Read-only by design
PortoAI reads your holdings, positions, and order history so research and risk checks are personalised. It only places trades when you explicitly confirm. It never moves funds.
Trust
Security & data handling
PortoAI reads your portfolio data and can place orders when you confirm. No trade executes without your approval. You can disconnect at any time.
Security fundamentals
How broker connections work and what PortoAI can and cannot do.
Revocable access
Disconnect broker access inside PortoAI or revoke the API token from your broker's settings at any time. No lock-in.
No custody of funds
PortoAI does not hold, transfer, or have access to your money. Your funds stay with your broker at all times.
Encryption & infrastructure
How your data is protected
Encryption in transit
All connections use TLS 1.3 with HSTS preload. API calls between PortoAI and your broker go through encrypted channels. No data is transmitted in plaintext.
Encryption at rest
Portfolio data stored on our servers is encrypted using AES-256. Database access is restricted to application-level service accounts with least-privilege permissions.
Official broker APIs only
Broker connections use official, authorised API flows. Kite Connect for Zerodha, and Groww's official API (coming soon). We never ask for your broker password.
Token-based authentication
Broker access uses short-lived OAuth tokens that expire daily. You can revoke access from your broker's connected apps page at any time.
Data handling
What we collect and why
Portfolio data. Holdings, positions, and trade history from your connected broker. Used solely to personalise research, risk checks, and portfolio insights. Never shared with third parties.
Conversation data. Your questions and PortoAI's responses are stored to maintain chat context. You can clear conversations from your account settings at any time.
No data selling. We do not sell, rent, or share your personal or portfolio data with advertisers, data brokers, or any third party. Your data powers your experience and nothing else.
Data deletion. You can request complete deletion of your account and all associated data at any time by emailing support@pranaalpha.com. We process deletion requests within 7 business days.
Security contact
If you discover a security vulnerability, please report it responsibly to support@pranaalpha.com. We take every report seriously and will respond within 48 hours.