Privacy Policy

Last updated: 2026-05-05

1. Introduction

Portofdesk is a multi-tenant SaaS platform that helps vendors manage support tickets for their clients. This Privacy Policy explains what personal data we collect when you use Portofdesk, how it is processed, and what rights you have over it.

2. Information We Collect

While you use Portofdesk we process the following categories of data:

• Account information: name, email address, language and time zone preference, role assigned to your account.
• Usage data: tickets you create or are assigned to, ticket comments, file attachments, status history.
• Technical data: session details, IP address, browser/device information, login activity.
• Communications: emails you send to our support address.

Passwords are stored using a one-way bcrypt hash. Nobody — not even system operators — can read them in plain text.

3. How We Use the Data

• To deliver the service (sign-in, ticket workflow, notifications).
• To compute SLA, generate reports, and maintain audit logs.
• To protect account security (anomaly detection, account lockout).
• To meet legal obligations.

4. Data Sharing

Portofdesk does not sell your data. It is shared with third parties only in these limited cases:

• Service providers: email delivery (SMTP), hosting infrastructure. These providers are bound by contractual confidentiality obligations.
• Your tenant administrators: the vendor and client administrators your account belongs to can access your data within their scope. Different vendors and clients cannot access each other's data (enforced at the application layer).
• Legal obligations: in case of court orders, legal duties, or fraud detection.

5. Retention

• Active account data: while the account is active.
• Archived and closed tickets: per the vendor's retention policy.
• Audit log: 1 year, then automatically purged.
• Monthly reports (PDF): automatically deleted 90 days after generation.
• Uploaded files: while the related ticket remains active.

6. Security

We protect your data with the following measures:

• All traffic encrypted in transit via HTTPS (TLS).
• Passwords hashed with bcrypt (cost 12).
• SMTP credentials stored encrypted at rest.
• Uploaded files scanned by ClamAV. If the scanner is unreachable, uploads are rejected (fail-closed).
• Role-based access control with global scopes enforcing row-level tenant isolation.
• Account lockout: after 5 failed login attempts within 15 minutes, the account is locked for 15 minutes.

7. Cookies

We only use strictly necessary cookies: session cookie (authentication), CSRF cookie (form security), and a language preference cookie. We do not use marketing or third-party tracking cookies.

8. Your Rights

Under GDPR and KVKK you have the right to:

• Access your personal data.
• Request correction of inaccurate data.
• Request deletion (subject to legal retention obligations).
• Object to processing and request data portability.

To exercise these rights, contact your vendor's support team or reach us directly.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to your account email. The "Last updated" date at the top of the page reflects the most recent revision.

10. Contact

For questions about this policy or about how we handle your personal data, write to support@portofdesk.com.

---

Need help? Write to support@portofdesk.com and we will respond within one business day.