Legal

Privacy Policy

How PortGuard collects, uses, and protects your information.

Effective Date: January 1, 2026  •  Last Updated: January 1, 2026

Overview

PortGuard ("we," "our," or "us") operates the PortGuard USB device control service, available at portguard.tech and app.portguard.tech (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By using PortGuard, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

The short version: We collect only what we need to run the service, we don't sell your data, and we give you control over what you share with us.

Data We Collect

Account Information

When you create a PortGuard account, we collect:

  • Name and email address
  • Company or organization name
  • Password (stored as a salted hash — never in plain text)
  • Billing information (processed by Stripe — we do not store full card numbers)

Device and Endpoint Data

When you deploy the PortGuard agent on your endpoints, we collect:

  • Device hostname and operating system version
  • USB device identifiers (Vendor ID, Product ID, serial number) when devices are connected or blocked
  • Policy enforcement events and timestamps
  • Agent version and connectivity status

We do not collect the contents of files on USB devices or any data stored on connected devices.

Usage Data

We automatically collect certain information when you visit our website or use the Service:

  • IP address and approximate geographic location (country/region)
  • Browser type, operating system, and device type
  • Pages viewed, links clicked, and time spent on pages
  • Referring URLs
  • Feature usage patterns within the web console

Communications

If you contact us by email or through the contact form, we retain the content of that communication and your contact details to respond and improve our support.

How We Use Your Data

We use the information we collect to:

  • Provide, operate, and maintain the PortGuard Service
  • Process your subscription and payments
  • Send transactional emails (account confirmations, invoices, policy alerts)
  • Respond to your support requests and questions
  • Monitor and improve Service performance and reliability
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Send product updates and announcements (you may opt out at any time)
  • Analyze aggregate, anonymized usage patterns to improve the product

We do not use your data for advertising, and we do not sell or rent your personal information to any third party.

Data Storage & Location

PortGuard stores all data in Amazon Web Services (AWS) infrastructure located in the United States (us-east-1 region). Specifically:

  • Account and policy data: Amazon DynamoDB (encrypted at rest)
  • Device event logs: Amazon DynamoDB with TTL-based automatic expiration
  • Files and assets: Amazon S3 (encrypted at rest with AES-256)
  • Agent communication: AWS IoT Core with TLS encryption in transit

All data transmitted between your devices, the PortGuard agent, and our servers is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256.

If you are located outside the United States, please be aware that your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

Third-Party Services

We work with a small number of trusted third-party service providers to operate PortGuard. These providers have access only to the data necessary to perform their services and are bound by confidentiality obligations:

  • Stripe — Payment processing. Stripe handles all credit card data and is PCI-DSS compliant. Stripe Privacy Policy
  • Amazon Web Services — Cloud infrastructure (compute, storage, database, IoT, and email). AWS Privacy Policy
  • Amazon SES — Transactional email delivery

We do not use third-party analytics services (such as Google Analytics) that track users across websites. Our analytics are first-party only.

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect the rights, property, or safety of PortGuard, our users, or the public.

Cookies & Tracking

We use a minimal number of cookies to operate the Service:

Essential Cookies

  • Session token: Keeps you logged in to the web console. Required for the Service to function.
  • CSRF token: Protects against cross-site request forgery attacks.

Analytics

We use a lightweight, privacy-friendly analytics beacon (navigator.sendBeacon) to track page visits on our marketing site. This does not set cookies, does not track you across other websites, and collects only the current page path and referrer URL.

No Third-Party Tracking

We do not use advertising cookies, tracking pixels, or any third-party behavioral tracking technology. We do not participate in cross-site tracking or retargeting advertising networks.

You can disable cookies in your browser settings. Disabling essential cookies will prevent you from logging in to the web console.

Your Rights

You have the following rights with respect to your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can update your account information at any time from the web console, or contact us to correct inaccurate data.
  • Deletion: You can request deletion of your account and associated personal data. Device event logs associated with your account will be deleted within 30 days of your request.
  • Portability: You can request an export of your data in a machine-readable format.
  • Opt-out of marketing: Every marketing email includes an unsubscribe link. You can also email us to opt out at any time.
  • Restriction: You can request that we limit how we process your data in certain circumstances.

If you are located in the European Economic Area (EEA) or United Kingdom, you also have rights under GDPR and UK GDPR, including the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at support@portguard.tech. We will respond within 30 days.

Children's Privacy

PortGuard is a B2B service intended for use by organizations and their IT administrators. The Service is not directed at children under the age of 13 (or 16 in the EEA), and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will delete it promptly.

Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account information: Retained until you delete your account, plus a 30-day grace period for recovery.
  • Device event logs: Retained for 90 days by default. Enterprise plans can configure longer retention periods.
  • Billing records: Retained for 7 years as required by applicable tax and accounting laws.
  • Support communications: Retained for 3 years to help us improve support quality.

When data is deleted, it is removed from active systems within 30 days and from backup systems within 90 days.

Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted with TLS 1.2 or higher
  • All data at rest is encrypted with AES-256
  • Passwords are hashed using bcrypt before storage
  • Access to production systems is restricted to authorized personnel with MFA required
  • Regular security reviews and dependency updates
  • AWS IAM least-privilege access controls

However, no method of internet transmission or electronic storage is 100% secure. If you believe your account has been compromised, please contact us immediately at support@portguard.tech.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address associated with your account) and by posting a notice on our website at least 14 days before the changes take effect.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the updated policy, you must stop using the Service and may request deletion of your account.

Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or how we handle your data, please contact us:

We will respond to all privacy-related inquiries within 30 days.