Privacy and Security

Data Collection, Processing and Storage for Portant Workflow

Portant takes the privacy and security of customer data in our cloud-based platform very seriously. Portant Workflow identifies data in two categories: Metadata and “Operating Data”.
‍
‍Metadata includes file names, Google Form questions, spreadsheet headers (the first row of a Google Sheet), HubSpot Property names, reference fields, data merge settings, email templates, and usernames (email address). Portant Workflow only collects metadata from Google Workspace for the purpose of managing and maintaining the application.
‍
‍Operating Data includes the data used to customise output documents, such as Google Form responses, Google Sheet rows, HubSpot Object Data and Google Docs and Google Slides templates. Portant Workflow stores this data for the period of automation process. Once an automation is completed the operating data originating from the source is discarded unless the user has selected otherwise.

All communication between Portant Workflow and Google Workspace is done via secure protocols (SSL, TLS) and authenticated with Google via OAuth 2 standards.

The metadata stored by Portant is encrypted at rest. After written termination of the service, all user data is deleted from the platform. Portant’s servers are deployed on the market leading cloud providers (Google Cloud Platform). These services provide the highest level of security by default. These data centers are highly secure and are replicated across multiple locations to ensure resiliency and rapid failover in a disaster situation.

Portant Security Summary:
- Portant only stores operating data from Google Workspace for the period a workflow automation.
- Portant only stores metadata for the purpose of functionality
- Portant uses a market leading cloud provider with the top security standards running the latest security patches.
- Servers are hosted in secure data centers in geographically dispersed locations. The data center provider is SOC2 compliant.
- Portant Workflow is secured through the Google Cloud Platform infrastructure
- All signup and login access is managed through Google. Portant doesn’t store any of your passwords.

Data Collection, Processing and Storage for Portant Data Merge

Portant takes the privacy and security of customer data in our cloud-based platform very seriously. Portant Data Merge identifies data in two categories: metadata and operating data.
‍
‍Metadata includes file names, Google Form questions, spreadsheet headers (the first row of a Google Sheet), data merge settings, email templates, and usernames (email address). Portant Data Merge only collects metadata from Google Workspace for the purpose of managing and maintaining the application.
‍
‍Operating Data includes the data used to customise output documents, such as Google Form responses, Google Sheet rows, and Google Docs and Google Slides templates. Portant Data Merge does NOT collect or have any visibility on the operating data transmitted via the data merge process or from customer’s connected Google applications.

All communication between Portant Data Merge and Google Workspace is done via secure protocols (SSL, TLS) and authenticated with Google via OAuth 2 standards.

The metadata stored by Portant is encrypted at rest. After written termination of the service, all user data is deleted from the platform. Portant’s servers are deployed on the market leading cloud providers (Amazon Web Services and Google Cloud Platform). These services provide the highest level of security by default. These data centres are highly secure and are replicated across multiple locations to ensure resiliency and rapid failover in a disaster situation.

Portant Security Summary:
- Portant never stores operating data outside of Google Workspace
- Portant only stores metadata for the purpose of functionality
- Portant uses market leading cloud providers with the top security standards running latest security patches.
- Servers are hosted in secure data centres in geographically dispersed locations. The data centre provider is SOC2 compliant.
- Portant Data Merge is secured through the Google Workspace Environment, users need to ensure they mutually supporting security controls within Google.

‍

Compliance with SOC 2, HIPAA, and GDPR
Portant is fully committed to maintaining the highest standards of data security and privacy. Our platform and processes are designed to meet the requirements of SOC 2, HIPAA, and GDPR, ensuring that customer data is handled in accordance with globally recognised compliance frameworks.

• SOC 2: Independent audits verify that our systems and processes meet the Trust Service Criteria for security, availability, and confidentiality.
• HIPAA: For customers handling protected health information (PHI), Portant adheres to the administrative, physical, and technical safeguards mandated by HIPAA, ensuring the confidentiality and integrity of healthcare-related data.
• GDPR: We comply with the General Data Protection Regulation’s principles for data processing, storage, and deletion, including supporting data subject rights, minimising data retention, and ensuring lawful data transfers.

For full details of our compliance certifications, security practices, and live status updates, please visit our Portant Trust Center: https://trust.delve.co/portant.

‍