PortalBay Privacy Policy

1.1 PortalBay

“PortalBay,” “we,” “us,” and “our” refer to PortalBay.

PortalBay provides software tools for client portals, project organization, public request forms, private client portals, messages, feedback, approvals, files, external project links, and related workflows.

1.2 Contact

For privacy-related questions or requests, contact us at:

Email: support@mail.portalbay.app

2.1 What This Policy Covers

This Privacy Policy applies to information processed through PortalBay, including:

• the public website;
• workspace owner accounts and dashboards;
• workspaces;
• public request forms;
• request tracking pages;
• private client portals;
• messages and notifications;
• project, client, and file-related features;
• billing and subscription-related features;
• support and legal communications.

2.2 Workspace Owners and Clients

PortalBay has two main types of users:

• Workspace owners: freelancers, studios, agencies, or other users who create PortalBay accounts and manage client workspaces.
• Clients: people or organizations who submit public requests or access private client portals created by workspace owners.

Clients do not create full PortalBay accounts in the current version unless PortalBay introduces that feature later. Clients may access private portals through portal links and access codes.

2.3 Workspace Owner-Provided Client Data

Workspace owners may submit, collect, upload, or manage information about their own clients through PortalBay.

Workspace owners are responsible for ensuring they have the right, permission, consent, contract, or other lawful basis needed to collect and use client data through PortalBay.

Where required by law, workspace owners should provide their own privacy notices to their clients.

3.1 Account and Profile Information

When a workspace owner creates or uses a PortalBay account, we may collect and store information such as:

• email address;
• full name;
• profile information;
• avatar URL, if used;
• authentication user ID;
• account creation date;
• plan information;
• billing provider;
• subscription status;
• terms and privacy acceptance information, if collected or recorded.

We do not store raw account passwords in PortalBay application tables.

3.2 Workspace and Business Information

PortalBay may collect and store workspace-related information such as:

• workspace name;
• public portal display name;
• public handle;
• workspace owner ID;
• public logo URL;
• brand color;
• intake availability or status;
• status change dates;
• timezone;
• workspace settings;
• created and updated dates.

3.3 Public Request Form Information

When a potential client submits a public request form, PortalBay may collect information such as:

• name;
• email address;
• company or organization name;
• service type;
• project title;
• project details or message;
• budget;
• desired timeline;
• reference links;
• request status;
• tracking token;
• related workspace, client, portal, or project IDs;
• timestamps.

A public request tracking page may show request details connected to the tracking token.

3.4 Client Records

When a workspace owner approves or creates client records, PortalBay may store information such as:

• client name;
• client email;
• company name;
• phone number, if provided;
• client notes;
• workspace relationship;
• request relationship;
• project relationship;
• client portal relationship;
• soft-deletion status;
• timestamps.

Client notes may include information copied from request details, such as project title, service type, budget, timeline, and message content.

3.5 Project Information

PortalBay may collect and store project-related information such as:

• project title;
• description;
• status;
• priority;
• deadline;
• payment status;
• external payment link;
• client relationship;
• workspace relationship;
• client portal relationship;
• portal token;
• soft-deletion status;
• created and updated dates.

PortalBay may also store related tasks, calendar events, activity history, feedback, approvals, comments, revision requests, and project metrics.

3.6 Private Portal Information

Private client portals may contain or process information such as:

• workspace identity;
• workspace owner-provided portal details;
• client information;
• project information;
• project status;
• priority;
• deadline;
• payment status or payment link;
• files;
• file links;
• reference links;
• messages;
• feedback;
• approvals;
• revision requests;
• brief answers;
• submitted names and emails;
• portal sessions;
• timestamps.

3.7 Messages, Feedback, and Notifications

PortalBay may store information related to messages, conversations, feedback, approvals, revisions, and notifications, including:

• sender type;
• sender name;
• sender email;
• message body;
• conversation metadata;
• project, client, request, or portal relationships;
• read or unread status;
• archive or soft-delete status;
• notification titles and bodies;
• message delivery status;
• email delivery attempts and errors;
• timestamps.

Outgoing email notifications may include limited project, portal, message, feedback, or access-related information, such as project titles, portal links, access instructions, author names, author emails, and short message previews.

3.8 Files, Uploads, and Links

PortalBay may allow users to upload, store, or share files, file links, reference links, and external project links.

For uploaded files, PortalBay may store information such as:

• original filename;
• storage path;
• file size;
• MIME type;
• project ID;
• workspace relationship;
• uploaded date;
• related metadata.

PortalBay may store files in private storage buckets and may use short-lived signed URLs to provide access to files where appropriate.

Supported upload types and size limits may change over time.

