Privacy Policy

Introduction

Stratify ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered user research platform and related services.

By using our services, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us, including:

• Name and contact information (email address, phone number)
• Company information and job title
• Account credentials and profile information
• Payment and billing information
• Communication preferences

Research Data

When you conduct user research through our platform, we may collect:

• Audio and video recordings of research sessions
• Screen recordings and interaction data
• Survey responses and feedback
• Participant demographic information (when provided)
• Research project configurations and settings

Technical Information

We automatically collect certain technical information, including:

• IP address and device information
• Browser type and version
• Operating system and device characteristics
• Usage patterns and platform interactions
• Cookies and similar tracking technologies

How We Use Your Information

We use the collected information for the following purposes:

• Providing and maintaining our research platform services
• Processing and analyzing user research data using AI technology
• Generating insights and reports for your research projects
• Facilitating communication between researchers and participants
• Processing payments and managing your account
• Sending service-related communications and updates
• Improving our platform and developing new features
• Ensuring platform security and preventing fraud
• Complying with legal obligations and enforcing our terms

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

Categories of Third Parties

We may share your information with the following categories of third parties:

• Technology Service Providers: Cloud hosting services (AWS, Google Cloud, Vercel, Render), analytics platforms (PostHog), and communication tools
• Payment Processors: Stripe, PayPal, or other payment processing companies for transaction handling
• Security Providers: Cybersecurity firms and fraud prevention services
• Customer Support Tools: Help desk platforms and customer communication services
• AI/ML Service Providers: Third-party AI services that help process and analyze research data
• Professional Service Providers: Legal advisors, auditors, and consultants
• Government Agencies: When required by law, court order, or regulatory compliance

Circumstances for Sharing

• Service Providers: With trusted third-party vendors who assist in operating our platform under strict data processing agreements
• Legal Requirements: When required by law, court order, or to protect our rights, safety, and property
• Business Transfers: In connection with mergers, acquisitions, asset sales, or corporate restructuring
• Consent: When you explicitly consent to sharing your information with specific third parties
• Research Participants: Anonymized and aggregated research data may be shared with study participants as part of the research process
• Emergency Situations: To protect the vital interests of individuals or prevent imminent harm

Third-Party Safeguards: All third-party service providers are required to maintain appropriate security measures and are contractually bound to use your information only for the specific purposes outlined in our agreements with them.

Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption of data in transit and at rest using industry-standard protocols (AES-256, TLS 1.3)
• Regular security assessments, penetration testing, and vulnerability monitoring
• Multi-factor authentication and role-based access controls
• Secure data storage with redundant backup procedures
• Employee training on data protection practices and security protocols
• Network security monitoring and intrusion detection systems
• Regular security audits and compliance assessments

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Breach Notification

Our Commitment

We are committed to promptly detecting, responding to, and notifying affected parties of any data security incidents that may affect your personal information.

Detection and Response

Our incident response procedures include:

• 24/7 Monitoring: Continuous monitoring systems to detect potential security incidents
• Rapid Assessment: Immediate evaluation of the scope and severity of any detected breach
• Containment: Swift action to contain and mitigate any ongoing security threats
• Investigation: Thorough investigation to determine the cause and extent of the breach
• Remediation: Implementation of corrective measures to prevent future incidents

Notification Timeline

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Regulatory Notification: Notify relevant authorities within 72 hours of breach discovery as required by law
• User Notification: Notify affected users within 72-96 hours when the breach poses a high risk to personal data
• Public Disclosure: Provide public notification if the breach affects a large number of users or poses significant risk
• Ongoing Updates: Provide regular updates as our investigation progresses and more information becomes available

What We Will Tell You

Our breach notifications will include:

• Nature and scope of the breach
• Types of personal information involved
• Likely consequences of the breach
• Measures taken to address the breach
• Steps you can take to protect yourself
• Contact information for questions and support

Your Actions

If you suspect a security incident or unauthorized access to your account:

• Change your password immediately
• Review your account for any unauthorized activity
• Contact us immediately at security@trystratify.com
• Monitor your accounts and credit reports for suspicious activity

For security-related inquiries or to report potential security incidents, please contact our security team at security@trystratify.com.

Data Retention and Deletion

Retention Periods

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specific retention periods include:

• Account Information: Retained while your account is active and for 90 days after account closure
• Research Data: Retained according to your project settings, with a maximum of 7 years unless legally required to retain longer
• Audio/Video Recordings: Automatically deleted after 3 years unless extended by user request or legal requirement
• Technical/Log Data: Retained for up to 2 years for security and performance monitoring
• Financial Records: Retained for 7 years as required by tax and accounting regulations
• Customer Support Communications: Retained for 3 years to maintain service quality
• Marketing Communications: Retained until you unsubscribe or request deletion

Data Deletion Procedures

You have the right to request deletion of your personal information. We provide the following deletion options:

• Account Deletion: Complete account and associated data deletion within 30 days of request
• Selective Deletion: Deletion of specific data categories while maintaining active account
• Research Project Deletion: Individual project data can be deleted immediately upon request
• Automatic Deletion: Certain data types are automatically deleted according to our retention schedule

Deletion Limitations

Some information may be retained longer when required for:

• Legal compliance and regulatory requirements
• Fraud prevention and security investigations
• Financial record-keeping obligations
• Ongoing legal proceedings or disputes
• Legitimate business interests where permitted by law

To request data deletion, please contact us at pratham@trystratify.com with your specific deletion requirements. We will respond within 30 days and complete most deletions within 60 days.

Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access and review your personal information
• Correct inaccurate or incomplete information
• Delete your personal information (subject to legal requirements)
• Restrict or object to processing of your information
• Data portability and the right to receive your information
• Withdraw consent where processing is based on consent

To exercise these rights, please contact us at founders@trystratify.com.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. These technologies help us:

• Remember your preferences and settings
• Analyze platform usage and performance
• Provide personalized content and features
• Ensure platform security and prevent fraud

You can control cookie settings through your browser preferences, though some features may not function properly if cookies are disabled.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: