Privacy Policy

Portfoliq ("we," "us," or "our") operates the Portfoliq platform at portfoliq.ai and app.portfoliq.ai (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service, including our marketing website, web application, free analyzer tools, PDF report generation, and SMS communications.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

For purposes of this policy, "Personal Information" means information that identifies, relates to, describes, or could reasonably be linked to you as an individual. "Property Data" means real estate portfolio information you submit, including property details, financial metrics, debt terms, and building condition data.

1. Information We Collect

1.1 Information You Provide Directly

• Account information — Name, email address, and password when you create an account. If you sign up using Google OAuth, we receive your name, email, and profile picture from Google.
• Property and financial data — Property details, valuations, income, operating expenses, debt terms (loan amounts, interest rates, maturity dates), capital expenditure plans, building condition assessments, and other portfolio information you enter through the Service.
• Phone number — If you provide your phone number on our founding member, waitlist, or contact forms.
• SMS consent — Your opt-in preferences for transactional and marketing text messages, collected separately via distinct checkboxes.
• Payment information — Payment is processed by Stripe. We do not store your credit card number or full payment details. Stripe shares limited billing information with us (last four digits, expiration date, billing address) to facilitate account management.
• Free analyzer inputs — If you use our free deal analyzer tool without an account, we collect the property data you submit to generate the analysis. This data is processed in-session and is not stored persistently unless you create an account.
• Support communications — Emails, messages, or other correspondence you send to us.

1.2 Information Collected Automatically

• Usage data — Pages visited, features used, time spent, clickstream data, browser type, device type, operating system, screen resolution, and referring URLs. Collected through Vercel Analytics, which is privacy-focused and does not use cookies for tracking.
• Log data — IP address, request timestamps, and server logs generated by our hosting provider (Vercel).
• Error data — When errors occur, Sentry collects technical details including stack traces, browser information, device information, and user identifiers to help us diagnose and fix issues.

1.3 Information from Third Parties

• Google OAuth — If you authenticate with Google, we receive your name, email address, and profile picture.
• Stripe — Payment confirmation, subscription status, and limited billing details.

We do not purchase, rent, or acquire Personal Information from data brokers or other third-party sources.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery — Provide, operate, and maintain the Service, including portfolio analysis, deal underwriting, debt tracking, capital planning, portfolio health scoring, and PDF report generation
• AI-powered features — Generate strategy recommendations using AI (see Section 3 for details on how AI processes your data)
• Payment processing — Process transactions, manage subscriptions, and administer the founding member program
• Communications — Send transactional emails about your account, service updates, and support responses
• SMS messaging — Send transactional and/or marketing text messages if you have opted in (see Section 4)
• Improvement — Analyze usage patterns to improve existing features and develop new ones
• Security — Detect, prevent, and address technical issues, fraud, and security threats
• Legal compliance — Comply with applicable laws, regulations, and legal processes

3. AI-Powered Features

Portfoliq uses Anthropic's Claude API to generate strategy recommendations and narrative analyses. When you use AI-powered features:

• What data is sent: We send anonymized and de-identified property metrics (such as NOI, cap rates, DSCR, and building condition scores) to Anthropic. We do not send your name, email, phone number, or other directly identifying information to Anthropic.
• No model training: Per Anthropic's API terms, data submitted through their API is not used to train their AI models.
• Data retention: Anthropic retains API inputs and outputs for up to 30 days for safety and abuse monitoring, after which they are deleted.
• Not professional advice: AI-generated outputs are for informational purposes only and do not constitute financial, investment, legal, or tax advice. AI may produce inaccurate or incomplete information. You are solely responsible for decisions made based on AI outputs.

4. SMS/Text Messaging

If you provide your phone number and opt in to receive text messages from Portfoliq, the following applies:

• Types of messages: We offer transactional messages (account alerts, status updates, reminders) and marketing messages (promotional offers, product announcements). Consent for each type is collected separately.
• Frequency: Message frequency may vary depending on your account activity and preferences.
• Costs: Message and data rates may apply depending on your carrier and plan.
• Opt-out: Reply STOP to any message to unsubscribe from all SMS communications. You may also contact us at support@portfoliq.ai to opt out.
• Help: Reply HELP to any message for assistance, or contact support@portfoliq.ai.
• Not required: Consent to receive SMS messages is not a condition of purchasing any goods or services from Portfoliq.
• Carrier liability: Carriers are not liable for delayed or undelivered messages.

Your phone number and SMS consent are never sold, rented, or shared with third parties or affiliates for their marketing purposes. We only share your phone number with our SMS service provider for the sole purpose of delivering the messages you consented to receive. We retain records of your SMS consent for the duration required by applicable law.

5. Data Sharing and Disclosure

We do not sell your Personal Information or Property Data. We do not share your Personal Information for cross-context behavioral advertising. We share information only in the following circumstances:

5.1 Service Providers

We use the following third-party service providers who process data on our behalf under contractual obligations to protect it:

• Supabase — Authentication and database hosting. Stores your account data and Property Data in the United States. Privacy Policy
• Vercel — Application hosting, deployment, and privacy-focused analytics (no tracking cookies). Privacy Policy
• Stripe — Payment processing and subscription management. Receives your name, email, payment method, and billing address. PCI-DSS compliant. Privacy Policy
• Anthropic — AI processing for strategy recommendations. Receives anonymized property metrics only — no Personal Information. Privacy Policy
• Sentry — Error monitoring and performance tracking. Receives device information, error context, and user identifiers for debugging. Privacy Policy
• Google — OAuth authentication provider. Receives authentication tokens; provides your name, email, and profile picture.

