Back to Home

Privacy Policy

Last updated: 2026-04-22

About Portaly Vibe

Welcome to Portaly Vibe!

Real Engine Co., Ltd. (doing business as "Portaly", "us", "we", or "our") operates the Portaly Vibe service located at vibe.portaly.cc and related subdomains (the "Service"). Portaly Vibe is a subscription, payments, member management and analytics platform for developers ("Vibe Coders"), allowing you to integrate your application's users, subscriptions and billing flows with Portaly via AI Agents (Skills) and APIs.

Your access to and use of Portaly Vibe is subject to your acceptance of and compliance with this Privacy Policy. This Privacy Policy applies to all visitors, users, Vibe Coders and the end customers who check out or are managed through the Service. By accessing or using the Service, you agree to be bound by this Privacy Policy. If you disagree with any part of this policy, you must stop using the Service.

We are committed to protecting your personal information under the Personal Data Protection Act of Taiwan, GDPR, CCPA and any other applicable laws. We reserve the right to modify or replace this Privacy Policy at any time. If any revisions are material, we will provide at least 30 days notice prior to the new policy taking effect, either by posting on this page or by emailing you.

If you have any questions about this Privacy Policy, please contact us at support@portaly.cc.

Personal information we collect

  • Information you provide voluntarily:

    • Contact Information: your first and last name, email address, phone number, mailing address, company name, tax ID and job title.
    • Identity and KYC Information: when you use the payments or invoicing features, the national ID number or business registration documents, representative information and bank account information required by law or by our payment partners.
    • Profile Information: avatar, merchant name, merchant logo, plan descriptions, social handles, bio and any other data you add to your profile.
    • Communications: messages, feedback and attachments exchanged through queries, support tickets, and interactions with us via social media or other channels.
    • Transaction Data: tokenized payment details (full card numbers are stored by our payment processors), billing and shipping addresses, subscription history, refund history and financial account settings.

  • Information collected automatically:

    • Device Information: IP address, device type, operating system, browser type, screen resolution, language and approximate location.
    • Usage Information: pages viewed, duration of visits, navigation paths, button clicks, and interactions with our marketing communications.
    • Technical Data: how your device interacts with the Service, including access times and usage patterns, used for security, debugging and analytics purposes.

  • Information from third-party sources:

    • Public Sources: data obtained from social media platforms, search engines and other public sources.
    • Business Partners: information from companies involved in joint marketing, channel, affiliate or other business relationships.
    • Service Providers: personal data received from third parties assisting with marketing, verification, risk management, payments and identity authentication, subject to legal or consent requirements.

  • Cookies and tracking technologies:

    • Cookies: text files used to track browsing activities, remember preferences, and manage login status. Includes session cookies, persistent cookies, first-party cookies and third-party cookies.
    • Local Storage: technologies such as HTML5 LocalStorage or IndexedDB for storing data on your device beyond browser cookies.

How we use your personal information

We use your personal information for the following purposes:

  • Service Delivery: to provide, operate, and improve our Service, including processing subscriptions and orders, issuing invoices, syncing member data, offering API and webhook integrations, and enabling security features such as sending verification codes and recognizing previously used devices.
  • Communication: to send you service-related announcements, system notifications, security alerts and support messages, and to personalize our communications based on your needs and interests.
  • Customer Support: to provide support for the Service and respond to your requests, questions, and feedback.
  • Research and Development: to analyze and improve the Service and our business operations, including creating aggregated, de-identified or anonymous data which may be shared with third parties for lawful business purposes.
  • Marketing: to send you direct marketing communications related to Portaly or other relevant offerings, unless you have opted out.
  • Compliance and Protection: to comply with legal obligations, respond to lawful requests, protect our rights and property, audit internal processes, enforce our Terms and Conditions, and prevent, identify and investigate fraudulent or illegal activities.
  • Business Administration: to conduct business planning, reporting, forecasting, and manage our relationship with you, including fulfilling our obligations, exercising our rights, and defending against legal claims.
  • Personalization and Improvement: to ensure the Service is relevant to you and your device, deliver targeted content based on your preferences, and improve the functionality and performance of our Service.
  • Fraud Detection: to verify your identity and detect potential fraud, including fraudulent payments and use of the Service.
  • Promotional Use: Portaly may use the merchant name, brand logos and publicly visible plan descriptions you upload to the Service for case studies, customer lists and other promotional purposes. If you do not wish your brand to be used for such purposes, please contact support@portaly.cc.

How we share your personal information

Portaly may share your personal information with the following parties only where necessary:

  • Affiliates: with the corporate parent, subsidiaries and other affiliates of Real Engine, for purposes consistent with this Privacy Policy.
  • Service Providers: with third-party companies providing IT, hosting, customer relationship management, customer support, email delivery, advertising, marketing and analytics on our behalf.
  • Payment Processors and Invoice Providers: including acquiring banks, card schemes, third-party payment providers and e-invoice providers (which may include TapPay, Stripe, ECPay or others depending on your region and the transaction), in order to process authorizations, charges, refunds, reconciliation and invoicing.
  • Identity Verification and Risk Management: service providers that help us perform KYC, anti-money laundering (AML), fraud detection and sanctions screening.
  • Analytics: such as Google Analytics 4, used to measure traffic and performance (see the "Google API User Data" section below).
  • Professional Advisors: legal, financial, tax and other professional advisors when necessary.
  • Authorities and Legal Compliance: law enforcement, regulatory authorities, government agencies, courts, or other third parties where we believe disclosure is necessary to comply with applicable laws, regulations, legal processes, or to protect our rights or the rights of others.
  • Business Transfers: in connection with any merger, sale of assets, or acquisition, with the relevant parties involved, provided they agree to use your personal information only for the purposes disclosed in this Privacy Policy.
  • Your Customers and Counterparties: if you operate as a merchant on Portaly Vibe, we share your merchant-level contact and invoicing details with your own end customers (for example, subscribers) where necessary to complete transactions.
  • With your consent: with any other person, when you have consented to the disclosure.

