Privacy Policy

Last updated: April 30, 2026

Overview

Portico is a web-based client onboarding platform for service businesses. We take the security and privacy of your data seriously. This policy explains what information we collect, how we use it, and the choices you have.

Information We Collect

When you create a Portico account, we collect:

  • Email address
  • Full name
  • Company name

When your clients interact with onboarding flows you create, we store the data they provide, including:

  • Form responses and information submitted through onboarding steps
  • Documents uploaded for collection
  • Electronic signatures

This client data is stored securely and is accessible only to you and the client who submitted it.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Portico service
  • Process transactions and send related notices
  • Send transactional emails (account confirmations, onboarding notifications, password resets)
  • Respond to support requests

We do not sell, rent, or share your personal data with third parties for advertising purposes. We do not engage in third-party ad tracking.

Data Storage and Security

All data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure. Data is:

  • Encrypted at rest using AES-256
  • Encrypted in transit using TLS 1.2 or higher
  • Backed up regularly with point-in-time recovery

Payment Processing

Payments are processed by Stripe. Portico never stores your credit card number, CVC, or other payment card details on our servers. All payment information is handled directly by Stripe in accordance with Stripe's Privacy Policy.

Cookies

Portico uses cookies for the following purposes:

  • Essential cookies: session authentication and security tokens required for the service to function
  • Analytics cookies (optional): privacy-respecting analytics to understand aggregate usage patterns. These do not track you across other websites and can be declined

Sub-processors

We use the following third-party services to operate Portico:

  • Supabase — database and authentication (hosted on AWS)
  • Stripe — payment processing
  • Vercel — website and application hosting
  • Email service provider — transactional emails (onboarding notifications, account confirmations)

Each sub-processor is bound by data processing agreements and processes data only as necessary to provide their respective services.

Your Rights (GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Request a machine-readable export of your data
  • Correct inaccurate information
  • Request deletion of your account and associated data
  • Object to or restrict certain processing activities

To exercise any of these rights, contact us at support@portico.com. We will respond within 30 days.

Data Retention

Your data is retained for as long as your account remains active. If you close your account, all associated data — including client onboarding data, documents, and form responses — will be permanently deleted within 90 days of account closure.

Children's Privacy

Portico is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

Changes to This Policy

We may update this policy to reflect changes in our service or legal requirements. Material changes will be communicated via email or a notice within the application. Updates will also be posted on this page with a revised date.

Contact

Questions about this policy? Contact us at support@portico.com.