Privacy Policy

1. Introduction

SuitePortal ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, including our website and customer portal platform (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

• Account registration information (name, email address, company name)
• Contact information when you communicate with us
• Payment information (processed securely through Stripe — we never store or handle raw card numbers)
• Organization configuration and settings
• Information you provide when using our customer support services

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

• Usage data and analytics (pages visited, features used, time spent)
• Device information (browser type, operating system, IP address)
• Cookies and similar tracking technologies
• Log files and error reports

2.3 NetSuite Data

When you integrate SuitePortal with NetSuite, we synchronize data from your NetSuite account to provide our Service. This data includes customer records, vendor records, transactions, and other business data that you authorize us to access. We do not use this data for any purpose other than providing the Service to you.

NetSuite data is stored in an isolated database per organization and is never shared between tenants or used for training, analytics, or any purpose beyond delivering the Service.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers (Subprocessors): With trusted third-party service providers who assist us in operating our Service. See Section 12 for a complete list of subprocessors.
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you have given us explicit permission to share your information

5. Data Security

We implement comprehensive technical and organizational security measures to protect your information:

• Encryption at rest: All data is encrypted at rest, including databases and sensitive credentials such as integration tokens and API keys
• Encryption in transit: TLS is enforced across all connections — between your browser and our application, between our services, and to all third-party APIs
• Tenant isolation: Each organization's data is logically isolated. Credentials are encrypted per-organization and never shared between tenants.
• Role-based access control: Granular permission model enforced at both the server and client level
• Payment security: Card data is tokenized client-side by Stripe and never touches our servers
• Automated backups: Regular automated backups with point-in-time restore capability

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Hosting

Your data is hosted on Microsoft Azure infrastructure in the United States. Our application is delivered via Vercel's global edge network. All infrastructure providers maintain industry-standard security certifications including SOC 2 Type II and ISO 27001.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information, including:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your data to another service
• Opt-Out: Unsubscribe from marketing communications

To exercise these rights, please contact us at the information provided below.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. We use:

• Essential cookies: Required for authentication and session management
• Analytics cookies: To understand usage patterns and improve the Service

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

9. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

When you delete your account or organization, we remove your data from active systems. Database backups containing your data are automatically purged within 35 days.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

12. Subprocessors

We use the following third-party service providers (subprocessors) to help us deliver the Service. Each subprocessor processes data only as necessary for the purpose described:

We will update this list if we add or change subprocessors. All subprocessors are contractually obligated to protect your data and process it only for the purposes described above.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

• Email: support@suiteportal.io
• Website: Contact Us