5.2 Legal Requirements

We may disclose your information if required by law, regulation, subpoena, court order, or governmental request, or to protect the rights, property, or safety of Portfoliq, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your information is subject to a different privacy policy.

5.4 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably be used to identify you. This data may be used for industry research, market analysis, or service improvement.

6. Cookies and Analytics

We do not use third-party advertising cookies or cross-site tracking technologies.

We use the following technologies:

• Essential/session cookies — For authentication, session management, and security. These are strictly necessary for the Service to function and cannot be disabled.
• Vercel Analytics — Privacy-focused web analytics that does not use cookies for tracking, does not collect personally identifiable information, and is compliant with privacy regulations.
• Supabase auth tokens — Stored locally for maintaining your authenticated session.

You can control cookie behavior through your browser settings. Disabling essential cookies may prevent authentication and core features from functioning.

Do Not Track / Global Privacy Control: We honor Global Privacy Control (GPC) signals. Since we do not engage in cross-context behavioral advertising or sell Personal Information, no additional action is required when we receive a GPC or Do Not Track signal.

7. Data Security

We implement commercially reasonable technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Row-Level Security (RLS) policies in our database ensuring users can only access their own data
• Stripe PCI-DSS compliance for all payment data handling
• Secure OAuth 2.0 authentication via Supabase and Google
• Role-based access controls for internal systems
• Regular security reviews and monitoring via Sentry
• Automated backups with encryption for disaster recovery

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If we become aware of a data breach that affects your Personal Information, we will notify you in accordance with applicable law.

8. Data Retention

• Account and Property Data: Retained while your account is active. If you delete your account, we delete or anonymize your data within 30 days, except as noted below.
• Payment records: Retained for 7 years as required by tax and financial regulations.
• SMS consent records: Retained for 4 years after the last consent interaction, as required by TCPA regulations.
• Error logs (Sentry): Retained for 90 days.
• AI processing (Anthropic): Inputs and outputs are deleted by Anthropic within 30 days.
• Analytics data: Vercel Analytics data is aggregated and does not contain Personal Information.
• Free analyzer data: Processed in-session only and not stored unless you create an account to save results.
• Legal holds: We may retain data longer if required by law, legal proceedings, or to resolve disputes.

9. Your Privacy Rights

Depending on your state of residence, you may have the following rights regarding your Personal Information:

9.1 Rights Available to All Users

• Access — Request a copy of the Personal Information we hold about you
• Correction — Request correction of inaccurate or incomplete information
• Deletion — Request deletion of your account and associated data
• Data portability — Request a machine-readable export of your data
• Opt-out of marketing — Unsubscribe from marketing emails or SMS (reply STOP) at any time

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know — Request the categories and specific pieces of Personal Information we have collected, the sources, the business purposes for collection, and the categories of third parties with whom we share it
• Right to Delete — Request deletion of your Personal Information, subject to certain exceptions
• Right to Correct — Request correction of inaccurate Personal Information
• Right to Opt-Out of Sale/Sharing — We do not sell your Personal Information or share it for cross-context behavioral advertising
• Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights

To submit a request, email support@portfoliq.ai or call (404) 916-5223. We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days. You may designate an authorized agent to submit requests on your behalf.

9.3 Colorado, Virginia, Connecticut, Texas, and Other State Residents

If you reside in a state with a comprehensive privacy law (including Colorado, Virginia, Connecticut, Texas, Oregon, Montana, and others), you may have similar rights to access, correct, delete, and port your data, and to opt out of targeted advertising and profiling. You also have the right to appeal any decision we make regarding your privacy request.

To exercise any privacy right or to submit an appeal, contact us at support@portfoliq.ai. We will respond within the timeframe required by your state's law.

10. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect Personal Information from children under 16. If you believe a child has provided us with Personal Information, please contact us at support@portfoliq.ai and we will delete it promptly.

11. International Data Transfers

Our Service is hosted in the United States via Vercel and Supabase. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States where data protection laws may differ from those of your jurisdiction. By using the Service, you consent to this transfer.

12. Data Broker Disclosure

Portfoliq is not a data broker. We do not collect Personal Information from third-party sources for the purpose of reselling, licensing, or trading that information. Our revenue is derived from software subscriptions, not from the processing or sale of Personal Information.

13. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of every site you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you at least 30 days in advance by email and/or a prominent notice on the Service, and update the "Last updated" date. Your continued use of the Service after the changes take effect constitutes acceptance of the revised policy. If you disagree with the changes, you should discontinue use of the Service.

15. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

• Email: support@portfoliq.ai
• Phone: (404) 916-5223
• Website: portfoliq.ai
• Address: 2310 Goodwood Blvd SE, Smyrna, GA 30080