Privacy Policy

Last updated: February 23, 2026

Portaim ("Portaim", "we", "us", "our") is a product importer tool that helps you upload CSV/XLSX files, map and validate product data, and export to Shopify.

This Privacy Policy explains what personal data we collect, how we use it, how we share it, and the choices and rights you have.

If you do not agree with this policy, do not use the Service.

1. Who Controls Your Data (Data Controller)

Portaim is operated by:

Shahla Osmanova
Czech Republic
Contact: contact@portaim.com

2. What We Collect

A) Account & Authentication

• Email address and name (to create and manage your account, communicate with you)
• Password (stored only as a salted hash; never stored in plain text)
• Authentication/session data (e.g., session tokens; IP address and user agent for security)

B) Usage, Device, and Security Data

• Log data such as IP address, device/browser information, timestamps, and actions taken in the Service (used for security, troubleshooting, and audit)

C) Uploaded Files and Imported Content ("Customer Content")

• CSV/XLSX files you upload and the data inside them (e.g., product titles, SKUs, variants, pricing, inventory, image URLs)

Important: Your files may contain personal data (for example, supplier contact info in a notes column). Please do not upload sensitive data (e.g., government IDs, health data). You are responsible for having the right to upload any data you provide.

D) Shopify Integration Data (If You Connect a Store)

• Your Shopify shop domain
• OAuth access tokens (stored encrypted)
• Data accessed through Shopify APIs as needed to provide the integration (typically product, inventory, location, and file/image data)

E) AI Feature Inputs/Outputs (Optional Feature Use)

If you use AI-powered features (such as automatic column mapping or value suggestions), relevant portions of your uploaded content may be sent to our AI provider (OpenAI) for processing.

F) Feedback and Support

• If you submit feedback (in-app or via the landing page widget), we collect the information you provide (e.g., email, message content) and associate it with your account if you are logged in.

G) Analytics (Consent-Based)

• If you opt in, we collect product analytics events (e.g., feature usage) via PostHog (EU-hosted).
• If you decline, analytics scripts are not loaded and no analytics data is sent.
• Your analytics choice is stored in your browser (e.g., localStorage or similar storage).

3. How We Use Your Data (Purposes and Legal Bases)

A) Provide and Operate the Service (Contract)

• Create and manage accounts
• Store and process uploads and imports
• Run validations, mapping, and exports
• Provide Shopify integration features you request

B) Security, Fraud Prevention, and Service Integrity (Legitimate Interests)

• Protect accounts, detect abuse, prevent unauthorized access
• Maintain security logs and audit trails
• Debug, monitor, and maintain reliability

C) Support and Communications (Contract / Legitimate Interests)

• Respond to support requests and feedback
• Send transactional messages you request or that are necessary (e.g., verification, password resets)

D) Analytics (Consent)

• If you opt in, understand product usage and improve the Service

E) Legal Compliance (Legal Obligation, Where Applicable)

• Comply with lawful requests and applicable legal requirements

4. AI Processing (OpenAI)

When you use AI-powered features, relevant product data from your uploads may be transmitted to OpenAI to generate mapping suggestions or value recommendations.

We do not use your uploaded content to train our own AI models. Data sent to OpenAI via the API is not used by OpenAI to train or improve their models unless an explicit opt-in arrangement applies. OpenAI's terms and data processing practices apply to their handling of that data.

You can use Portaim without AI features where such features are optional.

5. Shopify Integration (OAuth Scopes)

If you connect your Shopify store, we request only the permissions needed to provide the integration. The scopes include:

• write_products, read_products — create and read product listings
• write_inventory, read_inventory, read_locations — manage and assign inventory to locations
• write_files, read_files — upload and read product images/files

You can disconnect your store at any time. When disconnected, we delete stored tokens and revoke access as applicable.

6. How We Share Data (Service Providers / Processors)

We share data only as needed to operate the Service, including with the following categories of providers:

• Cloudflare R2 — file storage for your uploaded CSV/XLSX files
• OpenAI — AI processing for optional AI-powered features
• Shopify — APIs used for store connection and exports
• PostHog (EU-hosted) — consent-based product analytics
• Resend — transactional email delivery (verification, password reset)

We do not sell your personal data.

7. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as adequacy decisions and/or Standard Contractual Clauses (SCCs), as applicable.

8. Data Retention and Deletion

A) Imports and Uploaded Files

• Uploaded files are stored in Cloudflare R2 and associated with your account and specific import sessions.
• When you delete an import or delete your account, we delete associated files and import data from active systems.
• Residual copies may persist for a limited period in backups and logs before being overwritten (per our backup/retention practices).

B) Shopify Connection Data

• Stored Shopify tokens are deleted when you disconnect the store or delete your account.

C) Feedback

• If you delete your account, we may retain feedback messages but remove direct identifiers (e.g., unlink from your user ID), where feasible.

D) Security and Audit Logs

• We retain security/audit logs to protect the Service and investigate abuse. These logs may include IP address, user agent, timestamps, and actions.
• Retention period: we generally retain these logs for up to 24 months, unless a longer period is required to comply with law or resolve disputes. After that, we delete or anonymize them where feasible.

9. Your Choices and Rights (EEA/UK and Similar Jurisdictions)

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate or incomplete data
• Delete your personal data (with certain exceptions, e.g., security/legal retention)
• Restrict or object to certain processing (especially where based on legitimate interests)
• Data portability (where applicable)
• Withdraw consent at any time (this will not affect processing already performed; analytics consent can be changed in the app settings/cookie banner)

You can access, export, or delete certain data through the Service (where available). For other requests, contact us at contact@portaim.com.

If you are in the EU/EEA, you also have the right to lodge a complaint with your supervisory authority. In Czechia, the supervisory authority is:
Úřad pro ochranu osobních údajů (Office for Personal Data Protection), Pplk. Sochora 27, 170 00 Praha 7.

10. Cookies and Similar Technologies

• Essential cookies (required) — used for authentication and maintaining your session.
• Analytics cookies (optional) — used only if you consent to analytics (PostHog). If you do not consent, analytics cookies are not set and analytics scripts are not loaded.

11. Security

We use reasonable technical and organizational measures designed to protect your data, including:

• HTTPS encryption in transit
• Access controls and least-privilege practices
• Encrypted storage for sensitive secrets such as OAuth tokens (AES-256-GCM)
• Secure, time-limited access to uploaded files (e.g., presigned URLs)

No method of transmission or storage is 100% secure, but we work to protect your information.

12. Children

Portaim is not intended for children, and we do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this policy from time to time. The "Last updated" date will reflect the latest version. If changes are material, we may provide additional notice.

14. Contact

Questions or requests: contact@portaim.com