Privacy and Security

Last updated: January 5, 2024

Data Collection, Processing and Storage for Portant Workflow

Portant takes the privacy and security of customer data in our cloud-based platform very seriously. Portant Workflow identifies data in two categories: Metadata and Operating Data.

Metadata includes file names, Google Form questions, spreadsheet headers (the first row of a Google Sheet), HubSpot Property names, reference fields, data merge settings, email templates, and usernames (email address). Portant Workflow only collects metadata from Google Workspace for the purpose of managing and maintaining the application.

Operating Data includes the data used to customise output documents, such as Google Form responses, Google Sheet rows, HubSpot Object Data and Google Docs and Google Slides templates. Portant Workflow stores this data for the period of the automation process. Once an automation is completed the operating data originating from the source is discarded unless the user has selected otherwise. All communication between Portant Workflow and Google Workspace is done via secure protocols (SSL, TLS) and authenticated with Google via OAuth 2 standards. The metadata stored by Portant is encrypted at rest. After written termination of the service, all user data is deleted from the platform. Portant's servers are deployed on Google Cloud Platform. These services provide high security by default. Data centres are highly secure and replicated across multiple locations to ensure resiliency and rapid failover.

Portant Workflow Security Summary:

  • Portant only stores operating data from Google Workspace for the period of a workflow automation.
  • Portant only stores metadata for the purpose of functionality.
  • Portant uses a market-leading cloud provider with top security standards and the latest security patches.
  • Servers are hosted in secure data centres in geographically dispersed locations. The data centre provider is SOC 2 compliant.
  • Portant Workflow is secured through the Google Cloud Platform infrastructure. All signup and login access is managed through Google. Portant doesn't store any of your passwords.

Data Collection, Processing and Storage for Portant Data Merge

Portant Data Merge identifies data in two categories: metadata and operating data. Metadata includes file names, Google Form questions, spreadsheet headers, data merge settings, email templates, and usernames. Portant Data Merge only collects metadata from Google Workspace for the purpose of managing and maintaining the application. Operating Data includes the data used to customise output documents; Portant Data Merge does NOT collect or have any visibility on the operating data transmitted via the data merge process or from customers' connected Google applications. All communication is via secure protocols (SSL, TLS) and authenticated with Google via OAuth 2. Metadata stored by Portant is encrypted at rest. Servers are deployed on Amazon Web Services and Google Cloud Platform. The data centre provider is SOC 2 compliant.

Portant Data Merge Security Summary: Portant never stores operating data outside of Google Workspace; only stores metadata for functionality; uses market-leading cloud providers; servers are in secure, geographically dispersed data centres (SOC 2 compliant); Portant Data Merge is secured through the Google Workspace environment.

Compliance with SOC 2, HIPAA, and GDPR

Portant is fully committed to maintaining the highest standards of data security and privacy. Our platform and processes are designed to meet the requirements of SOC 2, HIPAA, and GDPR, ensuring that customer data is handled in accordance with globally recognised compliance frameworks.

  • GDPR: We comply with the General Data Protection Regulation's principles for data processing, storage, and deletion, including supporting data subject rights, minimising data retention, and ensuring lawful data transfers.
  • HIPAA: For customers handling protected health information (PHI), Portant adheres to the administrative, physical, and technical safeguards mandated by HIPAA, ensuring the confidentiality and integrity of healthcare-related data.
  • SOC 2: Independent audits verify that our systems and processes meet the Trust Service Criteria for security, availability, and confidentiality.

For full details of our compliance certifications, security practices, and live status updates, please visit our Portant Trust Center: https://trust.delve.co/portant.