Last updated: June 2026

Privacy Policy

Operated by: Portalliz — operating entity in incorporation as a Dutch B.V.
Contact: privacy@portalliz.com


1. Who We Are

Portalliz is a Microsoft 365 license governance platform built and operated by its founding team. We provide SaaS-based and self-hosted software solutions for multinational IT teams.

For the purposes of EU data protection law (GDPR), the data controller will be the operating entity once incorporation of the Dutch B.V. is complete. Until then, the founding team acts as data controller and can be reached at the address below. The controller details will be updated here as soon as the entity is registered (company name, registered address, KvK number).

Portalliz (founding team)
contact@portalliz.com
portalliz.com


2. What Data We Collect

2.1 Website visitors (portalliz.com)

  • IP address (anonymized after 24 hours)
  • Browser type and version
  • Pages visited and time spent
  • Referral source
  • Language preference (stored in localStorage)

We do not use Google Analytics. We do not place advertising cookies.

2.2 Early access applicants

When you submit the early access form, we collect:

  • Work email address
  • Company name
  • Tenant size (selected range)

This data is used solely to contact you about Portalliz early access. It is never sold or shared with third parties.

2.3 Portalliz SaaS customers (EU-hosted)

When your organization uses the Portalliz SaaS platform, we process:

  • Microsoft 365 tenant metadata (SKU names, license counts, assignment records)
  • User display names and UPNs (User Principal Names) — read-only, via Microsoft Graph
  • Country/region identifiers as configured by your organization
  • Audit log entries generated within the Portalliz platform

We never access email content, files, Teams messages, or any personal communication.

We never write to your Microsoft 365 tenant without explicit approval.

2.4 Self-hosted customers

If you deploy Portalliz on your own infrastructure, Portalliz does not receive or process any of your organizational data. All data remains within your perimeter. We may collect anonymous telemetry (version number, sync frequency) if explicitly enabled by your administrator.


3. Legal Basis for Processing (GDPR Article 6)

DataLegal Basis
Website analyticsLegitimate interest (Art. 6(1)(f))
Early access formConsent (Art. 6(1)(a))
SaaS platform dataContract performance (Art. 6(1)(b))
Audit logsLegal obligation / legitimate interest

4. Data Storage and Transfers

EU-hosted SaaS: All customer data is stored on servers located within the European Union (Microsoft Azure — West Europe region). No data is transferred outside the EEA without adequate safeguards.

Self-hosted: Data never leaves your infrastructure.

Website: portalliz.com is hosted on infrastructure within the EU.


5. Data Retention

Data typeRetention period
Early access contact dataUntil you request deletion, or 24 months from last contact
SaaS tenant dataDuration of subscription + 30 days after termination
Audit logs (SaaS)12 months rolling
Website analytics90 days

6. Your Rights Under GDPR

As a data subject within the EU/EEA, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion ("right to be forgotten")
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest

To exercise any of these rights, contact: privacy@portalliz.com

We will respond within 30 days.

You also have the right to lodge a complaint with the supervisory authority in your country. In Germany: Landesbeauftragter für den Datenschutz Baden-Württemberg (lfd-bw.de).


7. Cookies and Local Storage

portalliz.com uses:

  • localStorage — to save your language preference. No expiry. No personal data.
  • Session cookies — for basic site functionality. Deleted when you close your browser.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

No cookie consent banner is required for the above. If this changes, we will update this policy and notify users.


8. Third-Party Services

ServicePurposeData shared
Microsoft Graph APIRead-only tenant syncTenant credentials (stored encrypted in your deployment)
Microsoft Azure (EU)SaaS hostingCustomer tenant data (EU region only)
Email providerContact and supportEmail address only

We do not use Intercom, HubSpot, Salesforce, or any CRM that processes personal data on third-party servers.


9. Security

Portalliz implements the following security measures:

  • All data in transit encrypted via TLS 1.2+
  • Microsoft Graph credentials stored encrypted (AES-256)
  • Read-only Graph consent — no write permissions requested unless explicitly enabled
  • Regular dependency updates and security patching
  • Access to production systems restricted to the founding team

10. Changes to This Policy

We will notify registered users of material changes via email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.


11. Contact

For privacy-related questions:
privacy@portalliz.com
Response time: within 5 business days.