Google API User Data

Portaly Vibe may integrate with Google Analytics 4 and other Google APIs to help you view website traffic and usage. For data obtained through Google APIs, Portaly Vibe complies with the Google API Services User Data Policy, including the Limited Use requirements:

  • We only read GA4 properties and related analytics data within the scope you have authorized; we do not modify your Google Analytics configuration.
  • We do not use Google user data for serving advertisements, nor do we sell, rent, or transfer it to third parties.
  • We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, for security investigations, or to comply with applicable law.

How we secure your personal information

We implement a range of technical, organizational, and physical measures designed to protect your personal information, including access controls, encryption in transit (TLS), encryption at rest where appropriate, role separation, and audit logging. Access is limited to employees, agents, contractors and third parties who have a business need to know and are bound by confidentiality obligations.

Despite our efforts, no internet transmission or storage system is completely secure. In the event of a personal data breach, we will notify you and the applicable regulators to the extent required by law.

Retention and Deletion of Data

  • Retention Periods: we retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, tax or audit requirements. For example, transaction records and invoice data are retained for at least 5 years pursuant to applicable tax law.
  • Google User Data: data obtained through Google APIs is retained only as long as necessary to provide the requested services, to comply with our legal obligations, resolve disputes, and enforce our agreements. Once we no longer need the data, we will delete or anonymize it in accordance with this policy.
  • Account Deletion: you have the right to request the deletion of your account and associated personal information. Upon confirmation of your request, we will delete or anonymize your data within a reasonable period, except where we are required to retain it for legitimate business or legal reasons (for example, unsettled transactions, tax records, ongoing disputes). To request deletion, please contact support@portaly.cc.

Your rights

We respect your rights regarding your personal information and provide you with the following choices:

  • Access or Update Information: if you have registered for an account, you can review and update most of your account information directly from the dashboard.
  • Opt-Out of Marketing Communications: you may opt out of marketing emails by following the unsubscribe instructions in our emails or by contacting us directly. You may still receive service-related and other non-marketing communications.
  • Cookies Management: most web browsers allow you to manage or reject cookies through their settings. Disabling cookies may affect the functionality of the Service.
  • Do Not Track Signals: currently, we do not respond to "Do Not Track" signals from browsers.
  • Declining to Provide Information: you may decline to provide certain personal information, but this may limit your ability to use certain features of the Service.
  • Third-Party Platforms: if you connect to the Service through a social media account, you can use that platform's privacy settings to manage information shared with us. Revoking access does not affect information previously obtained through that platform.

  • Rights of EEA and UK Residents: if you are a resident of the European Economic Area or the United Kingdom, you are entitled to certain rights under the GDPR and the UK Data Protection Act 2018, including:

    • Right to be Informed about the collection and use of your personal data.
    • Right of Access to your personal data.
    • Right to Rectification of inaccurate or incomplete personal data.
    • Right to Erasure ('right to be forgotten') in certain circumstances.
    • Right to Restrict Processing in certain circumstances.
    • Right to Data Portability of your personal data.
    • Right to Object to processing, including for direct marketing.
    • Rights in relation to automated decision-making and profiling.
    • Right to Withdraw Consent at any time where processing is based on consent.
    • Right to Lodge a Complaint with a supervisory authority.

To exercise any of these rights, please contact us at support@portaly.cc. We respond to all requests from individuals wishing to exercise their data protection rights in accordance with applicable laws.

Children

Our Service is not intended for use by children under the age of 16. If you are under this age limit, please do not use Portaly Vibe and do not provide us with your personal information. If you are a parent or guardian and believe that we have collected personal information from a child under 16 in a manner prohibited by law, please contact us. Upon notice or discovery, we will take all reasonable efforts to delete any such information.

International data transfer

Portaly is headquartered in Taiwan and utilizes service providers that operate in various countries. Consequently, your personal information may be transferred to Taiwan or other jurisdictions where privacy laws may differ and may not offer the same level of protection as those in your state, province, or country of residence. We are committed to ensuring that any international transfer is conducted in compliance with applicable data protection laws and with appropriate safeguards in place.

Changes to this Privacy Notice

We may update this Privacy Policy periodically to reflect legal, technical, or business developments. When we make material changes, we will notify you by updating the "last updated" date at the top of this policy and posting it on our website. If required by law, we will notify you through additional means, such as email. Your continued use of the Service after the effective date of any modifications indicates your acceptance of the revised Privacy Policy.

Contact Information

For any technical issues, feedback, or request, contact: support@portaly.cc.