Security and compliance
Tax documents, contracts, personal details, payment information. Portico encrypts it, logs every access, and gives you the compliance tools to handle it responsibly — GDPR-ready out of the box.
Every file, form response, and signature is encrypted before it touches disk. Your clients' tax documents, contracts, and personal data are unreadable without the decryption key.
All data moving between your clients' browsers and Portico is encrypted. Every form submission, file upload, and API call is protected in transit — no exceptions.
Every action — form submission, file upload, signature, approval, status change — is logged with a timestamp and cryptographically linked to the previous entry using SHA-256 hashing. If anyone modifies or deletes a record, the chain breaks and the tampering is immediately detectable. Exportable as CSV.
Team owners control who can view, edit, or manage onboardings. Invite team members with scoped permissions — no one gets access they do not need.
Every uploaded file is checked for type and size before it's stored. Files are validated on our servers, not in the browser, so restrictions cannot be bypassed.
Clients access onboardings via single-use magic links — no passwords to leak, no accounts to breach. Each link works once and expires after use.
GDPR compliance
Configurable consent checkboxes before every onboarding. Every response is timestamped and auditable.
Export all client data — onboardings, responses, files, signatures, and messages — as a single downloadable archive. GDPR Article 20 compliance built in.
Built-in deletion workflow removes files, strips personal data from records, and generates a compliance certificate. GDPR Article 17 compliance in one click.
Set automatic retention periods per team. Data is purged on schedule — no manual cleanup, no forgotten client files sitting on servers indefinitely.
Infrastructure
Why it matters
Most client onboarding tools treat security as a checklist. Portico treats it as a foundation.
When a client sends you tax documents or contracts, they're trusting you with sensitive data. Portico gives you a clear answer: encrypted storage, access logging, and a security page you can point them to.
Every action is logged and cryptographically chained to the previous entry — you can prove that records have not been modified. Verify chain integrity in one click, export the full log as CSV.
If you serve clients in Europe, GDPR applies. Portico handles consent, data export, and erasure so you do not need a separate compliance workflow.
Magic-link authentication means your clients never set a password. No password reuse, no "forgot password" support tickets. One link, one session, one onboarding.
Compliance
Start free. No credit card required. Your data is encrypted from day one.
Start Free