Parann is a content management system (CMS) operated by Portkey Technologies Pte Ltd, a company incorporated in Singapore ("we", "us", "our"). Parann is part of the Metarium software ecosystem. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore.
Parann is currently in private beta. This policy applies to all users of the Parann CMS service.
The Metarium Ecosystem
Parann operates within the Metarium modular software ecosystem:
Parann CMS — Content management service at parann.com, by Padimai Pte Ltd (Singapore), operated by Portkey Technologies Pte Ltd. This is the service covered by this policy.
Metarium AI (metarium.ai) — A substrate for AI agents that keeps self-hosted data. By Onemai Foundation (onemai.net). Visit metarium.ai for guided CMS installations.
Mummai Chain — Public file registry at mummai.net. By Onemai Foundation (onemai.net). Supports file registry, hash registry, and custodianship changes. Content registered on Mummai is portable and custody can be transferred between parties. Built using the Metarium.net template by Metakovan.net.
The ecosystem is modular. As an end user, you access CMS services using a Substrate (SS58) address. You may choose between:
CMS layer: Parann (hosted by us) or a private CMS instance (self-hosted)
Blockchain layer: Mummai (public, from Onemai Foundation) or a private blockchain
Using a private CMS on a private blockchain provides the highest level of privacy and independence, though infrastructure costs are higher. Different combinations offer different trade-offs between convenience, cost, and privacy.
Personal Data We Collect
We collect the following personal data:
Substrate wallet addresses (SS58) — Used for authentication and access control. This is a public cryptographic identifier, not directly linked to your real-world identity.
Content you upload — Text, binary data, and associated metadata that you store in the CMS.
Technical data — IP addresses, user agent strings, and timestamps recorded with each upload and API request.
Email addresses — If you subscribe to our newsletter. Collected with your explicit consent.
Consent records — Timestamp, IP address, and user agent at the time of newsletter signup, for compliance purposes.
Purposes for Collecting Your Data
We collect and use your personal data for the following purposes:
Authentication and access control — To verify your identity via Substrate cryptographic signatures and manage your role (administrator or scribe).
Content management — To store, organize, and serve content you upload to the CMS.
Service operation — To maintain audit trails, enforce access controls, and ensure service integrity.
Newsletter communications — To send you marketing and product update emails, only after you have confirmed your subscription (double opt-in).
Legal compliance — To comply with applicable laws and regulations, including the PDPA.
Consent
We obtain your consent before collecting personal data:
CMS access: By authenticating with your Substrate wallet and signing the authentication challenge, you consent to the collection of your wallet address and associated technical data.
Content uploads: By uploading content, you consent to its storage and processing within the CMS.
Newsletter: By submitting your email address and clicking the confirmation link in our email, you provide explicit consent for us to send you marketing communications. You may withdraw this consent at any time by clicking the unsubscribe link in any email.
Data Portability and Third-Party Infrastructure
Your data is portable across infrastructure providers within the Metarium ecosystem. You may migrate between providers at any time — upgrading to more feature-rich infrastructure or downgrading to reduce costs.
The Mummai blockchain supports file and hash registries with custodianship changes, enabling you to transfer custody of your registered assets between parties.
Important: Information that has been processed by any third-party infrastructure cannot be fully deleted from that provider's awareness. While your ongoing data flow moves to your new provider, the previous provider may have observed your data during the period of use. Data exposure is limited to that period, but the provider cannot "unsee" what was processed. We recommend evaluating the privacy implications of your infrastructure choices carefully.
Data Storage and Security
Content is stored in Google Cloud Datastore on Google App Engine (Singapore region where available, or nearest available region).
Authentication uses cryptographic challenge-response signatures — no passwords are stored.
Access tokens are generated using blake3 hashing of cryptographically random bytes.
We implement reasonable security measures to protect your data, but no system is completely secure.
Data Retention
CMS content: Retained for as long as your account is active or as needed to provide the service. Content on the Mummai blockchain is subject to the blockchain's immutability properties.
Authentication data: Access tokens expire after 1 hour; refresh tokens expire after 30 days. Wallet addresses are retained as long as the account exists.
Newsletter data: Retained until you unsubscribe. Consent records (including subscription, confirmation, and unsubscribe events) are retained for compliance purposes even after unsubscription.
Technical logs: Retained for a reasonable period for security and operational purposes.
Disclosure to Third Parties
We may share your personal data with:
Google Cloud Platform — Our hosting and data storage provider.
Blockchain networks — Content hashes or files registered on Mummai or other blockchains are visible to network participants. Blockchain data is immutable and cannot be deleted.
Legal authorities — When required by law, regulation, or legal process.
We do not sell your personal data to third parties.
Cross-Border Data Transfers
Your data may be transferred to and processed in countries outside Singapore where Google Cloud Platform operates its infrastructure. We ensure that any such transfers comply with the PDPA's requirements for cross-border data transfers.
Your Rights Under the PDPA
Under the PDPA, you have the right to:
Access your personal data held by us.
Correct any inaccurate or incomplete personal data.
Withdraw consent for the collection, use, or disclosure of your personal data (note: this may affect our ability to provide the service).
Request information about how your data has been used or disclosed in the past year.
To exercise any of these rights, contact us at hello@portkey.sg.
Data Protection Officer
For questions or concerns about our data protection practices, contact our Data Protection Officer:
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.