Privacy Policy
Last updated: 6 July 2026
This policy explains how we handle personal data when you use Portalis. Because Portalis is self-hosted, most operational data (your servers, users, SSH sessions and recordings) stays on your own infrastructure and is never sent to us. This policy covers the limited data we do process to run your account, licences and billing.
1. Data controller
SolutionMAX
Calle Creta 74, Bloque 01, Número 105
03130 Gran Alacant, Alicante, Spain
VAT / NIF: ESZ2822653Y
Contact: mail@portalis.sh
2. What we collect
- Account data: your email address, optional company name, and a securely hashed password.
- Billing data: handled by our payment processor Stripe — name, billing address, country, VAT/business number and payment details. We receive billing metadata (plan, invoices, subscription status) but not your full card number.
- Licence-validation data: when your Portalis instance validates a paid licence, we receive the instance's IP address, a hardware fingerprint and validation timestamps.
- Support and communications: emails you send us and messages related to your account.
- Technical logs: limited server logs for security and troubleshooting of the portal and licence service.
We do not receive your SSH credentials, session contents or recordings — those never leave your infrastructure.
3. Why we use it and legal basis
- To provide the service and your account — performance of our contract with you.
- To take payment and issue invoices — contract and legal obligation (tax/accounting).
- To validate licences and prevent abuse — our legitimate interest in protecting the service.
- To send service emails (verification, licence keys, billing) — contract. Any marketing email is sent only with your consent.
- To comply with legal obligations — legal obligation.
4. Processors we use
- Stripe — payment processing and billing.
- Our hosting and email providers — to run the portal, licence server and to deliver transactional email.
These providers process data on our behalf under appropriate agreements.
5. Retention
We keep account and licence data for as long as you have an account, and billing/invoice records for as long as required by tax law (generally several years in Spain). Validation logs are kept for a limited period for security. When no longer needed, data is deleted or anonymised.
6. Your rights
Under the GDPR you may request access to, correction or deletion of your data, restriction or objection to processing, and data portability. You can exercise these by emailing mail@portalis.sh. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD, aepd.es) or your local supervisory authority.
7. International transfers
Some processors may process data outside the EEA. Where that happens, it is protected by appropriate safeguards such as the European Commission's standard contractual clauses.
8. Cookies and local storage
The customer portal uses a strictly necessary session cookie to keep you signed in, and your browser's local storage to remember a plan you selected. We do not use advertising or tracking cookies in the portal.
9. Changes
We may update this policy; material changes will be notified by email or in the portal.
10. Contact
Privacy questions: mail@portalis.sh.
Portalis