Privacy Policy

Portavi ("we", "us") is operated by Dhikilabs LLC (doing business as "Portavi"), San Diego, CA. You can reach us at support@useportavi.app. This Privacy Policy describes what data we collect when you use useportavi.app (the "Service"), how we use it, and the choices you have.

• We collect the minimum we need to run your account + deliver the features you use.
• We don't sell your data to anyone. Ever.
• Payment card details are handled by Stripe; we never see them.
• You can delete your account, and everything we have about you, from your settings, any time.
• Questions: support@useportavi.app.

Account data (when you sign up with Google):

• Email address
• Display name (from your Google profile)
• A unique internal account ID
• Authentication metadata (session tokens, timestamps)

Product data (when you use the Service):

• Tickers you add to your watchlist
• Any holdings (ticker, shares, average cost) you enter in your portfolio
• Price alerts you create
• Notification preferences (Slack webhook URL if you set one, digest settings)
• Support tickets you submit via the /support form
• Free-text content sent to AI Chat / Deep Dive features

Billing data (only if you subscribe):

• Stripe customer ID + subscription ID (stored on your account)
• Subscription status (active, trialing, canceled)
• We do not see or store your card number, CVC, or full billing address. Stripe handles the payment card directly.

Technical data:

• IP address, browser type, and basic request metadata (for rate limiting + debugging)
• Error reports (non-personal stack traces) if something crashes

• Run the Service. Show you your watchlist, compute personalized risk metrics, send alerts you asked for, power AI features you invoke.
• Process payments. Create and maintain your subscription with Stripe.
• Communicate. Send the transactional + digest emails you opted into. Reply to support tickets.
• Improve the Service. Aggregated, non-personal analytics help us find bugs and prioritize features.
• Keep things secure. Detect fraud, abuse, and misuse; meet our legal obligations.

We don't use your personal data to train AI models.

We use a small number of trusted vendors to run the Service. Each receives only the data they need to perform their function and is bound by their own privacy commitments.

• Supabase, database + authentication hosting (stores your account + product data; EU/US)
• Stripe, payment processing (handles your card; creates an invoice record; US, globally)
• Vercel, web hosting (serves the useportavi.app frontend; US)
• Fly.io, API hosting (serves the backend; US)
• Resend, transactional + digest email delivery
• Anthropic, AI model provider for Deep Dive + Chat (receives the specific prompts you submit to those features; does not retain for training per their API terms)
• Cloudflare, DNS + email routing + edge protection for useportavi.app
• Slack, only if you configure a Slack webhook URL on your account; we post the digest messages you requested to that webhook
• PostHog, product analytics (receives an anonymous device ID, your Portavi account ID once signed in, the pages you visit, and basic event names so we can see how the product is used; no payment data, no prompts, no portfolio content)

We do not sell personal data to advertisers or data brokers. We do not share your data for cross-context behavioral advertising.

• Account + product data: as long as your account is active.
• After you delete your account: personal data is purged immediately. Billing records required for tax + audit are retained by Stripe per their standard schedule (typically 7 years).
• Support tickets: retained for up to 2 years so we can reference prior conversations.
• Technical logs: typically retained for 30 days, then deleted or anonymized.

Depending on where you live, you may have the right to:

• Access a copy of the data we have about you.
• Correct inaccurate data (update your display name from the account page).
• Delete your account and data (from the account page, or email us).
• Object to or restrict certain processing.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email support@useportavi.app from the address on file. We'll respond within 30 days.

California residents (CCPA/CPRA): you have the right to know what we collect, the right to delete, the right to correct, and the right to opt out of "sales" or "sharing" for cross-context behavioral advertising. We don't sell or share your data for those purposes, so there's nothing to opt out of.

EEA/UK residents (GDPR): our legal bases for processing are (a) performance of our contract with you, (b) our legitimate interests in securing and improving the Service, and (c) your consent (where applicable, e.g. for marketing email).

Portavi uses the minimum set of cookies needed to keep you signed in, detect malicious requests, and understand how the product is used. We don't use third-party advertising cookies or cross-site tracking pixels. Session cookies are set by Supabase (auth) and Cloudflare (security); these are strictly necessary and cannot be disabled without breaking the site.

PostHog also sets a first-party cookie and local-storage entry to assign your browser an anonymous device ID. This lets us count unique visitors and follow a user journey across pages on useportavi.app. PostHog never receives your prompts, portfolio holdings, or payment data, only the page you're on and the event names listed in Section 3. You can block it by disabling cookies for useportavi.app; the rest of the site keeps working.

Portavi is not directed at children under 18 and we don't knowingly collect data from them. If you believe a child has given us personal data, email us and we'll delete it.

Our servers and sub-processors are primarily in the United States. By using Portavi you consent to the transfer of your data to the US. We rely on standard contractual clauses where required for transfers from the EEA, UK, and Switzerland.

We use HTTPS everywhere, row-level security in the database (each user's data is isolated by policy), JWT-verified API access, and encrypted at-rest storage via Supabase. No system is perfect, if you suspect unauthorized access, contact us immediately.

We may update this Privacy Policy from time to time. Material changes will be announced via email or an in-app banner at least 14 days before they take effect. The "Effective" date at the top always reflects the current version.

Email support@useportavi.app with any privacy questions, data-subject requests, or concerns.