Privacy Policy
Effective date: 2025-09-08. This Privacy Policy explains how PortPulse (“we,” “us,” “our”) collects, uses, shares, and protects information about visitors to our websites and users of our APIs and services (collectively, the “Service”).
1) Scope
This Policy covers account and operational data we process as a data controller. For personal data we process on your behalf in connection with the Service, the Data Processing Addendum (DPA) applies (we act as your processor).
2) Information we collect
- Account & billing: name, email, company, role, plan, billing details (via our payment processor), tax identifiers where applicable.
- Operational & usage: request metadata (timestamps, IP, user agent,
x-request-id, endpoint, status), authentication events, rate-limit counters. - Website analytics: page views, referrers, events collected via cookies or similar technologies (e.g., GA4/Clarity).
- Support: messages you send to support, error reports (with minimal context and request IDs).
- No special categories: we do not intentionally collect sensitive personal data; please do not send it.
3) How we use information (purposes & legal bases)
- Provide & secure the Service (contract performance), including authentication, rate limiting, abuse prevention.
- Billing & account management (contract/legal obligation), including invoices, tax compliance, receipts.
- Analytics & product improvement (legitimate interests), e.g., performance metrics and usability analysis.
- Communications (legitimate interests/consent where required): service notifications, updates, support.
- Legal & compliance (legal obligation/legitimate interests), including security investigations and audits.
4) Retention
We retain operational logs typically for ≤ 30 days unless longer retention is required for security, fraud detection, accounting, or legal reasons. Billing and tax records may be retained per applicable law. We minimize collection and apply access controls and deletion schedules.
5) Security
- Transport security (TLS), encryption at rest where supported by providers.
- Least-privilege access, MFA for consoles, key rotation, audit logging.
- Backups with tested restore procedures; vulnerability management.
6) Sub-processors
We use trusted providers to operate the Service. Typical sub-processors include (subject to change):
| Provider | Purpose | Region |
|---|---|---|
| Cloudflare, Inc. | Edge security, CDN, caching, WAF | Global |
| Stripe, Inc. | Payments & tax (Stripe Tax) | US/EU |
| Railway (or similar PaaS) | App hosting | US/EU |
| Sentry / Logfire | Error tracking & logs | US/EU |
| Uptime/Better Stack | External uptime probes & status | EU/US |
We will update this list as providers change. Processing is governed by contracts and data protection terms.
7) International transfers
We may transfer data internationally. For EEA/UK data, we rely on adequacy decisions or appropriate safeguards, including the EU Standard Contractual Clauses (SCCs) and the UK Addendum where applicable.
8) Your rights
Depending on your location, you may have rights to access, rectify, delete, or port your data, and to object or restrict certain processing. To exercise rights, email privacy@useportpulse.com. We may verify your identity before responding.
9) Cookies & analytics
We use cookies or similar technologies for essential functions and analytics (e.g., GA4, Microsoft Clarity). You can control cookies via browser settings; blocking some cookies may impact functionality.
10) Children
The Service is for business use and not directed to children under 16.
11) Changes
We may update this Policy from time to time. Material changes will be highlighted on this page. Continued use constitutes acceptance of the revised Policy.
12) Contact
Questions or requests: privacy@useportpulse.com. Security reports: security@useportpulse.com.