Privacy Policy

Last updated: March 10, 2026

1. Introduction

Portals Foresight ("we", "us", or "our") operates the service at foresight.portals.fi and related APIs, dashboards, documentation, and billing flows (collectively, the "Service"). This Privacy Policy explains what information we process, how we use it, when we share it, and the choices available to you.

2. Information We Process

• Account and profile information: email address, authentication records managed through Supabase Auth, account plan, account creation timestamps, and related profile metadata.
• API key information: API key hashes, key prefixes, key names, creation dates, revocation dates, and plan associations.
• Service inputs and activity: simulation request data and related inputs you submit to the Service, including wallet addresses, transaction fields, token addresses, token amounts, recipients, selected networks, and request metadata needed to run simulations.
• Usage and operational information: endpoints used, status codes, latency, timestamps, request identifiers, quota counters, billing state, and account activity relevant to product operations, security, and abuse prevention.
• Payment and billing information: subscription, checkout, billing portal, and payment metadata processed through Stripe, and wallet-based payment metadata if x402 or similar payment flows are enabled. We do not store full card numbers on our servers.
• Communications: messages you send to us, support requests, feedback, and service emails such as account confirmations, password resets, billing notices, security alerts, and other administrative communications.
• Security and anti-abuse information: IP address, device/browser signals, rate-limiting signals, CAPTCHA challenge data, and fraud or abuse-prevention data used to protect the Service.

3. How We Use Information

• Provide, operate, maintain, secure, debug, and improve the Service.
• Authenticate users, manage accounts, issue and revoke API keys, and enforce plan limits, rate limits, and usage quotas.
• Process simulations and related technical workflows through blockchain infrastructure and data providers.
• Process subscriptions, billing, invoicing, refunds, disputes, and other payment operations.
• Detect, investigate, and prevent fraud, abuse, spam, security incidents, and misuse of the Service.
• Respond to support requests, troubleshoot issues, and communicate with you about the Service.
• Send product, feature, company, or promotional communications where permitted by law. You may opt out of marketing communications at any time.
• Analyze usage trends, improve product quality, measure business performance, and create aggregated or de-identified analytics and reporting.
• Comply with legal obligations, enforce our agreements, and protect the rights, safety, and security of Portals, our users, and third parties.

4. How We Share Information

We do not sell personal information for money. We may share information in the following situations:

• Service providers and infrastructure vendors: vendors that help us operate authentication, hosting, caching, billing, email delivery, bot protection, RPC access, payment flows, contract metadata lookups, error decoding, blockchain data enrichment, or similar technical infrastructure.
• Payments and settlement: payment processors, billing providers, facilitators, or counterparties involved in subscription billing or wallet-based payment flows.
• Affiliates and transaction parties: our affiliates, successors, acquirers, investors, auditors, insurers, and professional advisors in connection with ordinary business operations or a corporate transaction.
• Legal and safety reasons: when we believe disclosure is reasonably necessary to comply with law, regulation, legal process, sanctions requirements, or to protect rights, property, safety, and security.
• With your direction: when you ask us to share information or connect the Service with another provider.

We may also use and disclose aggregated or de-identified information for lawful business purposes.

5. Current Third-Party Services

The providers below reflect the Service as configured today. Our vendors may change over time, and comparable providers may be substituted as the product evolves.

• Supabase (authentication and database) — supabase.com/privacy
• Stripe (subscriptions and billing) — stripe.com/privacy
• Cloudflare Turnstile (bot protection) — cloudflare.com/privacypolicy
• Resend (email delivery) — resend.com/legal/privacy-policy
• RPC and simulation infrastructure such as providers used to access blockchain state and simulation methods.
• Blockchain data and contract metadata providers such as token-holder, contract metadata, and error-signature lookup services used to improve simulation quality.

6. Data Retention

We retain information for as long as reasonably necessary to operate the Service, maintain security, enforce agreements, comply with legal obligations, resolve disputes, and support legitimate business needs. Retention periods vary depending on the type of data, the sensitivity of the data, and whether the data is needed for billing, fraud prevention, debugging, or legal compliance.

7. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information processed through the Service. These measures include access controls, API key hashing before storage, authenticated access to account functions, security monitoring, and reliance on established third-party infrastructure providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Cookies and Browser Storage

Our marketing site does not currently use third-party advertising pixels or website analytics tools. The browser application does use local browser storage through Supabase-authenticated sessions to keep users signed in and support dashboard access. If we later introduce non-essential cookies, analytics, attribution, or advertising technologies, we will update this policy and provide any notices or choices required by law.

9. Your Choices and Rights

You may request access, correction, export, or deletion of your information by contacting [email protected]. You may also opt out of marketing communications by using the unsubscribe mechanism in those messages or by contacting us. Depending on where you live, you may have additional privacy rights under applicable law, and we will honor those rights where required.

10. International Processing

We and our service providers may process information in jurisdictions other than your own. By using the Service, you understand that information may be transferred to and processed in countries that may have different data protection rules than your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide additional notice where appropriate. The "Last updated" date above reflects the effective date of the current version.

12. Contact

For questions about this Privacy Policy, contact us at [email protected].