Privacy Policy

Stratify ("we," "our," or "us") provides a B2B marketing automation and optimization platform that helps businesses manage and improve their digital marketing campaigns across multiple advertising and CRM platforms.

We are committed to protecting your privacy and ensuring compliance with all applicable data protection laws and third-party platform terms, including those governing APIs such as LinkedIn, Google, Meta, Salesforce, and HubSpot.

This Privacy Policy explains how Stratify collects, uses, and protects information when you use our website, platform, and related services.

1. Information We Collect

We collect and process the following categories of information:

1.1 Account and Contact Information

When you create or access a Stratify account, we collect:

• Name, email address, company name, and authentication credentials (including SSO via WorkOS)
• Payment or subscription details (processed by third-party billing partners)

1.2 Platform and Integration Data

When you connect Stratify to integrated APIs (e.g., LinkedIn Ads, Google Ads, HubSpot, Salesforce), we may securely access limited campaign data strictly necessary to provide our services, including:

• Campaign, ad group, and performance metrics (e.g., spend, impressions, clicks, CTR)
• Account and campaign identifiers
• CRM lifecycle or engagement data (e.g., opportunity stage, lead ID)

We do not collect or store personally identifiable information (PII) of your customers, or LinkedIn member data beyond what is necessary for campaign management functionality.

1.3 Automatically Collected Information

We may collect standard technical data, such as IP addresses, browser type, and device information, for security and analytics purposes using PostHog and Sentry.

2. How We Use Information

We use collected information to:

• Provide and improve the Stratify platform
• Authenticate users and manage secure access
• Enable authorized integrations with advertising and CRM systems
• Synchronize and display campaign performance metrics
• Send necessary product and account communications
• Ensure platform security, reliability, and compliance

We never use integration data for advertising, prospecting, audience creation, or recruiting.

Data is processed only to support your authorized use of Stratify and within the scope of the connected platform's permitted use cases.

3. Data Handling and Storage Practices

Stratify follows strict data minimization and retention standards across all integrations:

• We request only the minimal data necessary to perform campaign management and analytics.
• Integration tokens and credentials (e.g., OAuth tokens from LinkedIn, Google, HubSpot, Salesforce) are encrypted at rest using AES-256 and stored exclusively in AWS Secrets Manager.
• Tokens are never stored in our application database (Supabase) and are automatically refreshed or rotated as required.
• Temporary campaign data and social activity metrics retrieved from advertising platforms are cached only as needed to complete requests and are deleted or refreshed within 24–48 hours in accordance with API data storage requirements.
• Redis is used only for ephemeral caching and queuing — it does not store PII or any persistent records.
• Campaign-level metrics (e.g., CTR, spend, cost per lead) may be retained in aggregated form for up to 90 days, configurable per tenant.
• Logs and analytics data are scrubbed of PII and retained for no more than 30 days.
• Data is never exported, redistributed, or combined with unrelated datasets to build profiles, leads, or audience segments.

4. Data Security

We implement enterprise-grade security measures designed to protect data from unauthorized access or disclosure:

• Encryption: All sensitive data, including OAuth tokens, is encrypted using AES-256 with keys managed by AWS KMS.
• Access Control: Role-based access control (RBAC) ensures only authorized personnel can access relevant data.

Infrastructure:

• Frontend hosted on Vercel
• Backend APIs and workers hosted on Render
• Database hosted on Supabase (Postgres) with encryption at rest
• Network Edge: Cloudflare provides CDN, WAF, and DDoS protection.
• Monitoring: Sentry is used for performance monitoring and error logging; PostHog for anonymized analytics.
• Authentication: Enterprise SSO handled through WorkOS for secure identity management.

We maintain internal audit logs of key system actions to ensure compliance and traceability.

5. Data Retention and Deletion

We retain data only for as long as necessary to provide services or meet legal obligations.

• Campaign performance metrics are stored for a maximum of 90 days unless otherwise required for billing or contractual purposes.
• Cached data obtained via advertising or CRM APIs is refreshed or deleted within 24–48 hours, consistent with the storage requirements of our API partners.
• You may request deletion of your account or associated data at any time by contacting privacy@stratify.ai.

6. Data Sharing

We do not sell, rent, or trade your personal data.

We only share data with trusted third-party service providers essential to delivering Stratify's functionality. These include:

All third-party providers are bound by strict confidentiality and data-protection agreements.

7. Data Transfers

We may process data in the United States or other jurisdictions where our infrastructure or providers operate.

All transfers comply with applicable data protection laws, and, where required, standard contractual clauses or equivalent safeguards are used.

8. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access the information we hold about you
• Request correction or deletion of your data
• Object to or restrict certain types of processing
• Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@stratify.ai.

9. Children's Privacy

Stratify is intended for use by businesses and not by individuals under 16 years of age.

We do not knowingly collect or process personal data from children.

10. Updates to This Policy

We may update this Privacy Policy periodically to reflect operational, legal, or regulatory changes.

Any updates will be posted here, and the "Last Updated" date will be revised accordingly.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data handling practices, please contact us at: