This Privacy Policy explains how PortalSync (“PortalSync”, “we”, “us”, or “our”) collects, uses, discloses, and protects information when you use our platform, including the web application, APIs, and related services (collectively, the “Services”).
Who we are
PortalSync is a platform that helps freelancers and their clients manage projects, files, invoices, contracts, and communication, with optional AI-powered features. PortalSync acts as the data controller for personal data we collect through the Services. If you have questions or requests about this policy or your data, contact us at info@portalsync.net.
Information we collect
- Account Information: name, email, password hash (bcrypt). For Google Sign-In accounts, we store your Google user ID and email (no password).
- Profile and Business Details: optional business name, phone, address, avatar.
- Files: file names, types, sizes, paths, and content uploaded to Storage. We also store version numbers and limited file metadata.
- Messages: message content and related metadata in project conversations.
- AI Interactions: your prompts and AI responses. For contextual answers, we may include brief summaries of your recent clients, projects, invoices, and files (names, statuses, basic attributes) to generate a relevant answer. We also store AI-generated project scopes and their raw output for your records.
- Usage: subscription tier, plan limits usage (counts), basic server logs, and performance analytics.
How we use your information
- Provide and maintain the Services (authentication, projects, tasks, files, messages).
- Process payments and subscriptions and enable payouts via Stripe and Stripe Connect.
- Send essential emails (verification, invitations, notifications) via Resend.
- Provide AI features (chat, data insights, project scope generation).
- Ensure security, prevent abuse, and enforce limits based on your subscription.
- Improve performance and reliability and support troubleshooting.
Legal bases (GDPR)
- Contract: to provide the Services you request.
- Legitimate interests: to secure, operate, and improve the Services.
- Consent: when required (e.g., certain marketing communications).
- Legal obligation: to comply with tax, accounting, and regulatory duties.
Sharing and processors
We share data with service providers that help us operate the Services:
- Firebase (Google Cloud): authentication (frontend), file storage (backend via Firebase Admin), and signed URLs to access files.
- Stripe: payments (Checkout), webhooks for payment status, and Stripe Connect for payouts to freelancers. We send invoice context (number/total/currency) and customer email where relevant. We do not receive full card data.
- Resend: transactional email delivery (verification, invitations, notifications).
- Google AI (Gemini): processing of prompts and minimal contextual summaries to generate responses.
We may disclose information if required by law or to protect rights, safety, and the integrity of our Services. We do not sell personal information.
Payments (Stripe + Connect)
Payments are processed by Stripe. When you pay an invoice, Stripe handles your payment information directly. We store Stripe Checkout session identifiers with invoice records and update invoice status via secure webhooks. For freelancers using payouts, we facilitate Stripe Connect onboarding. Your use of Stripe is subject to Stripe’s terms and privacy policy.
Files and storage
Files uploaded through the Services are stored in Storage under user-specific paths. We may generate time-limited signed URLs for secure access and sharing. File metadata (original name, size, type, version) is stored in our database to power file management features.
AI features (Google Gemini)
If you use AI chat, data insights, or project scope generation, we send your prompt and minimal contextual summaries (e.g., recent client/project/invoice/file names and attributes) to Google’s Gemini API to generate responses. We store your prompts, AI outputs, and generated scopes so you can review them later. We take steps to minimize the context shared and avoid transmitting file contents. Model providers may process your inputs to provide the service. We instruct providers not to use data for advertising and, where supported, to disable training on your content.
Analytics and logs
We use Analytics and Speed Insights to understand usage patterns and performance. Server logs record basic operational information (e.g., errors, timing) to secure and improve the Services.
Cookies and local storage
We do not rely on tracking cookies. For authentication, the app stores a JSON Web Token (JWT) in your browser’s localStorage. Removing the token will sign you out on that device.
Security
- Transport security via HTTPS for data in transit.
- Password hashing using bcrypt (for email/password accounts).
- Role- and tenant-aware authorization on API routes.
- Signed URLs for protected file access and Security Rules on buckets.
International transfers
Our processors may process data in multiple regions. Where applicable, we rely on standard contractual clauses or equivalent safeguards provided by those processors to protect your data during international transfers.
Retention
- Account, projects, files, messages, and AI records: retained while your account is active.
- Invoices and payment records: retained for at least the period required by tax and accounting laws.
- Upon account deletion, associated records are removed or anonymized where feasible, subject to legal obligations.
Your rights
Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data, and to object to certain processing. You also have the right to lodge a complaint with your supervisory authority. To exercise your rights, contact info@portalsync.net.
California residents: we do not sell personal information. You may request access or deletion of your personal information subject to exemptions.
Children’s privacy
The Services are not intended for children under 13 (or the age of digital consent in your country). We do not knowingly collect personal data from children.
Contact us
For privacy inquiries or data requests, email info@portalsync.net.
Changes to this policy
We may update this policy to reflect changes to our practices or for legal, operational, or regulatory reasons. We will post the updated policy and revise the “Last updated” date above.