Privacy Policy
Last updated: April 2, 2026
Prefolio ("we", "our", or "us") operates the prefolio.ai website and the Prefolio platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
1. Information We Collect
Account Information
When you register for an account, we collect your name, email address, company name, job title, and billing information. For organisation accounts, we also collect details about client organisations you create within the platform.
Usage Data
We automatically collect information about how you interact with our platform, including pages visited, features used, session duration, and actions taken. This data is used to improve service quality and user experience.
Client Portfolio Data
Data you enter into the platform — including use cases, business cases, portfolio plans, and evidence annotations — is stored securely and treated as confidential business information. We do not access, analyse, or share your client portfolio data except as required to provide the service.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Prefolio platform
- Process transactions and manage your subscription
- Send service-related communications, including updates and security alerts
- Respond to support requests and provide customer service
- Analyse usage patterns to improve product functionality
- Comply with legal obligations and enforce our terms
We do not sell your personal information to third parties. We do not use your client portfolio data to train machine learning models or for any purpose other than delivering the service to you.
3. Data Sharing and Disclosure
We may share your information with:
- Service providers — trusted third parties who assist in operating our platform (hosting, payment processing, analytics), bound by contractual obligations to protect your data
- Legal requirements — when required by law, regulation, or legal process
- Business transfers — in connection with a merger, acquisition, or sale of assets, with notice provided to affected users
4. Data Retention
We retain your account information for the duration of your subscription and for a reasonable period thereafter to comply with legal obligations. Client portfolio data is retained until you delete it or close your account. Upon account closure, all associated data is permanently deleted within 90 days.
5. Data Security
We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, and regular security assessments. For further details, see our Security page.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your personal data
- Object to or restrict processing of your data
- Export your data in a portable format
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
7. International Data Transfers
Your data may be processed in countries other than your own. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.
8. Cookies and Tracking
We use essential cookies to operate the platform and analytics cookies to understand usage patterns. You can manage cookie preferences through your browser settings. We do not use advertising or third-party tracking cookies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Continued use of the service after changes take effect constitutes acceptance of the revised policy.
10. Contact
For questions or concerns about this Privacy Policy or our data practices, contact us at: