Security

At Porter, we understand that customers trust us with important business documents and workflows. We design Porter with security, privacy, and operational reliability in mind.

This page provides an overview of how we protect customer data and operate the Porter platform.

Infrastructure and Hosting

Porter is hosted using infrastructure provided by Amazon Web Services. Our core systems are operated within the European Union.

We use managed cloud services for hosting, storage, databases, and operational monitoring.

Encryption and Secure Transport

Connections to Porter are protected using HTTPS/TLS encryption.

Customer files stored in cloud storage are encrypted at rest using industry-standard encryption mechanisms. We continuously review additional opportunities to strengthen encryption across supporting systems.

Access Controls

Access to systems and customer data is restricted to authorised personnel with a legitimate operational need.

Porter uses role-based permissions for customer organisations, including account owner, administrator, and member roles. Billing actions are restricted to authorised account owners.

Internal administrative access is limited and controlled through infrastructure identity and access management tools.

Customer Files and Data Handling

Customers upload files to Porter for processing, remediation, generation, or related workflows.

By default, uploaded files are retained for 14 days, unless a customer chooses a longer retention period where available.

We do not use customer files to train public or third-party general-purpose AI models.

Where reasonably necessary, authorised personnel may review files or outputs for limited purposes such as:

• troubleshooting technical issues
• investigating failed processing jobs
• improving service quality
• notifying customers when previously problematic files can be successfully processed

Such access is limited and handled under confidentiality obligations.

Authentication and Accounts

Porter supports secure user accounts and organisation-based access controls.

We use managed authentication services for account login and access management.

We recommend that customers use strong passwords and maintain appropriate internal user access practices.

Payments

Subscription billing is handled by Stripe. Porter does not store full payment card numbers on its own systems.

Monitoring and Reliability

We use operational logging and monitoring tools to help maintain service reliability, diagnose issues, and respond to incidents.

We maintain backups and recovery mechanisms designed to support service continuity.

Privacy and Compliance

Porter is operated by Jaagon Oy in Finland.

We aim to process personal data in accordance with applicable European data protection laws, including GDPR.

For more information, please see our:

• Privacy Policy
• Cookie Notice
• Data Processing Agreement (DPA)
• Terms of Service

Continuous Improvement

Security is an ongoing process. We regularly review our technical controls, infrastructure, retention practices, and operational procedures as Porter evolves.

Contact

Security or privacy questions can be sent to:

support@porter.fi