portals legal

Privacy Policy

Last updated: April 17, 2026

On this page1. Introduction

1. Introduction

This Privacy Policy describes how Portals Labs, Inc. (“Portals,” “we,” “us”) collects, uses, shares, and protects personal information when you use Portals, available at theportal.to and through our apps and APIs (together, the “Services”).

For purposes of the EU and UK General Data Protection Regulation, Portals Labs, Inc. is the controller of your personal information.

2. Scope

This Policy applies to personal information we collect when you visit our website, create an Account, use paid features, participate in the Marketplace, generate content through the AI Lab, or otherwise interact with the Services. It does not cover the privacy practices of third-party services we integrate with; their policies apply to information they collect from you directly.

3. What we collect

Information you give us

  • Account information: email address, username, display name, password (hashed), profile picture, date of birth (for age verification), and, if you connect a wallet, your public wallet address.
  • Billing information: payment card details, billing address, and tax information, which you provide to our payment processor Stripe. Portals does not store full card numbers.
  • Creator payout information: if you sell on the Marketplace, the identity, tax, and bank-account information Stripe Connect collects to pay you.
  • Content and activity: games, spaces, asset packs, items, avatars, messages, comments, prompts, AI Outputs, friends, and other information you create or submit.
  • Communications: support requests, feedback, and other messages you send us.

Information we collect automatically

  • Device and log data: IP address, device and browser type, operating system, language, referring URL, pages and features you use, timestamps, and crash logs.
  • Usage analytics: events about how you interact with the Services, collected through Mixpanel and our own systems.
  • Cookies and similar technologies: see Cookie Policy.

Information from third parties

  • Stripe provides us with information about your payments and payouts, including transaction IDs, amounts, dispute status, and payout identity verification signals.
  • AI providers return AI Outputs based on prompts you submit. The specific provider used depends on the feature you invoke. The current list of AI providers — and all other subprocessors we engage — is maintained on our Subprocessors page.
  • If you sign in via a third-party identity provider, that provider shares basic profile information with us as you authorize.

4. How we use your information

  • To create and operate your Account and deliver the Services.
  • To process payments, payouts, and tax reporting.
  • To enable the Marketplace, friends, messaging, and social features.
  • To run the AI Lab, including sending prompts to third-party AI providers and returning outputs.
  • To train, improve, and develop AI systems, using the prompts and AI Outputs from the AI Lab (but not User Content you upload — see the Terms of Service, Section 7).
  • To secure the Services, detect and prevent fraud and abuse, and enforce our policies.
  • To provide customer support and respond to your requests.
  • To send you transactional emails (receipts, account notices, security alerts) and, where permitted, product and marketing emails. You can unsubscribe from marketing emails at any time.
  • To understand how the Services are used, through aggregate analytics.
  • To comply with law and respond to lawful requests.

6. Who we share information with

  • Service providers that run the Services under contract with us — including providers for payments, hosting, AI inference, product and web analytics, and product and marketing messaging. For the current, canonical list of who these providers are, the purpose of each engagement, and the categories of data each one processes, see our Subprocessors page. That page is updated when we add or remove a vendor.
  • Other Users, for information you choose to share — profile, messages, Creator Content, reviews, and similar public activity.
  • Buyers and Creators, for limited information needed to complete a Marketplace transaction (for example, a Creator’s display name and a Buyer’s order data).
  • Law enforcement and authorities, where we believe disclosure is required by law or necessary to protect rights, safety, or the Services.
  • Corporate transactions: in a merger, acquisition, financing, or sale, we may transfer information as part of the transaction.

We do not sell your personal information for money.

7. International transfers

Portals is based in the United States and processes personal information there and in other countries where our service providers operate. When we transfer personal information from the EU, EEA, UK, or Switzerland to a country that has not been deemed to provide an adequate level of protection, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and the UK Addendum.

If you are located in the EU, EEA, or UK and would like to exercise your data-subject rights or contact Portals about this Policy, please email privacy@theportal.to. We review every request and respond within the time periods required by applicable law.

8. How long we keep data

We keep personal information only as long as we need it for the purposes described in this Policy. The default retention periods below apply unless we are required by law to keep data longer, or unless a longer period is needed to resolve a dispute or enforce our rights:

  • Account data: deleted within 30 days after you close your Account, except for data we must keep for legal reasons.
  • Financial, tax, and payment records: up to 7 years, as required by tax and anti-money-laundering laws.
  • Raw server logs: up to 90 days.
  • Analytics events (Mixpanel): retained according to Mixpanel defaults, generally in aggregated form.
  • Support communications: up to 3 years after your last message.
  • Deleted User Content: a 30-day grace period, after which it is purged from production systems. Copies may persist briefly in backups on a 30-day rotation.

9. Your rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access a copy of your personal information.
  • Correct inaccurate or incomplete information.
  • Delete your personal information.
  • Restrict or object to certain processing.
  • Receive your information in a portable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data-protection authority. If you are in the EU/EEA, contact your national authority. If you are in the UK, contact the Information Commissioner’s Office (ICO).

To exercise these rights, email privacy@theportal.to. We may need to verify your identity before responding. We will respond within the time period required by applicable law (generally 30 days).

10. California residents

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you additional rights:

  • The right to know what personal information we collect, use, disclose, and (if applicable) “share” as defined by the law.
  • The right to delete personal information.
  • The right to correct inaccurate personal information.
  • The right to opt out of the “sale” or “sharing” of personal information. Portals does not sell personal information for money. To the extent our use of analytics cookies constitutes “sharing” for cross-context behavioral advertising under the CPRA, you can opt out through the cookie banner and by enabling the Global Privacy Control (GPC) signal in your browser.
  • The right to limit use of sensitive personal information.
  • The right not to be discriminated against for exercising these rights.

To exercise these rights, email privacy@theportal.to.

11. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have, we will delete it. If you believe a child under 13 has provided personal information to us, contact privacy@theportal.to.

12. Cookies and similar technology

We use cookies and similar technologies to operate the Services, remember your preferences, analyze usage, and support marketing. You can control non-essential cookies through our cookie banner and your browser settings. For details, see our Cookie Policy.

13. Security

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, and regular security reviews. No system is perfectly secure, and we cannot guarantee absolute security. If you believe your Account has been compromised, contact security@theportal.to.

14. Changes to this Policy

We may update this Policy from time to time. If changes are material, we will provide notice (for example, by email or in-product notice) before they take effect. The “Last updated” date at the top shows when this Policy was last revised.

15. Contact

Questions, requests, or complaints about this Policy or our privacy practices? Contact us at privacy@theportal.to, or by mail at Portals Labs, Inc., 4470 W Sunset Blvd #90092, Los Angeles, CA 90027, United States.