3.9 Billing and Subscription Information

For PortalBay subscription billing, we may store billing-related metadata such as:

• billing provider;
• customer ID;
• subscription ID;
• order ID;
• variant ID;
• plan;
• subscription status;
• renewal date;
• end date;
• timestamps;
• related profile or workspace ID.

PortalBay does not store full payment card numbers, CVV codes, or full payment method details.

Subscription payments may be processed by a third-party billing provider.

3.10 Authentication, Session, and Technical Information

PortalBay may process technical information needed for authentication, security, rate limiting, debugging, and service operation, such as:

• authentication session information;
• secure cookies;
• private portal session cookies;
• session token hashes;
• access-code hashes;
• portal tokens;
• request tracking tokens;
• rate-limit hashes derived from IP address or email-related data;
• error details;
• provider IDs;
• user, workspace, project, portal, message, or request IDs;
• local preferences such as theme settings;
• basic device, browser, or request information processed by service providers.

PortalBay may read IP-related headers for rate limiting and abuse prevention, but rate-limit database records may store hashes rather than raw IP addresses where implemented.

3.11 Analytics and Performance Information

PortalBay may use analytics and performance tools, such as Vercel Analytics and Vercel Speed Insights, to understand website traffic, page performance, Core Web Vitals, and product reliability.

These tools may process technical information related to visits, pages, performance, device/browser context, and similar usage signals.

PortalBay does not currently use Google Analytics, Google Tag Manager, Meta Pixel, Hotjar, PostHog, Mixpanel, Segment, Amplitude, or similar marketing analytics tools unless added later.

If we add additional analytics or advertising tools in the future, we may update this Privacy Policy and provide any consent options required by applicable law.

PortalBay uses information to operate, provide, secure, and improve the Service.

4.1 To Provide the Service

We use information to:

• create and manage workspace owner accounts;
• authenticate users;
• create and manage workspaces;
• operate public request forms;
• process client requests;
• create and manage client records;
• create and manage projects;
• operate private client portals;
• verify private portal access;
• support messages, feedback, approvals, and revision requests;
• store and display files, links, and project materials;
• provide notifications;
• show dashboard data;
• support billing and subscription features.

4.2 To Communicate With Users

We may use contact information to send:

• account-related emails;
• login, confirmation, or password reset emails;
• private portal access instructions;
• request or approval notifications;
• project notifications;
• message notifications;
• feedback or revision notifications;
• billing or subscription emails;
• support responses;
• security or legal notices;
• important service updates.

We currently use email mainly for transactional, account, portal, notification, billing, legal, and support-related purposes.

If we send marketing emails in the future, we will provide a way to opt out where required.

4.3 To Process Billing

We use billing-related metadata to:

• create checkout sessions;
• manage subscription plans;
• verify billing events;
• process webhook updates;
• update plan and subscription status;
• prevent billing abuse or fraud;
• maintain billing records.

We do not store full payment card details.

4.4 To Protect PortalBay

We use information to:

• prevent spam and abuse;
• rate-limit public forms or sensitive actions;
• investigate suspicious activity;
• prevent unauthorized access;
• protect workspaces and portals;
• detect violations of our Terms of Service;
• secure accounts and sessions;
• respond to security incidents;
• protect PortalBay, users, clients, and third parties.

4.5 To Improve the Service

We may use information to:

• troubleshoot bugs;
• improve usability;
• understand product performance;
• improve reliability and security;
• improve page speed and user experience;
• plan product improvements;
• understand which parts of the Service are used.

We do not use client content, messages, project data, uploaded files, or private portal content to train AI models.

5.1 Legal Bases

Depending on your location and how you use PortalBay, we may process information based on:

• performance of a contract;
• legitimate interests, such as operating and securing PortalBay;
• consent, where required;
• compliance with legal obligations;
• protection of rights, safety, and security.

5.2 Workspace Owner Responsibility for Client Data

Workspace owners are responsible for the client data they collect, upload, or manage through PortalBay.

If a workspace owner uses PortalBay to process personal data about clients, the workspace owner is responsible for ensuring they have the appropriate legal basis, notice, consent, agreement, or other permission required by applicable law.

5.3 PortalBay as a Service Provider

PortalBay processes workspace owner-provided client data to provide the Service, operate client portals, send notifications, secure the platform, provide support, and perform related functions.

PortalBay does not control the relationship between a workspace owner and a client and does not decide what client data a workspace owner chooses to collect, submit, or manage through PortalBay.

We do not sell personal data.

We may share information only as needed for the purposes described in this Privacy Policy.

6.1 Service Providers

We may share information with service providers that help us operate PortalBay, such as:

• Supabase for authentication, database, and file storage;
• Resend for transactional email delivery;
• third-party billing providers for subscription billing and checkout;
• Vercel for hosting, analytics, performance, and deployment-related services;
• DNS, security, monitoring, or infrastructure providers where applicable.

