Privacy Policy

Effective date: June 1, 2025 |. Last updated: May 7, 2026

This Privacy Policy explains how Portage Labs (“Portage,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you visit our website at portagelabs.io, communicate with us, or engage with us in connection with our advisory services. We are committed to handling your information responsibly and in accordance with applicable data protection laws.This Policy applies to information we collect about you in your individual capacity. It does not apply to information we process on behalf of our clients in the course of an engagement; that information is handled under our agreements with those clients and under the security and privacy commitments described in our Information Security Policy.

1. Who We Are
‍Portage Labs is an advisory consulting firm that provides strategic, analytical, and operational services to clients. For purposes of this Policy, Portage Labs is the controller of the personal information described below.If you have questions about this Policy or our handling of your personal information, please contact us using the information at the end of this document.

‍2. Information We CollectWe collect the categories of personal information described in the table below.

Category	Examples	Source
Identifiers	Name, email address, phone number, business name, job title.	Provided by you (e.g., contact forms, email correspondence, newsletter signups, business meetings).
Professional and business information	Company affiliation, role, areas of professional interest, business inquiries.	Provided by you, or sourced from public professional networks where you have made the information public.
Communications content	The contents of messages, inquiries, or files you send to us.	Provided by you.
Internet and device activity	IP address, browser type, device type, pages viewed, referring URL, approximate location, interactions with our website.	Collected automatically by our website and its analytics providers.
Marketing preferences	Subscription status, communication preferences, opt-out elections.	Provided by you.

We do not knowingly collect special categories of personal data (such as health, racial or ethnic origin, religious beliefs, or biometric data) or government-issued identifiers from our website visitors. We do not sell personal information.

‍3. How We Use Personal InformationWe use personal information for the purposes described in the table below. Where the General Data Protection Regulation (GDPR) or a comparable law applies, we identify the legal basis on which we rely.

Purpose	What this involves	Legal basis (where GDPR or comparable law applies)
Responding to inquiries	Replying to messages you send through our website or via email.	Legitimate interests; performance of, or steps to enter into, a contract.
Service delivery	Carrying out engagements with our clients and the individuals who represent them.	Performance of a contract; legitimate interests.
Marketing communications	Sending occasional updates, newsletters, or thought-leadership content to people who have opted in.	Consent; legitimate interests where permitted by applicable law.
Website operation and improvement	Operating, securing, and improving the website and understanding how visitors use it.	Legitimate interests.
Compliance and protection	Meeting legal obligations; protecting our rights, property, and personnel; investigating misuse.	Legal obligation; legitimate interests.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

‍4. How We Share Personal InformationWe share personal information only as described below.Service providers. We use third-party service providers that help us operate our business, including providers of website hosting, email and collaboration tools, marketing and CRM systems, analytics, and security services. These providers process personal information on our behalf and under contractual obligations to handle it consistently with this Policy.Clients and engagement partners. Where you interact with us in connection with a client engagement, we may share relevant information with that client or with engagement partners as necessary to deliver the engagement.Legal and protective disclosures. We may disclose personal information when we believe in good faith that disclosure is required by law, regulation, or legal process; necessary to enforce our agreements; or necessary to protect the rights, property, or safety of Portage Labs, our clients, our personnel, or others.Business transfers. If Portage Labs is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate confidentiality and protection obligations.We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws.

‍5. Cookies and Similar TechnologiesOur website uses cookies and similar technologies to operate the site, remember your preferences, understand how visitors use the site, and improve our content and services.Strictly necessary cookies enable core functionality, such as security, network management, and accessibility.Performance and analytics cookies help us understand how visitors interact with our website (for example, which pages are viewed and how long visitors stay).Functional cookies remember your choices and preferences.You can control cookies through your browser settings and, where applicable, through any cookie preference banner displayed on our website. Disabling some cookies may affect site functionality.

‍6. How Long We Retain Personal InformationWe retain personal information for as long as needed to fulfill the purposes for which it was collected, including to provide our services, maintain business records, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by category of information and by purpose. When personal information is no longer needed, we delete or de-identify it in accordance with our internal retention practices.

‍7. International Data TransfersPortage Labs is based in the United States, and our service providers may operate in the United States and other jurisdictions. If you access our website or communicate with us from outside the United States, your personal information may be transferred to, stored in, and processed in countries with data protection laws that differ from those in your country. Where required by applicable law (including the GDPR), we use appropriate safeguards for international transfers, such as the European Commission’s Standard Contractual Clauses, the UK’s International Data Transfer Addendum, or other lawful transfer mechanisms.

‍8. Your Privacy RightsDepending on where you live, you may have the following rights with respect to your personal information.

‍8.1 Rights Available Under Applicable LawRight of access. You may request information about the personal information we hold about you and obtain a copy of it.Right to correction. You may ask us to correct inaccurate or incomplete personal information.Right to deletion. You may ask us to delete personal information we hold about you, subject to certain exceptions.Right to portability. You may ask us to provide certain personal information you have provided to us in a structured, commonly used, and machine-readable format.Right to opt out of marketing. You may opt out of receiving marketing communications from us at any time by following the unsubscribe link in any marketing email or by contacting us.Right to object or restrict processing. Where applicable law provides, you may object to certain processing or ask us to restrict processing.Right to withdraw consent. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.Right to lodge a complaint. You may lodge a complaint with the data protection authority in your jurisdiction.

‍8.2 Notice for California ResidentsUnder the California Consumer Privacy Act, as amended (CCPA), California residents have the rights described above, including the right to know what personal information we collect, use, and disclose; the right to request deletion; the right to correct inaccurate information; and the right to limit certain disclosures. We do not sell personal information and do not share personal information for cross-context behavioral advertising. We do not discriminate against individuals who exercise their privacy rights.

‍8.3 Notice for European Economic Area, United Kingdom, and Switzerland ResidentsIf you are located in the European Economic Area, the United Kingdom, or Switzerland, the GDPR (or its UK equivalent) provides you the rights described above. The legal bases on which we rely for processing are described in Section 3.

‍8.4 How to Exercise Your RightsTo exercise any of these rights, please contact us using the information at the end of this Policy. We may need to verify your identity before fulfilling your request. You may designate an authorized agent to make a request on your behalf, subject to verification. We will respond within the timeframes required by applicable law.

‍9. How We Protect Personal InformationWe maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, or disclosure. These safeguards are described in our Information Security Policy and include centralized identity management, multi-factor authentication, endpoint encryption and management, endpoint detection and response, and access controls based on least privilege. While we work hard to protect personal information, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

‍10. Children’s PrivacyOur website and services are intended for business audiences and are not directed to children. We do not knowingly collect personal information from individuals under the age of 16. If you believe a child has provided personal information to us, please contact us so that we can take appropriate steps.

‍11. Third-Party LinksOur website may contain links to third-party websites or resources that are not operated by Portage Labs. This Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party websites you visit.

‍12. Changes to This PolicyWe may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the “Last updated” date at the top of this Policy and, where appropriate, provide additional notice (for example, through a notice on our website or by email). Your continued use of our website or services after the effective date of an updated Policy constitutes your acknowledgment of the changes, to the extent permitted by applicable law.

‍13. Contact UsIf you have questions, comments, or concerns about this Privacy Policy or our handling of your personal information, please contact us at:

‍Portage Labs

‍Email: privacy@portagelabs.io

Website: https://portagelabs.io

If you are located in the European Economic Area, the United Kingdom, or Switzerland and have an unresolved concern, you also have the right to contact your local data protection authority.