Privacy Notice — Portiva

Last updated: 8 March 2026

This privacy notice explains how Portiva (an AI financial advisor app with a net worth dashboard, AI chat, and AI-generated reports) collects and uses your personal information.

1) Who we are (data controller) and how to contact us

Controller: Portiva Limited (the “Controller”)

Email: [email protected]

If you have questions about this notice or want to exercise your rights, contact us using the details above.

2) What information we collect

We collect information in these categories:

A. Account and identity information

  • Name, email address, password (hashed), and account settings.

B. Financial profile information (what you type in)

  • Income/salary, debts, assets, savings, pensions/investments (high-level), monthly spending/budgets (if you provide them), goals, and other financial notes you choose to enter.

C. Chat and content you provide

  • Messages you send to our AI financial planner, and any files/text you upload (if the feature exists).
  • Feedback you provide about outputs (e.g., “thumbs up/down”, corrections).

D. Usage and device information

  • App interactions (pages viewed, features used), approximate location (from IP address), device/browser info, and log data (timestamps, error logs).

E. Cookies / similar technologies (website/app)

  • Cookies that help the service work, and (if enabled) analytics cookies.

We don’t intentionally collect “special category” data (e.g., health info, religion). Please don’t share it in chats or uploads.

3) Why we use your information (purposes) and our lawful bases

We use your information to:

Provide the service

  • Create and manage your account.
  • Build your net worth dashboard and show insights based on the information you enter.
  • Generate AI responses and AI-written reports from your inputs.

Improve and protect it

  • Troubleshoot bugs, monitor performance, prevent fraud/abuse, and keep the platform secure.
  • Improve product quality and user experience (e.g., understanding which features are used).

Communicate with you

  • Send service messages (e.g., verification emails, important changes).
  • Respond to support requests.

Meet legal obligations

  • Comply with applicable laws, respond to lawful requests, and maintain records where required.

Optional marketing

  • If we send marketing emails, we’ll ask first where consent is required, and you can opt out anytime.

The ICO explains that privacy notices should be clear about what you collect, why you collect it, and who you share it with. (ICO)

4) Who we share your information with

We don’t sell your personal information.

We share information only as needed with service providers (processors) who help us run Portiva, such as:

AI vendors (for chat + report generation)

  • We send the text you provide (and relevant financial context needed to answer) to our AI provider(s) to generate responses.
  • AI provider(s): OpenAI
  • We access OpenAI through their API services. Under their standard API terms of service:
    • Your data is not used to train their AI models. Both providers prohibit the use of API data for model training by default.
    • Data sent via the API may be temporarily retained by the provider for a limited period (typically up to 30 days) for safety and abuse monitoring, after which it is deleted.
    • All data is transmitted using industry-standard encryption (TLS 1.2 or higher).

Hosting, storage, and infrastructure

  • Cloud hosting, databases, file storage, and monitoring.
  • Hosting provider(s): Vercel, Railway, Supabase, Cloudflare use]

Analytics (if enabled)

  • Providers that help us understand usage (e.g., page views, feature adoption).
  • Analytics provider(s): Cloudflare

Add the exact vendor names you use. The ICO’s small-org generator is designed to help you produce a tailored notice you can copy/paste and brand. (ICO)

5) International transfers

Some vendors may process data outside the UK. When that happens, we use appropriate safeguards to help protect your information.

6) How long we keep your information

We keep personal information only as long as necessary for the purposes above:

  • Account + financial profile: while your account is active. If you delete your account, we’ll delete or anonymise this data within 90 days, unless we must keep some of it for legal, security, or dispute reasons.
  • Chat history and generated reports: kept while your account is active (so you can refer back), unless you delete it or request deletion (where applicable).
  • Support messages: typically kept for 24 months after the ticket closes.
  • Security logs: typically kept for 180 days.

7) Your rights (and how to use them)

Under UK data protection law, you have rights that may include:

  • Access (ask for a copy of your data)
  • Rectification (correct inaccurate data)
  • Erasure (delete your data in certain situations)
  • Restriction (limit how we use it in certain situations)
  • Portability (receive certain data in a usable format)
  • Objection (object to processing based on legitimate interests)
  • Withdraw consent (where we rely on consent)

To exercise your rights, email [email protected]. You also have the right to complain to the Information Commissioner’s Office (ICO) if you’re unhappy with how we handle your data. (ICO)

8) Automated decision-making

We use AI to generate guidance and summaries based on the information you provide. We do not make decisions that produce legal or materially significant effects about you without human involvement. (If that changes, we’ll update this notice.)

9) Security

We use appropriate technical and organisational measures designed to protect your information (e.g., access controls, encryption in transit, monitoring). No system is 100% secure, but we work to protect your data.

10) Changes to this notice

We may update this notice from time to time. We’ll post the latest version in the app/website and update the “Last updated” date.