These providers may process information on our behalf or under their own applicable terms and privacy policies.

6.2 Billing Providers

If you purchase a PortalBay subscription, billing information may be processed by a third-party billing provider.

PortalBay may receive and store subscription metadata, but we do not store full payment card details.

6.3 Workspace Owner and Client Visibility

Information submitted through PortalBay may be visible to the relevant workspace owner, client, or authorized user depending on the feature.

For example:

• workspace owners may see public request submissions sent to their workspace;
• workspace owners may see client records, project data, files, links, messages, feedback, and approvals related to their workspace;
• clients may see the private portal, project information, messages, files, links, approvals, and other materials made available to them by the workspace owner.

Clients cannot access unrelated workspaces or other clients’ private portals unless access is improperly shared or authorized through the product.

6.4 Legal and Safety Reasons

We may access, preserve, or share information if we reasonably believe it is necessary to:

• comply with law, legal process, or governmental request;
• enforce our Terms of Service;
• investigate abuse, fraud, or security issues;
• protect PortalBay, users, clients, or third parties;
• prevent harm;
• respond to support, privacy, or security requests;
• protect our rights, property, or operations.

6.5 Business Transfers

If PortalBay is involved in a merger, acquisition, reorganization, sale of assets, financing, or similar transaction, information may be transferred as part of that transaction, subject to appropriate protections where required.

7.1 Authentication Cookies

PortalBay uses cookies and similar technologies to support authentication, sessions, security, and basic product functionality.

Registered workspace owner accounts may use authentication cookies through Supabase and Next.js server-side session handling.

7.2 Private Portal Session Cookies

Private client portals may use separate cookies to keep clients signed into a verified portal session for a limited time.

These cookies help verify portal access without requiring the client to enter an access code on every page load.

7.3 Flash Messages and Preferences

PortalBay may use short-lived cookies for temporary messages and local storage for preferences such as theme or layout settings.

7.4 Analytics and Performance Tools

PortalBay may use analytics and performance tools such as Vercel Analytics and Vercel Speed Insights to understand traffic and performance.

If we add non-essential marketing, advertising, or tracking cookies in the future, we may update this Privacy Policy and provide consent options where required.

8.1 Private Portal Access Codes

Private client portals may require an access code.

PortalBay does not store raw access codes as plain text in the database. Access codes may be stored as secure hashes. A raw access code may exist temporarily when it is generated or sent to the intended recipient by email.

8.2 Portal Tokens and Tracking Tokens

PortalBay may use tokens for private portal links and public request tracking pages.

Portal tokens and tracking tokens help route users to the correct portal or request page. Private portal content may require additional verification, such as a valid access code or portal session.

8.3 Session Tokens

PortalBay may store hashed session tokens for private portal sessions.

These help verify client portal access while protecting raw session values.

8.4 Rate Limiting and Abuse Prevention

PortalBay may use rate limiting and abuse-prevention systems.

For example, rate-limit records may use hashes derived from IP address or email-related data rather than storing the raw IP address or email in the rate-limit counter.

9.1 Uploaded Files

PortalBay may allow users to upload files related to projects, briefs, messages, or other workflows.

Uploaded files may be stored using third-party storage providers such as Supabase Storage.

File metadata may include original filename, MIME type, file size, storage path, project ID, workspace relationship, timestamps, and similar operational metadata.

9.2 Private File Access

Some files may be stored in private storage and accessed through short-lived signed URLs or other access-control mechanisms.

Users are responsible for ensuring they have the right to upload, share, and process any files they submit through PortalBay.

9.3 External Links

PortalBay may store external links, including reference links, project links, file links, and next-step links.

External links are controlled by the person or service that provides them. PortalBay is not responsible for the privacy or security practices of external websites.

10.1 PortalBay Subscription Billing

PortalBay may offer free and paid plans.

If you purchase a paid PortalBay subscription, checkout and billing may be handled by a third-party billing provider.

PortalBay may store billing metadata such as plan, status, provider IDs, renewal dates, and subscription identifiers.

10.2 No Full Card Storage

PortalBay does not store full payment card numbers, CVV codes, or full payment method details.

10.3 Client Payments

PortalBay does not process payments between users and their clients.

Customers pay PortalBay only for access to the software subscription. Any client billing or payment arrangement, instruction, or external payment page is handled outside PortalBay by the users and relevant third-party services.

Payments between users and their clients are separate from PortalBay subscription billing.

PortalBay does not hold, receive, release, transfer, guarantee, or manage payments between users and their clients.

11.1 General Retention

We keep information for as long as reasonably needed to:

• provide the Service;
• maintain accounts and workspaces;
• operate client portals;
• support projects, messages, files, links, and notifications;
• maintain billing and business records;
• comply with legal obligations;
• resolve disputes;
• prevent abuse;
• enforce our Terms of Service;
• maintain backups;
• protect PortalBay, users, clients, and third parties.

