Privacy Policy

We collect information you provide directly to us, information we obtain automatically when you use our Services, and information from third-party sources.

Information You Provide: - Account information such as your name, email address, company name, job title, and password when you register for an account - Payment and billing information when you subscribe to our paid services - Profile information and preferences you set within your account - Communications you send to us, including support requests and feedback - Financial data you upload or connect to the platform, including bank account information, transaction data, and financial statements - Information about your organization's entities, currencies, and banking relationships

Information We Collect Automatically: - Device information including your IP address, browser type, operating system, and device identifiers - Usage information such as pages visited, features used, time spent on the platform, and clickstream data - Log data including access times, error logs, and referring URLs - Information collected through cookies, pixel tags, and similar technologies

Information from Third Parties: - Data from banking providers and financial institutions you connect through our platform (via Xero, QuickBooks, or other integrations) - Information from identity verification services when required for compliance purposes

We use the information we collect to provide, maintain, and improve our Services, and to communicate with you.

Service Delivery: - Process and complete transactions - Provide cash management, FP&A, and market risk intelligence features - Generate forecasts, analytics, and insights based on your financial data - Facilitate bank account connections and data synchronization - Respond to your requests and provide customer support

Platform Improvement: - Analyze usage patterns to improve our Services - Develop new features and functionality - Train and improve our AI and machine learning models (using aggregated, de-identified data) - Debug and fix technical issues

Communication: - Send service-related notices, updates, and administrative messages - Provide information about new features, products, or services - Send marketing communications (with your consent where required)

Security and Compliance: - Detect, prevent, and address fraud, security breaches, and other harmful activity - Comply with legal obligations and enforce our terms of service - Protect the rights, property, and safety of Stratiri, our users, and the public

We do not sell your personal information. We share information only in the following circumstances:

With Your Consent: We may share information when you direct us to do so or provide explicit consent.

Service Providers: We engage trusted third-party companies to perform services on our behalf, including: - Cloud hosting and infrastructure providers - Payment processors - Analytics providers - Customer support tools - Email delivery services

These providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with this Privacy Policy.

Banking and Financial Partners: When you connect financial accounts, we share necessary information with banking providers (such as Xero and QuickBooks) to facilitate the connection and data synchronization. These providers have their own privacy policies governing their use of your data.

Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers: If Stratiri is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Aggregated or De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, or business purposes.

We implement and maintain robust security measures to protect your information from unauthorized access, disclosure, alteration, and destruction.

Technical Safeguards: - Encryption of data in transit using TLS/SSL protocols - Encryption of sensitive data at rest using AES-256 encryption - Secure authentication mechanisms including password hashing and optional multi-factor authentication - Regular security assessments and penetration testing - Network security controls including firewalls and intrusion detection systems

Organizational Measures: - Access controls limiting employee access to personal information on a need-to-know basis - Employee training on data protection and security practices - Incident response procedures for potential security breaches - Regular review and updates of security policies and procedures

Infrastructure Security: - Use of reputable cloud service providers with SOC 2 compliance - Database isolation and row-level security for multi-tenant data protection - Regular backups and disaster recovery procedures - Monitoring and logging of system access and changes

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to implementing best practices and promptly addressing any identified vulnerabilities.

We use cookies and similar tracking technologies to collect information about your interactions with our Services.

Types of Cookies We Use:

Essential Cookies: Required for the operation of our Services, including authentication, security, and basic functionality. These cannot be disabled.

Analytics Cookies: Help us understand how visitors interact with our Services by collecting information about pages visited, time spent, and navigation patterns. We use this data to improve our platform.

Functional Cookies: Remember your preferences and settings to provide enhanced, personalized features.

Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns (only with your consent where required by law).

Your Choices:

Most web browsers allow you to control cookies through their settings. You can typically: - View what cookies are stored on your device - Accept or reject cookies on a case-by-case or blanket basis - Delete cookies already stored on your device

Please note that disabling certain cookies may impact the functionality of our Services.

We may also use pixel tags, web beacons, and similar technologies to collect information about your use of our Services and your interactions with our emails.

Depending on your location, you may have certain rights regarding your personal information.

Access and Portability: You can request a copy of the personal information we hold about you and, where applicable, receive it in a structured, commonly used, machine-readable format.

Correction: You can update or correct inaccurate personal information through your account settings or by contacting us.

Deletion: You can request that we delete your personal information, subject to certain exceptions such as compliance with legal obligations or completion of transactions.

Restriction and Objection: You can request that we restrict processing of your personal information or object to processing based on our legitimate interests.

Withdraw Consent: Where we rely on consent to process your information, you can withdraw that consent at any time. This will not affect the lawfulness of processing conducted prior to withdrawal.

Marketing Communications: You can opt out of receiving marketing emails by clicking the unsubscribe link in any marketing email or updating your communication preferences in your account settings.

Do Not Track: Some browsers include a "Do Not Track" feature. Our Services do not currently respond to Do Not Track signals.

To exercise these rights, please contact us at hello@stratiri.com. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing certain requests.

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations.

Account Information: We retain your account information for as long as your account is active. If you close your account, we will delete or anonymize your personal information within 90 days, except as necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

Financial Data: Transaction data and financial information are retained for the period required by applicable financial regulations and for audit purposes, typically seven years from the date of the transaction.

Usage Data: Log files and analytics data are generally retained for 24 months, after which they are aggregated or deleted.

Marketing Data: If you have opted out of marketing communications, we retain your preference indefinitely to ensure we honor your request.

Legal and Compliance: We may retain information for longer periods if required by law, regulation, or legal process, or if necessary to establish, exercise, or defend legal claims.

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable law.

Stratiri is headquartered in the United States, and our Services are hosted on servers located in the United States and other countries. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

Safeguards for International Transfers:

When we transfer personal information across borders, we implement appropriate safeguards to ensure your information receives adequate protection, including:

- Standard Contractual Clauses approved by the European Commission for transfers from the EEA - Data processing agreements with our service providers requiring appropriate security measures - Compliance with applicable data protection frameworks and regulations

European Economic Area (EEA) and UK: For individuals in the EEA and UK, we process personal information on the following legal bases: - Performance of a contract when providing our Services - Legitimate interests in operating and improving our business - Compliance with legal obligations - Your consent where required

California Residents: California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information (note: we do not sell personal information).

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

If you believe we may have collected information from a child under 16, please contact us at hello@stratiri.com so we can investigate and take appropriate action.

Parents or guardians who believe their child may have provided us with personal information can contact us to request deletion of that information.

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices.

Banking Integrations: When you connect your bank accounts through third-party providers such as Xero or QuickBooks, your use of those services is governed by their respective privacy policies and terms of service. We encourage you to review those policies before connecting your accounts.

Analytics and Advertising: We may use third-party analytics services to help us understand how users engage with our Services. These services may collect information about your use of our Services and other websites using cookies and similar technologies.

We encourage you to review the privacy policies of any third-party services you interact with through our platform.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes: If we make material changes to this Privacy Policy, we will notify you by: - Posting the updated policy on our website with a new "Last Updated" date - Sending you an email notification (for registered users) - Displaying a prominent notice within our Services

Your Continued Use: Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of our Services and contact us to delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.