aggregated information that does not identify you.

9) Security

We employ administrative, technical, and physical safeguards appropriate to the nature of the information, including HTTPS encryption in transit, role‑based access controls, and monitoring. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

If we become aware of a data incident affecting your information, we will notify you and/or regulators as required by law.

10) Your Choices and Rights

  • Access, correction, deletion: you may access and update profile/portfolio data in the app. To request account deletion or to exercise other rights, contact privacy@portura.ai or support@portura.ai.
  • Marketing preferences: you can opt in/out of marketing emails at any time via the unsubscribe link or by contacting us.
  • Cookies: you can control cookies via your browser settings. Where required, we will request consent for non‑essential cookies.
  • Do Not Track / GPC: we will honor Global Privacy Control signals where required by law.

Rights for specific regions

Depending on your location (e.g., EEA/UK, certain U.S. states), you may have additional rights such as portability, restriction, objection, or appeals of denied requests. We will respond to verifiable requests as required by applicable law and may request additional information to verify your identity.

We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us to request deletion.

11) Cookies and Tracking

We use:

  • Strictly necessary cookies (e.g., for authentication/session and security);
  • Functional cookies (preferences and UI settings);
  • Analytics cookies (to understand usage and improve the Service).

You can manage cookies in your browser. Blocking some cookies may impact the Service’s functionality.

12) Public Portfolios

If you set your portfolio to public, its content (including your name, avatar, bio, case studies, and links) may be visible to anyone and discoverable by search engines. Third‑party caches and archives may persist copies for a period even after you edit or remove content.

13) Third‑Party Links

The Service may link to third‑party sites or services we do not control. Their privacy practices are governed by their own policies.

14) Changes to this Policy

We may update this Policy from time to time. The “Effective Date” above reflects the latest version. Material changes will be communicated as required by law. Your continued use of the Service after changes take effect means you accept the updated Policy.

15) Contact Us

Questions or requests regarding privacy? Contact us at:
Email: privacy@portura.ai or support@portura.ai

Note: This Policy describes our current practices for Portura. It is not a contract and does not create legal rights beyond those required by law.