Data Handling Policy
Portico Life, Inc · Version 1.0.0 · Effective 05.31.2026
Purpose
This policy describes how Portico collects, classifies, processes, stores, and deletes health and behavioural data across all Portico Agents. It supplements the Privacy Policy and is intended for participants, partners, and compliance review.
01 · Scope
This policy applies to all data processed by the Portico platform and all current and future Portico Agents: Sage (Food & Metabolic), Dusk (Sleep), Apex (Movement), Still (Mind), and Grove (Wealth).
02 · Data Classification Framework
All data processed by Portico is assigned to one of four tiers. Each tier carries specific handling, storage, and transmission rules.
Name, email, device IDs, IP address. Highest protection level. Never transmitted to external systems.
CGM readings, wearable vitals, blood markers, food photos. Encrypted at rest and in transit at all times.
Metabolic state analyses, pattern findings, experiment results. Account-linked; not shared externally.
De-identified population patterns, platform averages. Unlinked to any individual; used to improve models.
03 · AI Processing Pipeline
Portico uses AI to generate insights. Every piece of data passes through the following five-step pipeline before reaching any AI model:
Local Collection
Raw data is collected and stored locally on the participant's device.
PII Stripping
An automated anonymisation layer removes all Tier 1 identifiers — name, email, device IDs, IP addresses — before any data leaves the device.
Encrypted Transmission
Anonymised Tier 2 and Tier 3 data is transmitted to cloud infrastructure over TLS-encrypted channels.
AI Processing
AI models receive only de-identified inputs. No model receives data that can be linked to a specific individual without an internal lookup key that is never transmitted.
Insight Storage
Model outputs are classified as Tier 3 Insights and stored account-linked on secure encrypted cloud infrastructure.
External AI Services
Portico uses external AI providers (e.g., large language model APIs) to generate analyses. All data submitted to these services has had Tier 1 PII stripped. These providers operate under data processing agreements that prohibit training on or retaining submitted data.
04 · Storage Architecture
Local Storage
Raw Tier 1 and Tier 2 data is stored on-device using encrypted local databases. This data is not backed up to cloud services without explicit participant consent.
Cloud Storage
Derived insights (Tier 3) and anonymised aggregates (Tier 4) are stored in cloud infrastructure using:
- —AES-256 encryption at rest
- —TLS 1.2+ in transit
- —Role-based access control with least-privilege principle
- —Automated access logging with anomaly detection
05 · Data Retention Schedule
| Data Type | Retention Period | Deletion Trigger |
|---|---|---|
| PII (Tier 1) | Account lifetime + 30 days | Account deletion request |
| Raw health data (Tier 2) | Account lifetime + 30 days | Account deletion request |
| Derived insights (Tier 3) | Account lifetime + 30 days | Account deletion request |
| Anonymised aggregate (Tier 4) | Indefinite | N/A (no PII) |
| Backup copies | 90 days max | Rolling purge |
| Legal hold data | As required by law | Court order |
06 · Breach Response Protocol
Contain the breach. Isolate affected systems. Assess scope and data categories involved.
Internal investigation. Determine root cause. Identify affected participants.
Notify affected participants by email. Notify applicable regulatory authorities if required by law.
Root cause remediation. Post-incident review. Policy updates as needed.
07 · Third-Party Data Processors
Cloud Infrastructure: Hosting and compute. Process anonymised and encrypted Tier 2–4 data only.
AI Model Providers: LLM APIs. De-identified inputs only. Prohibited from training on or retaining submitted data.
Monitoring & Observability: System monitoring. Processes metadata and logs; no health data.