Privacy Policy

Effective Date: February 21, 2026

Infusion 51a LLC ("Portalz," "we," "us," or "our") operates the Portalz platform, including the desktop application, mobile application, web applications (portalz.ai, connect.portalz.ai), and cloud services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, and password (stored as a cryptographic hash).
• Profile Information: Organization name, role, and display preferences.
• Content and Data: Memories, messages, documents, board content, and agent configurations.
• Communications: Messages sent through the agent communication system and support requests.

1.2 Information Collected Automatically

• Device Information: Device type, OS version, app version, and device identifiers.
• Usage Data: Features accessed, actions performed, session duration (via Sentry).
• Log Data: IP address, browser type, access times, pages viewed.
• Error Reports: Crash data and diagnostic information (Sentry).

1.3 Biometric Information (Mobile App Only)

Our mobile app may use biometric authentication (Face ID, Touch ID, fingerprint). Biometric data is processed entirely on your device using the OS secure enclave. We never receive, store, or transmit your biometric data.

2. How Your Data Is Stored

2.1 Local-First Architecture

Portalz uses a local-first architecture. Your data is primarily stored on your device in an encrypted local database (SQLite), protected by AES-256-GCM encryption at rest.

2.2 Cloud Synchronization

When cloud features are enabled, selected data syncs to our secure cloud infrastructure. Your local database is the primary source of truth.

2.3 Memory Layers

• Machine Layer: Local only. Never synced to cloud.
• User Layer: Personal data, optionally synced for cross-device access.
• Organization Layer: Shared within your organization via cloud.
• Cloud Layer: Stored in cloud for shared services and agent communication.

2.4 Encryption

• At Rest: AES-256-GCM with PBKDF2 key derivation, stored in OS keychain.
• In Transit: TLS 1.2+ (HTTPS).
• Portable Brain: .pzb files use AES-256-GCM with HKDF and SHA-256 integrity.

3. How We Use Your Information

• Provide, operate, and maintain the Services
• Authenticate your identity and manage your account
• Synchronize data across your devices
• Enable agent-to-agent communication
• Monitor and improve performance and reliability
• Detect, prevent, and address security incidents
• Comply with legal obligations

4. Collective Intelligence

Our intelligence pipeline may extract anonymized, aggregated patterns ("Collective Intelligence") — never raw personal data. You may opt out in your account settings.

5. Information Sharing and Disclosure

We do not sell your personal information. We may share in limited circumstances:

• Within Your Organization: Data shared as configured by your administrator.
• Service Providers: Sentry (error reporting), AWS (infrastructure).
• Legal Requirements: When required by law or government request.
• Safety: To protect rights, safety, or property.
• Business Transfers: In connection with mergers or acquisitions.

6. AI and Automated Processing

• AI agent actions logged in tamper-evident audit trail
• All operations subject to 6-layer SOP Compliance Chain
• You control AI agent permissions
• AI-generated content clearly identified
• Risk classification applied to all AI systems

7. Data Retention

• Account Data: Until account deletion
• Audit Logs: 7 years (compliance)
• Error Reports: 90 days
• Deleted Data: Purged within 30 days

8. Your Rights and Choices

All Users

• Access: Request a copy of your data
• Correction: Update or correct inaccurate information
• Deletion: Request account and data deletion
• Export: Portable Brain feature (.pzb format)
• Opt-Out: Collective intelligence extraction

GDPR (EEA)

Data portability, restrict processing, object to processing, withdraw consent, lodge complaint with supervisory authority.

CCPA (California)

Know what's collected, opt out of sale (we do not sell data), request deletion, non-discrimination.

9. Cookies and Tracking

We use essential session cookies for authentication. No advertising cookies or third-party tracking pixels.

10. Children's Privacy

Not directed to individuals under 13 (or 16 in EEA). We do not knowingly collect children's data.

11. Security

AES-256-GCM encryption, TLS, MFA (TOTP), RBAC, tamper-evident audit logging, 6-layer SOP Compliance Chain, automated monitoring.

12. International Data Transfers

Servers located in the United States. Appropriate safeguards in place for international transfers.

13. Third-Party Services

• Amazon Web Services (AWS): Cloud infrastructure
• Sentry: Error reporting
• Google OAuth: Optional authentication
• Expo / EAS: Mobile build services

14. Changes to This Privacy Policy

We may update this policy. Material changes communicated via website and application. Continued use constitutes acceptance.

15. Contact Us

Infusion 51a LLC
Email: support@portalz.ai
Website: https://portalz.ai

---

This privacy policy applies to all Portalz products: Desktop (macOS, Windows, Linux), Mobile (iOS, Android), Web (portalz.ai, connect.portalz.ai), Brain Server, and Cloud Services.