Privacy

01DATA WE COLLECT

What we collect and why

When you create an account, we collect what we need to identify you and the organization you represent: name, email address, company name, country, and — if you pay via Stripe — billing details. Stripe handles payment card data; we never see it.

When you use the platform, we store the project documentation you upload (photos, 360 panoramas, videos, documents, annotations, comments) and operational metadata needed to show it back to the right people (who accessed what portal and when, which is visible to you in your audit logs).

We also capture baseline operational signals — request logs, errors, and performance metrics — to keep the platform reliable and secure. These do not include the content of your uploads.

02WHERE IT LIVES

Data residency

Canadian accounts: all content and account data is stored exclusively in AWS ca-central-1 (Montreal). Nothing transits out of Canadian borders in the normal course of operation. This is a deliberate choice to support regulated industries, public-sector clients, and Canadian data residency requirements.

United States accounts: data may be stored in U.S. or Canadian regions, as specified in your User Agreement. Encryption standards and access controls are identical.

International accounts: data is stored in Canada. By using the platform from outside Canada and the U.S., you consent to cross-border transfer for processing in Canada.

03THIRD-PARTY PROCESSORS

Who else touches your data

A small set of service providers handle narrow, bounded functions on our behalf. None of them are given access to your project content beyond what they need to deliver their specific service.

AWS

Cloud infrastructure, storage, and compute. Primary region: ca-central-1 (Montreal). Your uploads live here.

Stripe

Subscription billing and payment processing. Stripe is PCI-DSS Level 1 certified and stores card data; we never see it.

Google OAuth

Optional "Sign in with Google" authentication. Used only if you choose it. We receive only your email and basic profile.

Amazon SES

Transactional email delivery (account verification, invitations, billing notices). We do not send marketing email through this service.

Sentry

Error and performance monitoring. Captures technical diagnostics when something breaks; personally identifiable fields are scrubbed before transmission.

Render

Application hosting. Provides the compute and data-layer infrastructure for the platform. Data is encrypted at rest.

04COOKIES ON THIS SITE

Cookies and tracking

We use a small set of first-party cookies, all functional. None are used for advertising, cross-site tracking, or behavioral profiling.

pp_theme — remembers your light or dark mode preference.
pp_lang — remembers your language choice (EN, FR, or ES).
pp_region — remembers which jurisdiction of the Terms of Service you were viewing.
session — keeps you signed in. HttpOnly, Secure, SameSite=Lax. Never accessible to JavaScript or other sites.

We do not use Google Analytics, Facebook Pixel, LinkedIn Insight Tag, or any third-party tracking technologies on our marketing pages.

05YOUR RIGHTS

Access, correction, deletion

You can view and edit most of your personal information at any time from your account settings inside the platform. For anything you can't adjust yourself — for example, deleting your account entirely, exporting all your historical data, or requesting a correction to an audit log — email us and we'll handle it.

Canadian users: your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Alberta Personal Information Protection Act (PIPA) apply. You may request access, correction, and deletion, and you may withdraw consent at any time.

California users: under CCPA, you have the right to know what we collect, request deletion, and opt out of sale. We do not sell your information in any form.

EEA/UK users: where GDPR applies, you have rights of access, rectification, erasure, portability, restriction, and objection. Reach out and we will fulfil a valid request within 30 days.

When you close your account, you have 30 days to request a full export of your Client Content. After that window, your data is deleted in accordance with our retention policies. Authentication audit trails and signed agreement acceptance records are retained for legal defensibility.

06SECURITY

How we protect your data

All data in transit is protected by TLS 1.2 or higher. All data at rest is encrypted with AES-256. Access to production systems is restricted to a small number of Plus15 Media engineers and is logged. We use rate limiting, content security policies, and session cookie hardening (HttpOnly, Secure, SameSite) to reduce common web-app attack surface.

If we ever become aware of a security breach that affects your data, we will notify you promptly in accordance with applicable law.

07CONTACT

How to reach us about privacy

For any privacy-related question, request, or concern, contact us directly. We aim to respond within five business days, and in any case within the timeline required by the law applicable to you.

Email: sales@progressportals.io

Mail: Plus15 Media Ltd., Calgary, Alberta, Canada

Binding terms: view the full Digital Services Agreement

This page is a plain-language summary provided for informational purposes. It is not a contract and does not alter, limit, or replace the binding privacy terms set out in the applicable Digital Services Agreement. If anything on this page appears to conflict with that Agreement, the Agreement controls.