Privacy Policy

1. Introduction

Welcome to Stratiflux ("Company", "we", "our", "us"). We respect your privacy and are committed to protecting your personal data in accordance with the EU General Data Protection Regulation ("GDPR") and applicable laws. This Privacy Policy describes how we collect, use, store, and share personal data when you use the stratiflux.com website and related services (collectively, the "Service"), and what rights you have regarding your data.

The data controller responsible for processing personal data in connection with the Service is Stratiflux. For privacy-related requests, contact us at [email protected].

2. Information We Collect

Depending on how you use the Service, we may collect the following categories:

• Account and identity data: Name and email address when you register for an account.
• AI chat data: Content of conversations and messages you exchange with our AI assistant, including prompts and replies needed to provide the chat feature.
• Newsletter: Email address if you subscribe to our newsletter.
• Event RSVP data: Information you submit when registering for events, such as name, email address, phone number, and dietary preferences or restrictions.
• Usage and technical data: Session-related information, IP address, and similar data captured in standard web server logs, browser or device characteristics, and timestamps, as typical for operating a secure website and diagnosing issues.

3. Legal Basis for Processing (Article 6 GDPR)

We process personal data on the following legal bases:

• Performance of a contract: Processing necessary to create and manage your account and to deliver the Service you request (for example, providing account functionality and core features tied to your registration).
• Consent: Where required, we rely on your consent—for example, sending the newsletter and processing personal data when you use the AI chat feature after you choose to engage with it.
• Legitimate interests: Where applicable, we process data for our legitimate interests in operating, securing, and improving the Service, preventing abuse and fraud, and ensuring network and information security, balanced against your rights and freedoms.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Where processing is necessary for legal obligations, we may also process data to comply with applicable law.

4. How We Use Your Information

We use personal data for purposes that match the bases above, including to:

• Provide, operate, and maintain the Service and your account.
• Process and respond to AI chat requests and maintain chat-related functionality.
• Send transactional communications (for example, account-related messages) and, where you have subscribed, newsletter emails.
• Manage event registrations and related communications.
• Monitor and protect the security and integrity of the Service, enforce our terms, and comply with legal obligations.

We do not sell your personal data. We share data only as described in this policy or when required by law.

5. Third-Party Processors and Recipients

We use trusted service providers who process personal data on our instructions. Categories include:

• OpenAI (United States): processes content you submit in the AI chat to generate responses.
• Postmark (United States): delivers transactional and other email messages on our behalf where email is used.
• Cloud hosting providers, including Oracle Cloud Infrastructure (OCI) and Google Cloud Platform (GCP): host infrastructure and related services in the regions we configure.

We require processors to implement appropriate safeguards and to process data only for the purposes we specify. We may also disclose information if required by law, regulation, legal process, or to protect the rights, safety, or property of Stratiflux, our users, or others.

6. International Data Transfers

Your data may be processed in the European Economic Area and in other countries, including the United States, where OpenAI and Postmark operate and where our cloud providers maintain regions. When we transfer personal data from the EEA, the United Kingdom, or Switzerland to countries not subject to an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms, together with supplementary measures where appropriate.

7. Data Retention

We retain personal data only as long as necessary for the purposes described:

• Account data: Retained while your account is active. After we receive and confirm a valid account deletion request, we delete associated account data within thirty (30) days unless a longer period is required by law.
• AI chat history: Retained for ninety (90) days, after which it is automatically purged unless a shorter period applies or we must retain limited data to meet legal obligations.
• Newsletter: Your subscription data is kept until you unsubscribe or we end the list, after which we remove your address from active sending within a reasonable period.

To request account deletion or exercise other rights, contact [email protected]. We will respond within the timeframe stated under "Your Rights" below.

8. Your Rights (Articles 15-22 GDPR)

Subject to applicable law, you may have the right to: access your personal data; rectify inaccurate data; erase data ("right to be forgotten"); restrict processing; data portability; object to certain processing (including processing based on legitimate interests, where applicable); and withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority in your country of residence or workplace.

To exercise these rights, email [email protected]. We will respond to verified requests within thirty (30) days unless applicable law allows an extension, in which case we will inform you.

9. Cookies

We use session cookies as needed for authentication (for example, session cookies associated with NextAuth) so you can stay signed in securely. We do not use cookies for third-party marketing or cross-site advertising tracking as described in this policy.

10. Security of Your Information

We implement appropriate technical and organizational measures designed to protect personal data, including encryption in transit where appropriate for our systems. No method of transmission or storage is completely secure; we continually review our practices in light of evolving risks.

11. Children's Privacy

The Service is not directed at individuals under sixteen (16) years of age, and we do not knowingly collect personal information from children under 16. If you believe we have collected such information, contact us at [email protected] and we will take steps to delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last Updated" date above. Material changes may be communicated through the Service or by email where appropriate and required by law.

13. Contact Us

For questions about this Privacy Policy, privacy practices, or to exercise your rights, contact:

Email: [email protected]