Porter

Porter Privacy Policy

Effective Date: 29.4.2026

Last Updated: 29.4.2026

This Privacy Policy describes how Jaagon Oy (“Porter”, “we”, “us”, or “our”) collects, uses, discloses, stores, and otherwise processes personal data in connection with the Porter platform, our website at porter.fi, and related products and services (collectively, the “Services”).

We are committed to protecting privacy and processing personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

By using the Services, creating an account, purchasing a subscription, uploading content, or otherwise interacting with us, you acknowledge the practices described in this Privacy Policy.

1. Controller Information

The controller responsible for personal data covered by this Privacy Policy is:

Jaagon Oy

Helsinki, Finland

Email: support@porter.fi

Where we process personal data solely on behalf of a business customer, we may act as a processor rather than a controller. See Section 13 below.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data relating to:

  • visitors to porter.fi;
  • users of the Services;
  • account holders and subscribers;
  • billing contacts and purchasers;
  • support contacts;
  • individuals whose personal data appears in documents uploaded by customers; and
  • recipients of communications from us.

This Privacy Policy does not apply to third-party websites, services, or platforms that may be linked from our Services.

3. Personal Data We Collect

We collect personal data directly from you, automatically through your use of the Services, and from third parties such as payment providers.

3.1 Information You Provide

We may collect information you provide when creating an account, subscribing, contacting support, or otherwise using the Services, including:

  • email address;
  • organisation or company name;
  • contact details;
  • communications content; and
  • any information you choose to provide.

3.2 Billing and Subscription Information

Payments and subscriptions are processed by Stripe. We may receive information such as:

  • customer name;
  • billing status;
  • subscription plan;
  • payment confirmations; and
  • limited transaction metadata.

We do not store full payment card details on our systems.

3.3 Usage and Technical Information

When you use the Services, we may collect technical and operational data, including:

  • IP address;
  • browser type and device information;
  • timestamps;
  • usage logs;
  • authentication events;
  • cookie and local storage preferences; and
  • service performance data.

3.4 Uploaded Content

Customers may upload files and documents for processing. Such files may contain personal data determined by the customer, including names, contact details, employment information, financial data, accessibility-related content, or other materials.

3.5 Support and Troubleshooting Data

If you contact support or request assistance, we may process communications, attached files, logs, and related diagnostic information.

4. How We Use Personal Data

We use personal data for the following purposes:

  • to provide, maintain, and improve the Services;
  • to create and administer user accounts;
  • to process subscriptions and payments;
  • to process uploaded documents and generate outputs;
  • to provide customer support;
  • to monitor availability, performance, and security;
  • to detect fraud, misuse, or unlawful activity;
  • to communicate operational notices and service updates;
  • to comply with legal obligations; and
  • to send marketing communications where permitted by law or with consent.

5. Uploaded Files and Service Improvement

We do not use customer-uploaded files to train general-purpose AI models.

We may access files, outputs, and related processing results where reasonably necessary to:

  • investigate failed or incomplete remediation;
  • diagnose technical issues;
  • improve document processing workflows and service quality; or
  • notify customers when previously problematic files can be successfully processed, where relevant services have been purchased.

Access is limited to authorised personnel and approved service providers subject to confidentiality obligations.

6. Legal Bases for Processing

Where GDPR applies, we rely on one or more of the following legal bases:

  • performance of a contract or taking steps at your request before entering a contract;
  • compliance with legal obligations;
  • our legitimate interests, including operating the Services, security, fraud prevention, support, and service improvement; and
  • consent, where required, including for certain marketing or optional tracking technologies.

Where processing is based on consent, consent may be withdrawn at any time without affecting prior lawful processing.

7. Cookies and Similar Technologies

We use cookies and similar technologies, including browser local storage, to operate the Services, remember preferences, maintain sessions, and support workflows.

Where optional analytics or advertising technologies are used, we request consent where required by applicable law.

Further information is available in our Cookie Notice.

8. Disclosure of Personal Data

We may disclose personal data to trusted service providers that support our operations, including:

  • Amazon Web Services for hosting, storage, infrastructure, and logging;
  • Stripe for billing and subscriptions;
  • OpenAI for document-processing related services where applicable; and
  • Datalabs for OCR or document processing where applicable.

We may also disclose personal data:

  • where required by law, regulation, court order, or competent authority;
  • to protect rights, safety, or security;
  • in connection with a merger, acquisition, restructuring, or sale of assets; or
  • with your consent or instruction.

We do not sell personal data.

9. International Data Transfers

We seek to host core systems within the European Union.

Some service providers may process data outside the EU/EEA or provide support from other jurisdictions. Where personal data is transferred internationally, we rely on lawful safeguards such as adequacy decisions, Standard Contractual Clauses, or other recognised transfer mechanisms where required.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless longer retention is required or permitted by law.

Typical retention periods include:

  • active accounts: for the duration of the customer relationship;
  • cancelled accounts: up to 90 days after cancellation, unless retention is required for legal, billing, or security reasons;
  • inactive unused accounts: up to 12 months of inactivity, after which deletion or anonymisation may occur;
  • uploaded files: 14 days by default, unless a user chooses longer retention;
  • operational logs: limited retention periods appropriate to security and troubleshooting; and
  • backup copies: retained for limited periods until overwritten or deleted in normal backup cycles.

11. Security Measures

We implement reasonable technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures may include encrypted web connections, access controls, role-based permissions, secure cloud infrastructure, logging, and operational safeguards.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Your Rights

Where provided by applicable law, including GDPR, you may have the right to:

  • request access to personal data;
  • request correction of inaccurate data;
  • request deletion of personal data;
  • request restriction of processing;
  • object to certain processing;
  • request portability of data;
  • withdraw consent where applicable; and
  • lodge a complaint with a supervisory authority.

To exercise rights, contact us at support@porter.fi.

We may request information necessary to verify identity before responding.

13. Controller and Processor Roles

Where a customer uploads files or personal data to Porter for processing through the Services, that customer is typically the controller responsible for the personal data contained in such materials.

In those cases, Porter generally acts as a processor providing services on the customer’s behalf, subject to applicable agreements.

14. Children’s Privacy

The Services are not directed to children, and we do not knowingly collect personal data from children through our consumer-facing Services.

If we become aware of unlawful collection from a child, we may delete the relevant information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or technical changes.

Updated versions will be published with a revised effective date. Where required by law, we will provide additional notice.

16. Contact Us

Jaagon Oy Helsinki, Finland

support@porter.fi