Portant takes the privacy and security of customer data in our cloud-based platform very seriously. Portant Data Merge identifies data in two categories: metadata and operating data.
Metadata includes file names, Google Form questions, spreadsheet headers (the first row of a Google Sheet), data merge settings, email templates, and usernames (email address). Portant Data Merge only collects metadata from Google Workspace for the purpose of managing and maintaining the application.
Operating Data includes the data used to customise output documents, such as Google Form responses, Google Sheet rows, and Google Docs and Google Slides templates. Portant Data Merge does NOT collect or have any visibility on the operating data transmitted via the data merge process or from customer’s connected Google applications.
All communication between Portant Data Merge and Google Workspace is done via secure protocols (SSL, TLS) and authenticated with Google via OAuth 2 standards.
The metadata stored by Portant is encrypted at rest. After written termination of the service, all user data is deleted from the platform. Portant’s servers are deployed on the market leading cloud providers (Amazon Web Services and Google Cloud Platform). These services provide the highest level of security by default. These data centres are highly secure and are replicated across multiple locations to ensure resiliency and rapid failover in a disaster situation.
Portant Security Summary:
- Portant never stores operating data outside of Google Workspace
- Portant only stores metadata for the purpose of functionality
- Portant uses market leading cloud providers with the top security standards running latest security patches.
- Servers are hosted in secure data centres in geographically dispersed locations. The data centre provider is SOC2 compliant.
- Portant Data Merge is secured through the Google Workspace Environment, users need to ensure they mutually supporting security controls within Google.