11.2 Active, Archived, and Soft-Deleted Data

Some PortalBay features may use archive, trash, or soft-delete behavior. This means some data may remain stored after it is hidden from normal views.

For example, clients, projects, messages, requests, files, notifications, or related records may be retained for product, recovery, audit, security, legal, or operational reasons.

11.3 Backups and Logs

Data may remain in backups, logs, provider systems, or technical records for a limited period after deletion from active product views.

Because backups and logs are used for security, recovery, debugging, and operational integrity, deletion from all backup systems may not be immediate.

11.4 No Self-Service Export or Full Account Deletion Yet

PortalBay may not currently provide self-service full account deletion, full workspace deletion, or full data export tools.

To request access, correction, export, or deletion of your personal data, contact us at support@mail.portalbay.app.

We will review requests according to applicable law, security requirements, product limitations, and our need to retain certain information for legal, security, billing, or operational reasons.

Depending on your location, you may have rights related to your personal data.

These may include the right to:

• request access to your personal data;
• request correction of inaccurate information;
• request deletion of personal data;
• request export or portability of personal data;
• object to certain processing;
• restrict certain processing;
• withdraw consent where processing is based on consent;
• complain to a data protection authority where applicable.

To make a request, contact us at:

support@mail.portalbay.app

We may need to verify your identity or authority before fulfilling a request.

If you are a client of a workspace owner using PortalBay, we may direct certain requests to the relevant workspace owner because the workspace owner controls the client relationship and may be responsible for the client data they submitted or managed through PortalBay.

13.1 Security Measures

We use technical and organizational measures intended to protect information, such as authentication, access controls, hashed access codes, session protections, private storage where appropriate, signed URLs for certain files, rate limiting, and service-provider security features.

13.2 No Perfect Security

No online service can guarantee perfect security.

We cannot guarantee that PortalBay will always be free from unauthorized access, data loss, service interruption, security incidents, or other risks.

13.3 User Responsibilities

Users are responsible for:

• keeping account credentials secure;
• keeping portal links and access codes confidential;
• not sharing private portal access codes with unauthorized people;
• using strong and unique passwords;
• controlling who can access their workspace or portal;
• ensuring they have rights to upload and share content;
• reporting suspected unauthorized access or security issues.

If you believe your account, workspace, portal, or access code has been compromised, contact us at support@mail.portalbay.app.

PortalBay is not designed specifically for storing highly sensitive information.

You should not upload or submit highly sensitive personal information unless it is necessary for your project and you have the right to share it.

Highly sensitive information may include, depending on context:

• government ID numbers;
• financial account details;
• health or medical information;
• biometric data;
• children’s data;
• highly confidential business secrets;
• passwords or security credentials;
• regulated or legally restricted information.

Workspace owners are responsible for deciding what information they request from clients and for ensuring they have appropriate legal rights and safeguards.

PortalBay may be used by people in different countries.

Your information may be processed in countries where PortalBay, our infrastructure, or our service providers operate.

These countries may have data protection laws that differ from the laws in your country.

Where required, we will use appropriate measures for international transfers of personal data.

PortalBay is not intended for children.

You must be at least 18 years old, or the age of majority in your jurisdiction, to create a PortalBay account.

PortalBay users should not submit children’s personal data unless they have the legal right to do so and appropriate safeguards are in place.

We do not knowingly collect personal data from children through workspace owner accounts.

If you believe a child has provided personal data to PortalBay, contact us at support@mail.portalbay.app.

PortalBay does not use your client content, messages, project data, uploaded files, private portal content, or workspace content to train AI models.

If this changes in the future, we will update this Privacy Policy and provide any required notice or choices under applicable law.

PortalBay currently uses email mainly for transactional, account, portal, notification, billing, legal, and support-related communications.

If we send marketing emails in the future, we will provide a way to unsubscribe or opt out where required.

You may still receive important transactional or service-related emails even if you opt out of marketing emails.

PortalBay may contain links to external websites, payment pages, file links, project links, reference links, or third-party resources.

We are not responsible for the privacy, security, or content practices of external websites or services.

You should review the privacy policies of any third-party services you use.

We may update this Privacy Policy from time to time to reflect changes in PortalBay, our practices, service providers, legal requirements, or security needs.

When we update this Privacy Policy, we will update the “Last updated” date.

For material changes, we may provide notice by email, in-app notification, website notice, or another reasonable method.

Your continued use of PortalBay after an updated Privacy Policy becomes effective means you acknowledge the updated policy.

If you have questions about this Privacy Policy or want to make a privacy request, contact us at:

Email: support@mail.portalbay.app

Operator: PortalBay

© 2026 PortalBay. All rights reserved.