Legal
Privacy Policy
Last updated: 10 April 2026
1. Who We Are
Portal Technologies Inc ("Portal", "we", "us", "our") provides age verification technology that allows platforms to confirm a user is over a specified age threshold — without collecting, storing, or processing any personal identity data.
Company: Portal Technologies Inc
Website: https://getportal.cc
Contact: hello@getportal.cc
2. Our Core Privacy Principle
Portal is designed to be architecturally incapable of retaining personal data.
When a user completes an age verification:
- A short video selfie is processed inside an AWS Nitro Enclave — a sealed, isolated computing environment that Portal's own infrastructure cannot observe
- The video is used only to estimate age via AI
- The video is deleted before it ever leaves the enclave — it is never written to disk, never transmitted, and never stored
- Portal receives only a cryptographically attested binary result: "age verified" or "not verified"
- The integrating platform receives only that result — nothing else
This is not a privacy policy — it is a privacy guarantee enforced at the hardware level.
3. What Data We Process
3.1 Age Verification (End Users of Platforms Using Portal)
When you complete an age verification via a platform that uses Portal's SDK:
| Data | Processed? | Stored? |
|---|---|---|
| Video selfie | Yes — inside enclave only | No — deleted in enclave |
| Biometric data | Yes — AI age estimation only | No |
| Name, address, ID documents | No | No |
| Email address | No | No |
| Device signals / browser session | Yes — for anti-spoofing | No — processed in enclave only |
| Verification result (✓/✗) | Returned to platform | No — Portal does not retain |
Portal cannot link any verification to any individual. Verifications are cryptographically unlinkable by design.
3.2 Platform Customers (API / SDK Users)
If you are a business using Portal's API or SDK, we collect:
- Business name and company details
- API usage logs (request counts, timestamps — no user data)
- Billing information (processed via a third-party payment provider)
Account data is pseudonymous. We do not collect or store personal names, surnames, or email addresses. Platform accounts are identified by pseudonymous identifiers only.
Legal basis: Contract performance and legitimate interests.
Retention: Account data is retained for the duration of the contract plus 6 years for legal/tax compliance. API logs are retained for 90 days.
3.3 Website Visitors (getportal.cc)
- Analytics: We may collect anonymised, aggregate website analytics (e.g., page views, referral sources). No individual tracking.
- Cookies: We do not use tracking, advertising, or behavioural cookies. No cookies are placed on your device for the purpose of monitoring or identifying you.
- Contact form: If you contact us, we retain your message to respond to your enquiry.
4. Who We Share Data With
We do not sell personal data. We do not share personal data with third parties for marketing purposes.
We use the following service providers, with appropriate data processing agreements in place:
| Provider | Purpose |
|---|---|
| Amazon Web Services (AWS) | Enclave infrastructure (Nitro Enclaves). Enclave contents are cryptographically sealed and unobservable even by AWS. |
| Payment processor (TBC) | Billing for platform customers |
| Email provider | Business communication |
We may disclose data if required by law or to protect legal rights, subject to applicable legal process.
5. Your Privacy Rights
You may have rights under applicable privacy law (including GDPR, UK GDPR, CCPA, or other US state privacy laws) depending on your location:
- Right of access — request a copy of personal data we hold about you
- Right to rectification — correct inaccurate data
- Right to erasure — request deletion of your data (note: for end users of age verification, we hold no data to delete)
- Right to data portability — receive your data in a portable format
- Right to object — object to processing based on legitimate interests
- Right to restrict processing — request we limit how we use your data
- Right to withdraw consent — where processing is based on consent
To exercise any right, contact: hello@getportal.cc
We will respond within 30 days of receipt.
If you are in the EU/EEA and unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority. If you are in the UK, you may contact the Information Commissioner's Office (ICO).
6. Data Security
Portal uses technical and organisational measures proportionate to the risks involved:
- AWS Nitro Enclaves — cryptographic attestation, sealed execution environment
- Zero data retention — no personal data written to persistent storage
- TLS encryption — all API communication encrypted in transit
- Access controls — principle of least privilege across all internal systems
- Pursuing ISO/IEC 27566-1 (international age assurance standard) and ISO 27001 (information security management)
In the event of a personal data breach affecting platform customer data, we will notify affected customers within 72 hours of becoming aware.
7. Governing Law
This Privacy Policy is governed by the laws of the State of Delaware, USA, without regard to its conflict of law provisions.
8. Data Transfers
Portal is incorporated in the State of Delaware, USA. Data may be processed in the United States and other jurisdictions where our service providers operate. We implement appropriate safeguards for any international data transfers.
9. Children's Data
Portal's age verification technology is specifically designed to protect minors by preventing them from accessing age-restricted content. Portal does not knowingly collect any personal data from individuals under the age of 18.
10. Changes to This Policy
We may update this policy from time to time. We will notify platform customers of material changes by email. The "last updated" date at the top of this page will reflect the most recent version.
11. Contact Us
Contact: hello@getportal.cc
Website: https://getportal.cc
Portal Technologies Inc
[Registered address — to be added]
This privacy policy applies to getportal.cc and Portal's API/SDK products. End users of platforms that integrate Portal should also review the privacy policy of the platform they are using.