Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account information — your name and email address when you create an account
• Business information — company name, description, business stage, and other details you provide during onboarding
• Business data — financial data, customer data, documents, contracts, and other business information you upload or enter into the Service
• Communications — messages and conversations you have with AI executives within the Service
• Payment information — billing details processed by our payment provider (Stripe). We do not store your full card details.

1.2 Information Collected Automatically

• Usage data — how you interact with the Service, which features you use, and when
• Device information — browser type, operating system, IP address, and device identifiers
• Log data — server logs including access times, pages viewed, and errors

1.3 Information From Third-Party Integrations

When you connect third-party services (such as QuickBooks, HubSpot, Stripe, Meta Ads, or others), we receive data from those services as authorised by you. You control which integrations are connected and can disconnect them at any time.

2. How We Use Your Information

We use your information to:

• Provide the Service — operate the AI executive team, generate insights, produce the weekly briefing, and deliver all Service functionality
• Personalise your experience — adapt AI executive responses to your business context, stage, and data
• Process payments — manage your subscription and billing
• Communicate with you — send service emails including the weekly briefing, executive introduction sequence, and important account notifications
• Improve the Service — understand how the Service is used and identify areas for improvement
• Ensure security — detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations — respond to legal requests and comply with applicable law

We do not use your business data to train AI models. Your conversations with AI executives and your uploaded documents are never used to improve underlying AI models without your explicit consent.

3. How We Share Your Information

We do not sell your personal information or business data to third parties.

We share information only in the following circumstances:

3.1 Service Providers

We work with trusted third-party service providers who process data on our behalf:

• Anthropic — AI model provider (processes conversation content to generate responses)
• Supabase — database and file storage
• Vercel — hosting and infrastructure
• Clerk — authentication and user management
• Stripe — payment processing
• Resend — email delivery
• Inngest — background job processing
• Upstash — rate limiting and caching

All service providers are contractually bound to process your data only as instructed and to maintain appropriate security standards.

3.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4. Data Security

We implement appropriate technical and organisational measures to protect your information:

• All data is encrypted in transit using TLS
• All data is encrypted at rest
• Each company account is fully isolated using row-level security — your data is never accessible to other Stratum users
• Access to production systems is restricted and logged
• We conduct regular security reviews

No system is completely secure. If you become aware of a security issue, please contact us at ose@stratum.ceo.

5. Data Retention

• Active accounts — we retain your data for as long as your account is active
• After cancellation — your data is retained for 30 days after cancellation, then permanently deleted
• On request — you may request immediate deletion of your account and data at any time by contacting ose@stratum.ceo
• Legal obligations — we may retain certain information longer if required by applicable law

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate information
• Deletion — request deletion of your personal information
• Portability — request your data in a machine-readable format
• Objection — object to certain processing of your information
• Restriction — request restriction of processing in certain circumstances

To exercise any of these rights, contact us at ose@stratum.ceo. We will respond within 30 days.

7. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and keep you logged in
• Remember your preferences
• Understand how the Service is used

We do not use advertising cookies or track you across third-party websites.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

8. Third-Party Integrations

When you connect third-party services to Stratum, those services have their own privacy policies that govern their data practices. We encourage you to review the privacy policies of any third-party services you connect. We are not responsible for the privacy practices of third-party services.

9. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at ose@stratum.ceo.

10. International Data Transfers

Stratum is operated from the United States. If you are located outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to the transfer of your information to the United States. Where required by applicable law, we implement appropriate safeguards for international data transfers.

11. AI Processing

The Service uses AI to process your business data and generate responses from AI executives. This processing involves:

• Sending relevant portions of your business data and conversation history to Anthropic’s Claude API to generate AI responses
• Storing conversation history and AI-generated artifacts in our database
• Generating a weekly briefing by processing signals from all connected data sources

We do not use your data to fine-tune or train AI models. Each request to the AI API is processed in isolation and is not retained by Anthropic for training purposes under our current API agreement.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

If you have questions, concerns, or requests regarding this Privacy Policy, contact us at:

Stratum
ose@stratum.ceo
stratum.ceo

For privacy-related requests, please include “Privacy Request” in the subject line.