Data Privacy & Processing
What Porta Does
Porta HE is an application quality infrastructure layer for university admissions. Your institution sends us applicant document packages. We run automated consistency and completeness checks. We return a consistency score (0-100) with a detailed quality report. Porta does not store applicant data permanently and does not make admissions decisions.
Data Controller vs. Data Processor
| Role | Entity | Responsibility |
|---|---|---|
| Data Controller | Your University | Decides what data to send to Porta, the legal basis for processing, and what to do with the results. Responsible for applicant communication and data subject rights. |
| Data Processor | Porta (IseoGroup) | Processes applicant data strictly under documented university instruction. Does not determine purposes or means of processing. Acts only within the scope of the Data Processing Agreement. |
What Data Porta Processes
Porta receives and processes the following data categories, all provided by the university as part of the applicant document package:
Document contents: passport or ID document, academic transcript, diploma or degree certificate, language test score reports (e.g. IELTS, TOEFL), recommendation letters, personal statement or motivation letter.
Extracted identity fields used for cross-document consistency checks: full name, date and place of birth, nationality, country of residence, country of prior education, diploma issuing country and institution name, programme applied for, entry term and year, application date and reference ID.
No additional data is collected from applicants or third parties.
How Data Is Handled
| Aspect | How Porta Handles It |
|---|---|
| Storage | Ephemeral processing. Applicant data is deleted after the quality report is generated and delivered. |
| Access | Automated processing pipeline only. No human review of applicant documents unless explicitly requested by the university for support purposes. |
| Sharing | Applicant data is never shared with third parties, other institutions, or used for any purpose beyond generating the quality report. |
| Infrastructure | EU-based cloud infrastructure. No cross-border data transfer outside the EEA without appropriate safeguards. |
| Encryption | Data encrypted in transit (TLS 1.3) and at rest (AES-256). |
| Retention | Processing artifacts (extracted text, check results) are retained only for the duration of report generation. Final PDF report is stored in the university's Porta account until deleted by the university. |
What Porta Does NOT Do
Porta never contacts applicants directly - no emails, no notifications, no applicant-facing interface. Porta never makes admissions decisions or recommendations. The consistency index is not a score, ranking, or recommendation. Porta never retains applicant data beyond the processing window. Porta never shares applicant data with other institutions or third parties. Porta never uses applicant data to train AI models or for any purpose other than generating the quality report commissioned by the university.
Legal Framework
Porta is designed to be GDPR-aligned from the architecture level. A Data Processing Agreement (DPA) is provided and signed before any data exchange, including during the pilot phase. A Data Protection Impact Assessment (DPIA) template is available on request to support the university's own compliance process. Regular security audits are planned as part of the product roadmap.
Contact
For DPA requests, data privacy questions, or DPIA templates: hello@porta-online.com
This page describes Porta's data processing practices as of March 2026. For binding commitments, refer to the signed Data Processing Agreement between your institution and IseoGroup.