PORTICO
LEGAL · PLATFORM DOCUMENT

Privacy Policy

Portico Life, Inc · Version 1.0.0 · Effective 05.31.2026


The Short Version

Portico is a personal life intelligence platform. We collect health and behavioural data to help you understand yourself and stay ahead — before small signals become large problems.

We will never sell your data. We will never use your data to train AI models without your explicit consent. You own your data, and you can delete it at any time.

1. About Portico

Portico is a personal life intelligence platform developed and operated by Portico Life, Inc, a Delaware incorporated company.

Portico connects physiological and behavioural data across five domains — food and metabolism, sleep, movement, mind and cognitive performance, and financial wellness — to surface patterns you can act on, before they compound.

The Portico platform consists of five agents and one orchestration layer:

AgentDomainStatus
SageFood & MetabolicClosed Beta
DuskSleepAlpha
ApexMovement & ExerciseAlpha
StillMind & CognitionPlanned
GroveWealth & Financial WellnessDeferred

This Privacy Policy applies to all Portico Agents, the platform, and all associated services, websites, and applications (collectively, the “Services”).

Contact us at [email protected]

2. Information We Collect

2.1 — Information You Provide

  • Name, email address, and account credentials
  • Health goals, preferences, and self-reported context
  • Responses to onboarding questionnaires or check-ins
  • Communications you send us directly

2.2 — Health & Physiological Data

Depending on which Portico Agents you activate:

AgentData TypesExample Sources
SageCGM readings, food photos, wearable vitals, blood panel markersDexcom Stelo, Apple Watch, Function Health
DuskSleep stages, HRV, resting heart rate, sleep durationApple Watch, Oura Ring, WHOOP
ApexActivity, VO₂ Max, steps, workout dataApple Health, Garmin, Strava
StillMood logs, focus scores, self-reported cognitive eventsApp-based logging

We will notify you before any new data type is collected.

2.3 — Automatically Collected Data

  • Session authentication tokens (required for secure login)
  • CSRF protection tokens (required for security)
  • Interface preferences you have chosen

We do not use analytics tracking, advertising cookies, or third-party behavioural tracking of any kind.

3. How We Use Your Information

We use your data to:

  • Deliver Portico Agent analyses, insights, and recommendations to you
  • Identify patterns across your domains and surface connections between them
  • Improve the accuracy of our algorithms and models
  • Communicate with you about your account and platform updates
  • Ensure platform security and prevent fraud
  • Comply with legal obligations

What We Will Never Do

Sell your personal data to any third party.

Use your health data for advertising targeting.

Share your identifiable data with insurers, employers, or pharmaceutical companies.

Use your data to train AI models without your explicit written consent.

Retain your data after account deletion (subject to legal hold obligations).

4. How We Protect Your Data

4.1 — Local-First Architecture

Portico is designed around a local-first architecture. Your raw health data is processed and stored locally on your device wherever technically feasible. Only derived insights and anonymised patterns are transmitted to our cloud infrastructure. Before any data reaches cloud AI services, all personally identifiable information is stripped through an automated anonymisation pipeline.

4.2 — Technical Safeguards

  • All data in transit encrypted using TLS 1.2 or higher
  • All data at rest encrypted using AES-256
  • Role-based access control with principle of least privilege
  • Regular security reviews

4.3 — Data Classification

Tier 1Personal Identifiers (PII)
AI Input: Never

Name, email, device IDs

Tier 2Protected Health Data
AI Input: Anonymised only

CGM readings, biomarkers, vitals

Tier 3Derived Insights
AI Input: Yes — Tier 1 stripped

Pattern analyses, experiment results

Tier 4Anonymised Aggregate
AI Input: Yes, freely

De-identified population patterns

5. Data Sharing

We do not sell, rent, or trade your personal information.

We may share data only in these limited circumstances:

Service Providers: Infrastructure providers under strict data processing agreements that prohibit independent data use.

Legal Requirements: When required by law or court order. We will notify you before complying unless prohibited by law.

Business Transfers: In the event of a merger or acquisition, your data transfers subject to this same Privacy Policy with advance notice.

With Your Consent: Any sharing beyond the above requires your explicit consent.

6. Your Rights

Access

Request a copy of all personal data we hold about you.

Correction

Correct inaccurate or incomplete data.

Deletion

Request deletion of your account and all associated data.

Portability

Receive your data in a machine-readable format.

Restriction

Request we limit processing of your data.

Objection

Object to specific uses of your data.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to opt out of sale (we do not sell data), and the right to non-discrimination for exercising your rights. Submit a CCPA request to [email protected].

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • PII and raw health data deleted within 30 days
  • Derived insights linked to your account deleted within 30 days
  • Anonymised aggregate data may be retained indefinitely for platform improvement
  • Backup copies purged within 90 days
  • We may retain data longer if required by applicable law

8. Children's Privacy

The Portico platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

9. Changes to This Policy

  • We will update the effective date at the top when this policy changes
  • We will notify active users by email at least 14 days before material changes take effect
  • Continued use of the Services after changes constitutes acceptance of the updated policy