Privacy Policy

This Privacy Policy explains how PortEden, operated by TimeVerse Inc. ("PortEden," "we," "us," "our"), collects, uses, shares, and protects personal information when you use our data firewall, security platform, and subscription services (collectively, the "Service"). By using the Service, you acknowledge that you have read and understood this Privacy Policy.

A. Identifiers

• Email addresses and display names
• IP addresses
• Account identifiers and authentication credentials

B. Security and Configuration Data

• Firewall rules and data access policies you configure
• Security policy definitions and enforcement settings
• Audit logs and security event records
• API access permissions and restrictions

C. Internet and Electronic Network Activity

• API usage patterns and request logs
• API interaction records (blocked, allowed, flagged requests)
• OAuth tokens and authorization data for connected services
• Service usage logs and activity patterns

D. Data Processed Through the Firewall

• Content that passes through the data firewall may be temporarily inspected to enforce your security policies
• Metadata about data access requests (source, destination, type, timestamp)
• Threat detection signals and anomaly indicators

E. Payment and Billing Information

• Billing name and email address
• Billing address (if provided)
• Transaction history, subscription plan, and billing cycle
• Payment method type and last four digits of your payment card

Important: Full credit card numbers are collected and processed directly by our payment processor, Stripe, Inc. PortEden does not receive, store, or have access to your full card number.

A. Core Service Operations

• Enforcing data access policies between APIs and your data
• Filtering, inspecting, and controlling data flows per your configured rules
• Generating security audit trails and compliance reports
• Detecting threats and anomalous access patterns

B. Service Improvement

• Error tracking and debugging
• Performance monitoring and optimization
• Improving threat detection and policy enforcement accuracy

C. Communication

• Security alerts and incident notifications
• Service announcements and updates
• Responding to support inquiries

D. Billing and Payments

• Processing subscription payments and renewals
• Managing your subscription status (active, cancelled, past due)
• Sending payment receipts and billing notifications
• Resolving billing disputes and preventing payment fraud

• Payment processor (Stripe) — we share billing information with Stripe, Inc. to process payments, manage subscriptions, and prevent fraud. Stripe processes your payment card data directly; PortEden does not have access to full card numbers. Data is transmitted via Stripe's PCI DSS-compliant APIs using TLS encryption. Stripe's use of your data is governed by Stripe's Privacy Policy
• Service providers — hosting, infrastructure, and email delivery providers operating under strict confidentiality obligations
• Connected integrations — only as you direct through your authorized connections to third-party AI platforms and services
• Legal requirements — when required by law, subpoena, or court order
• Business transfers — if we merge, sell assets, or reorganize, the successor entity must honor this Privacy Policy

We do NOT sell your personal information.

We may use cookies, pixels, and similar tracking technologies to operate and improve the Service. These may include:

• Essential cookies — required for authentication, session management, and security
• Analytics — aggregated usage data to understand how the Service is used and improve performance
• Advertising and conversion pixels — third-party pixels (such as from advertising platforms) may be used to measure the effectiveness of our marketing campaigns. These pixels may collect limited information such as your IP address, browser type, and pages visited

You can control cookies through your browser settings. Disabling essential cookies may impair Service functionality. We honor Do Not Track (DNT) browser signals where technically feasible.

PortEden's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We access Google data solely to provide the Service's core functionality — enforcing data access policies, filtering AI agent requests, and generating security audit trails. We do not use Google data for advertising, do not sell it, and do not use it to train generalized AI models. Data is retained only as long as needed for Service operations.

When an Operator sends a Resource Invite (as described in the Terms of Use), PortEden collects and processes personal data from the invited Resource upon their acceptance and OAuth authorization.

A. Personal Data Collected

• Name and email address of the Resource
• OAuth tokens and authorization credentials
• Calendar data (events, scheduling information) — if calendar scope is authorized
• Email data (messages, metadata) — if email scope is authorized
• Drive data (files, documents) — if drive scope is authorized
• Task data (task lists, assignments, task metadata) — if task scope is authorized
• Data from other connected systems — if additional scopes are authorized

B. Data Recipients

Data collected via Resource Invites is accessible to:

• The inviting Operator — who directs the synchronization and determines how the synced data is used within their account
• PortEden — which facilitates the technical synchronization at the Operator's direction and with the Resource's consent

C. Legal Basis for Processing

The legal basis for processing Resource data is explicit consent, obtained through the combination of the consent checkbox (which includes acknowledgment of the security warning and sender identity) and the OAuth authorization flow with the Resource's identity provider (Google or Microsoft).

