Our Core Privacy Commitment
SurePortal is built on a ZERO-RETENTION, TEMPORARY-ONLY data model.
We do not collect, store, use, or retain client data beyond the temporary transmission window. Submitted data is destroyed the moment the broker views it — or automatically within 7 days if never viewed.
What We DO NOT Do
- Store or retain submitted client data beyond the temporary transmission window
- Keep any accessible copies or archives of submitted data after deletion
- Use submitted data for any purpose other than temporary transmission
- Share, sell, or disclose client data to any third parties
- Use data for advertising, marketing, or analytics
- Train AI or machine learning models with submitted data
Information We Collect
1. Broker Account Information (Retained)
When you create an account, we collect and retain:
- Full name
- Email address
- Password (encrypted)
- Business/agency name
Retention: Duration of your active account, deleted 30 days after account closure
2. Client Submitted Data (TEMPORARY ONLY)
Client data includes sensitive information such as:
- Social Security Number (SSN)
- Bank account information
- Personal identification details
Retention Guarantee:
- One-time view: Data immediately deleted when the broker views it
- Unviewed data: Automatically purged within 7 days of submission
- Submission links expire 30-60 minutes after first access
- No recovery: Deleted data cannot be recovered through the Service by anyone
- Minimal backup exposure: Provider-managed encrypted backups protect the service for disaster recovery; because submissions are purged on view or within 7 days, purged client data is not retained for individual restoration
Cookies
We use essential session cookies only (to keep you signed in securely). We do not use advertising cookies, third-party analytics, tracking pixels, or any cross-site tracking.
Data Security
- Encryption in Transit: TLS 1.2 or higher with strong cipher suites
- Encryption at Rest: AES-256 encryption
- PIN Protection: Unique PIN code for each secure link
- Automatic Deletion: Multiple layers of guaranteed data destruction
Your Rights
You have the right to:
- Access and update your account information
- Request deletion of your account at any time
- Request information about our data practices
- Opt out of marketing communications (we don't send marketing emails)
Third-Party Services
We use the following service providers:
- Supabase (database and authentication)
- Vercel (web hosting)
- Stripe (payment processing — billing information only)
- Google (optional OAuth sign-in for brokers)
- Resend (transactional email — two-factor authentication reset confirmations sent to brokers only)
- Sentry (error monitoring — technical error reports only, automatically scrubbed of personal information; never client submission data)
All service providers are bound by strict data protection agreements and cannot access client submission data.
Compliance
We comply with relevant regulations including the Gramm-Leach-Bliley Act (GLBA), California Consumer Privacy Act (CCPA), and other applicable data protection laws.
Note: This is an abbreviated version for display purposes. The full Privacy Policy document contains additional details on data retention schedules, international data transfers, state-specific privacy rights, and other important information. By creating an account, you agree to the complete Privacy Policy.