Privacy Policy

Last updated: April 8, 2026

This Privacy Policy describes how ARPORTAL (“we”, “us”, or “our”) collects, uses, stores, and shares information when you use our multi-tenant case management software for Canadian immigration practitioners, including our website, authenticated application, and related services (collectively, the “Service”).

By using the Service, you agree to this policy. If you do not agree, please do not use the Service.

1. Who this applies to

The Service is used by authorized users of immigration consulting firms (“Organizations”) and their staff. We process information about those users and, where Organizations enter it into the Service, about their clients and cases. Organizations are responsible for their own compliance obligations toward their clients.

2. Information we collect

Account and profile

When you register or use the Service, we may collect your name, email address, phone number, company affiliation, role, and credentials. If you choose Sign in with Google, Google shares with us the profile information you authorize (for example, name, email address, and Google account identifier) as described in Google’s OAuth consent screen. We use this to create and secure your account.

Google Calendar (optional)

If you connect Google Calendar, we request access only for the purpose of syncing tasks and related calendar events you choose to sync with your Google Calendar (for example, creating or updating events when tasks are created or updated). We do not use your calendar for advertising. You can disconnect this integration at any time from your account or Google’s security settings for third-party access.

Case and business data

Organizations may store client-related data in the Service (for example, contact details, immigration case information, documents, communications, tasks, appointments, and payments metadata). This is processed to provide the Service as instructed by the Organization.

Technical and usage data

We may collect logs, device and browser type, IP address, and similar data for security, reliability, and improvement of the Service.

3. How we use information

  • To provide, maintain, and improve the Service
  • To authenticate users and enforce access controls (including multi-tenant isolation between Organizations)
  • To send service-related notices and, where permitted, product updates
  • To integrate with services you enable (such as Google Calendar for task sync, email delivery, SMS/voice providers, or payment processors as configured by your Organization)
  • To comply with law and protect rights and safety

4. Legal bases (where applicable)

Where required by law, we rely on appropriate bases such as contract performance, legitimate interests (for example, securing the Service), consent (for example, optional integrations), or legal obligation.

5. Sharing of information

We may share information with subprocessors that help us run the Service (for example, hosting, database, queue, email, or analytics providers), subject to contractual protections. We do not sell your personal information. We may disclose information if required by law or to protect the Service and our users.

6. Retention

We retain information for as long as needed to provide the Service, meet legal requirements, and resolve disputes. Retention may vary by data type and your Organization’s settings or agreements with us.

7. Security

We implement technical and organizational measures designed to protect information. No method of transmission or storage is completely secure; we encourage strong passwords and use of available security features.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict certain processing, or to object or port data. Organizations may act as controller for client data; for such requests we may direct you to your Organization or assist as required by law. Contact us using the details your Organization provides or our published contact information.

9. International transfers

Data may be processed in Canada or other countries where we or our subprocessors operate. We take steps designed to ensure appropriate safeguards where required.

10. Children

The Service is not directed at children. We do not knowingly collect personal information from children without appropriate authorization.

11. Changes

We may update this Privacy Policy from time to time. We will post the updated version and revise the “Last updated” date. Material changes may be communicated through the Service or by email where appropriate.

12. Contact

For privacy questions, contact your Organization’s administrator or reach us through the contact channels published on our website.