Privacy Policy

Effective date: May 2, 2026

What Porfa is

Porfa is a customer identity platform. When you create an account with a brand that uses Porfa — or when that brand deposits your information into Porfa from an existing relationship — Porfa stores your profile and serves as the authentication layer for your account with that brand.

One Porfa profile works across every brand in the Porfa network. If you have previously registered with or transacted with another Porfa-powered brand, you may already have a profile. This cross-brand identity function is central to what Porfa does, and this policy describes how it works and what it means for your data.

What we collect and why

Your Porfa profile may contain:

• Identity information — name, email address, phone number
• Organization information — company name, domain, and your role within an organization, if applicable
• Authentication credentials — we do not store passwords. We authenticate you via one-time codes sent to your email, or via Apple Sign In or Google Sign In
• Brand-deposited data — purchase history, order data, or other information that a brand was explicitly authorized by you to collect and has deposited into Porfa on your behalf
• Public information — publicly available information about you or your organization, used to enrich your profile
• Consent records — your communication preferences for each brand: whether you have opted in to email or SMS marketing from that specific brand

Cross-brand identity

A single Porfa profile may be associated with more than one brand. When a new brand deposits your information into Porfa, we check whether a profile already exists for your email address or phone number. If one does, the new brand's relationship is linked to your existing profile rather than creating a duplicate.

Each brand sees only its own relationship with you — your data, consents, and purchase history with one brand are not visible to other brands. The shared element is your identity (name, email, phone), which allows you to authenticate with the same credentials across any Porfa-powered brand.

How we use your data

We use your profile to:

• Authenticate you when you log in to a brand that uses Porfa
• Allow brands you have a relationship with to communicate with you, subject to the consent you have given each brand
• Build intelligence about your preferences to help brands serve you more relevantly — only for brands where you have given marketing consent

We do not sell your data. We do not share your data between brands beyond the cross-brand identity function described above. We do not use your data for any purpose beyond operating the platform and fulfilling your preferences.

Communication consent

Marketing communications — email campaigns, SMS promotions — require your explicit consent for each brand separately. Your consent to receive marketing from one brand has no effect on any other brand. You can update your preferences at any time through the brand's app. Changes take effect immediately.

Transactional communications — order confirmations, shipping updates, account notifications — do not require marketing consent and are governed by the brand's terms with you.

Your rights

You have the right to:

• Know what information Porfa holds about you
• Request correction of inaccurate information
• Request deletion of your profile
• Update your communication preferences at any time

To exercise any of these rights, contact us at privacy@porfa.ai.

Data security

We store your data on encrypted infrastructure. We do not store passwords. Authentication credentials (one-time codes, social login tokens) are handled securely and are not retained beyond their use. Access to your profile data is restricted to authorized systems and personnel.

Changes to this policy

If we make material changes to this policy, we will update the effective date at the top of this page. Continued use of any Porfa-powered brand after a policy change constitutes acceptance of the updated terms.

Contact

Questions about this policy or your data: privacy@porfa.ai