Scroll to top
Client Portal

Privacy Policy

  • Home
  • Privacy Policy

Minimum data, clear purpose, responsible handling.

Privacy Policy

Last updated: 2026-05-28

PortWarden is operated by Port Warden Incorporated (a Wyoming corporation). This Privacy Policy explains what data we collect, why we process it, how long we retain it, and how to contact us about privacy rights requests. If you have questions, please use Contact Us.

1) Privacy stance

We design the service around practical data minimization. We collect what is needed to deliver monitoring, reporting, customer support, platform security, billing operations, and legal compliance. We do not sell personal data.

2) Data categories we process

Depending on your use of the service, we may process the following categories:

  • Account and identity data: name, company, email address, account identifiers, role/access metadata.
  • Customer-provided scope data: domains, hostnames, internet-facing IP addresses, service targets, and scan configuration.
  • Security scan and evidence data: service banners, protocol metadata, TLS metadata, findings, severity, and remediation context.
  • Usage and operational logs: authentication events, request logs, troubleshooting logs, and abuse-prevention telemetry.
  • Support and communications: support requests, email history, and issue-resolution notes.
  • Billing and commercial records: subscription plan, invoice metadata, transaction references, and payment status data from billing providers.

3) Processing purposes and lawful business use

We process data for the following purposes:

  • Service delivery: run scheduled monitoring, process on-demand scans, generate findings, and deliver reports/alerts.
  • Security and fraud prevention: detect abuse, enforce authorization boundaries, and protect customer and platform assets.
  • Reliability and quality: diagnose failures, improve scan quality, reduce false positives, and maintain platform performance.
  • Customer support: respond to tickets, explain findings, and assist with remediation workflows.
  • Business operations: billing, accounting, audits, legal compliance, and contract administration.

4) What we do not do

  • We do not sell personal data.
  • We do not run ad-tech profiling pipelines as a default product behavior.
  • We do not disclose customer data to brokers or unrelated third parties for marketing resale.

5) Sharing and subprocessors

We use vetted service providers (subprocessors) to operate infrastructure, communications, logging, and billing. Each provider is selected for operational necessity and subject to confidentiality and security obligations.

  • Infrastructure and hosting providers used to run application and scan workloads.
  • Email/notification providers used to deliver account and alert communications.
  • Billing providers used for payment and subscription processing.
  • Security and observability tooling used to detect abuse and maintain platform reliability.

We may also disclose data when required by valid legal process, to protect rights and safety, or as part of a legitimate corporate transaction (for example, merger or acquisition) with appropriate safeguards.

6) Infrastructure region and transfer notes

PortWarden primarily operates infrastructure in the United States. Some supporting providers may process limited operational data in other regions depending on their architecture. Where cross-border processing occurs, we apply contractual and organizational safeguards appropriate to the sensitivity of the data and the purpose of processing.

7) Retention windows and deletion

We retain data only for as long as reasonably necessary to provide the service, secure the platform, meet contractual commitments, and satisfy legal obligations. Specific retention windows and categories are documented in our Data Retention Policy.

  • Operational logs are retained on time-limited schedules.
  • Scan artifacts and findings are retained based on plan and documented policy windows.
  • Account and billing records may be retained longer where required by law or accounting obligations.

8) Security controls

We implement reasonable administrative, technical, and organizational safeguards designed to protect confidentiality, integrity, and availability, including access control, encryption in transit, role-based permissions, logging, and incident response processes.

No online service can guarantee absolute security, and customers remain responsible for maintaining proper authorization, credential hygiene, endpoint hardening, and internal security controls.

9) Data subject request (DSR) workflow

You may request access, correction, export, or deletion of your personal data, subject to legal and operational limitations. To submit a request, contact us through Contact Us and include enough information for account verification.

  • Step 1: Submit request with account and organization details.
  • Step 2: We verify requester identity and authorization.
  • Step 3: We review scope, retrieve relevant records, and respond with outcome or lawful exception basis.
  • Step 4: Where deletion is approved, we execute deletion across active systems and scheduled backups per retention policy constraints.

10) Children’s data

PortWarden is a business service and is not directed to children. We do not knowingly collect personal data from children in connection with providing the service.

11) Policy updates

We may update this policy to reflect product, legal, or operational changes. Material changes will be reflected by updating the "Last updated" date and, where appropriate, additional notice through service channels.

12) Governing law

This Privacy Policy is governed by the laws of the State of Wyoming, United States of America (USA), unless otherwise required by applicable law.