D. Retention

• OAuth tokens and synced data are retained for the duration of the active connection between the Resource and the Operator
• Invite tokens expire after a maximum of 90 days if not accepted
• Upon disconnection or revocation, OAuth tokens are deleted and active synchronization ceases

E. Data Shared with the Operator

The following data types may be shared with the inviting Operator, depending on the scopes authorized:

• Calendar — event titles, times, attendees, and scheduling metadata
• Email — message content, subject lines, sender/recipient information, and metadata
• Drive — file names, contents, folder structure, and sharing metadata
• Tasks — task titles, descriptions, assignees, due dates, and completion status
• Other Connected Systems — data from any additional third-party services or data sources supported by PortEden

F. Third-Party OAuth Processors

Resource Invites rely on OAuth authorization through third-party identity providers. The Resource's data is also subject to the privacy policies of these providers:

• Google Privacy Policy
• Microsoft Privacy Statement

G. Deletion and Disconnection Rights

A Resource may revoke access and request deletion of their data at any time by:

• Removing PortEden's access through their Google or Microsoft account settings
• Contacting PortEden at support@porteden.com to request data deletion

Upon disconnection, PortEden will delete the Resource's OAuth tokens and cease active synchronization. Data already shared with the Operator prior to disconnection is under the Operator's control and cannot be recalled by PortEden.

H. Nature of the Data Transfer

The transfer of Resource data to the inviting Operator occurs solely at the Resource's direction and is based on the Resource's explicit, informed consent obtained through the consent flow and OAuth authorization. PortEden does not independently determine the purposes of this data transfer — the Operator directs the synchronization, and the Resource authorizes it. PortEden facilitates this transfer as a technical service and processes Resource data only as necessary to perform the Invite Sync functionality. PortEden does not use Resource data for its own commercial purposes, does not sell or rent Resource data, and does not retain Resource data beyond what is required to provide the Service.

I. Breach Notification

In the event of a security incident involving Resource data, PortEden will notify the Operator in a timely manner. The Operator, as the party that directed the data synchronization, is responsible for determining whether and how to notify affected Resources in accordance with applicable law. Where PortEden is independently required by applicable law to notify affected individuals directly, PortEden will comply with the notification requirements of the relevant jurisdiction.

J. Important Disclaimers

• PortEden does not control how Operators use synced data after access is granted. The Operator is solely responsible for their handling and use of the Resource's data
• PortEden does not guarantee the identity of the inviting party. Resources must independently verify the sender before authorizing access
• The consent flow — consisting of a security warning, sender confirmation prompt, and terms checkbox — constitutes informed consent from the Resource
• PortEden strongly recommends that Resources only authorize invites from known and trusted senders

Retention

• Account data is retained while your account is active
• Audit logs and security event data are retained per your configuration or for up to 90 days by default
• Integration tokens are removed upon disconnection
• Data processed through the firewall is not permanently stored unless required by your audit policy
• Payment transaction records are retained for up to 7 years for tax and legal compliance purposes
• Subscription status data is retained while your account is active

Security Measures

We use TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security assessments. Payment processing is PCI DSS compliant via Stripe — PortEden's servers never handle or store full payment card numbers. In the event of a data breach, we will notify affected users as required by applicable law.

Security Disclaimer

Despite our commercially reasonable security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security, integrity, or confidentiality of your data. You acknowledge and agree that:

• Data loss, unauthorized access, or unintended disclosure may occur despite our security measures, including as a result of software bugs, defects, system failures, or vulnerabilities
• You provide personal information at your own risk
• You are responsible for maintaining your own security practices, including strong passwords and access controls
• PortEden shall not be liable for any unauthorized access to, alteration of, or loss of your personal information, except where such liability cannot be excluded under applicable law

The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected personal information from a child under 18, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at support@porteden.com.

Your information may be processed and stored in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence. We take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

All Users

• Access and correction — log in to your account or email support@porteden.com
• Data export — request a copy of your data
• Deletion — delete your account at any time
• Marketing opt-out — unsubscribe from marketing emails at any time

California (CCPA/CPRA) and Other U.S. State Residents

If you reside in California, Virginia, Colorado, Connecticut, Utah, Florida, Montana, Tennessee, or Texas, you have additional rights under applicable state privacy laws:

• Know what personal information we collect, use, disclose, and sell
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information (we do not sell)
• Correct inaccurate personal information
• Limit use of sensitive personal information
• No discrimination for exercising your rights

To exercise these rights: email support@porteden.com with the subject "Privacy Request" or use your account settings.

Rights of Resources (Invite Sync Participants)

If you are a Resource who has authorized data access through an Invite Sync, all of the privacy rights described above apply to you equally — including but not limited to the right to access, correct, delete, and export your personal data held by PortEden. You may also exercise these rights by disconnecting access through your Google or Microsoft account settings or by contacting us at support@porteden.com. Please note that data already transferred to the Operator is under the Operator's control; requests regarding such data should be directed to the Operator.

We may update this Privacy Policy as needed. Material changes will be communicated via email or in-app notification at least 30 days in advance. Continued use after the effective date constitutes acceptance.

This Privacy Policy is governed by the laws of the State of Texas, without regard to conflict of law principles. Disputes will be resolved in Travis County, Texas.

PortEden — Privacy Inquiries

Email: support@porteden.com