Privacy Policy

1. Who We Are

PortalsFlow is operated by BlockLoads. We provide software for building and operating customer portals, workflows, tasks, meetings, forms, and related collaboration experiences.

This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you visit our website, create an account, use PortalsFlow, interact with customer portals, or contact us.

2. Roles Under Data Protection Laws

For account registration, billing, product analytics, security, support, and our website, BlockLoads generally acts as a data controller.

For personal data uploaded to, submitted through, or otherwise processed inside a customer's portals and workflows, our customer generally acts as the data controller and we act as their processor or service provider under their instructions.

3. Personal Data We Collect

• Account information, including name, email address, password credentials, profile information, tenant memberships, roles, and settings.
• Portal and workflow content, including tasks, forms, comments, files, meeting details, customer records, and other information entered by users or customers.
• Authentication, security, and compliance records, including minimal technical information needed to maintain audit trails and demonstrate required acknowledgements.
• Usage and technical information, including device, browser, approximate location derived from IP, pages visited, feature usage, diagnostics, and performance data.
• Support and communications, including emails, support requests, feedback, and sales or onboarding interactions.

4. How We Use Personal Data

• Provide, operate, secure, maintain, and improve PortalsFlow.
• Authenticate users, manage tenant access, enforce permissions, and prevent abuse or unauthorized access.
• Create and maintain audit records, including legal consent records and security logs.
• Send transactional emails such as verification, password reset, workspace, portal, and support messages.
• Respond to support requests, troubleshoot issues, and communicate about product or service changes.
• Comply with legal obligations, enforce our Terms of Use, and protect the rights, safety, and security of users, customers, and our services.

5. Legal Bases For Processing

Where the GDPR or similar laws apply, we rely on one or more legal bases depending on the context.

• Contract: to provide the service, manage accounts, authenticate users, and deliver requested functionality.
• Legitimate interests: to secure the service, prevent abuse, improve reliability, provide support, and understand product usage in a proportionate way.
• Legal obligation: to retain records or respond to lawful requests when required by applicable law.
• Consent: where we ask for optional consent, such as certain marketing communications or non-essential cookies if used.

6. Sharing And Subprocessors

We do not sell personal data. We may share personal data with service providers and subprocessors that help us host, secure, monitor, communicate, support, and operate the service. These providers are bound by contractual obligations to protect personal data and process it only as instructed.

We may also disclose personal data if required by law, to protect rights and safety, in connection with a business transaction, or with your direction or authorization.

7. International Transfers

Personal data may be processed in countries other than where you are located. When required, we use appropriate safeguards for international transfers, such as contractual commitments designed to protect personal data.

8. Retention

We retain personal data for as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business purposes. Customers may control retention of certain portal and workspace data through their account or by contacting us.

Legal consent records and security audit logs may be retained for longer periods where necessary to demonstrate compliance, protect the service, or establish, exercise, or defend legal claims.

9. Your Rights And Choices

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of your personal data. You may also have the right to withdraw consent where processing is based on consent.

If your data is processed by one of our customers in their portal or workspace, we may direct your request to that customer because they control the relevant data.

10. Security

We use technical and organizational safeguards designed to protect personal data, including access controls, authentication, permission checks, encryption in transit, monitoring, and operational controls. No system is completely secure, but we work to reduce risk and respond to security issues responsibly.

11. Cookies And Similar Technologies

We use technologies necessary to operate the service, such as authentication sessions, language preferences, theme preferences, security controls, and diagnostics. If we introduce non-essential analytics, advertising, or tracking technologies, we will provide additional notice and controls where required.

12. Contact Us

Questions, privacy requests, or data protection inquiries can be sent to support@portalsflow.com. Please include enough information for us to understand and respond to your request.