STRATEGIAStrategic Material Intelligence
Request Briefing

LEGAL

Privacy Policy

Effective 2026-05-01

STRATEGIA SAS (the "Controller") processes personal data in accordance with the EU General Data Protection Regulation (Regulation 2016/679, "GDPR") and the French Loi Informatique et Libertés. This Privacy Policy describes what data we collect, why, on what legal basis, and what rights you have.

1. Data controller and DPO

Data Controller: STRATEGIA SAS, SIREN 942 188 503, 8 rue de l'Industrie, 75009 Paris, France. Data Protection Officer (DPO): contact at dpo@strategia.ai. Lead supervisory authority: Commission Nationale de l'Informatique et des Libertés (CNIL), Paris.

2. Personal data we process

We process the following categories of personal data: • Professional contact details (name, work email, job title, company) • Account access and authentication data (encrypted credentials, session tokens) • Usage and product telemetry (page views, queries, errors) • Commercial correspondence and call notes We do not knowingly process special categories of data (Article 9 GDPR) or process data of children under 16.

3. Purposes and legal bases

We process personal data on the following legal bases: • Performance of contract (Article 6(1)(b) GDPR) — providing the Service to subscribers • Legitimate interest (Article 6(1)(f) GDPR) — operating, securing and improving the Service, sending occasional sales communication to business prospects (subject to a clear opt-out) • Consent (Article 6(1)(a) GDPR) — newsletter, analytics where applicable • Legal obligation (Article 6(1)(c) GDPR) — accounting, fiscal and anti-fraud requirements

4. Retention

Account and contract data: retained for the duration of the contract and up to 10 years thereafter for legal and fiscal obligations (Code de commerce L123-22). Prospect contact data: retained for 3 years from last contact, then deleted or anonymised (CNIL recommendation on commercial prospection). Web logs and security events: retained for 12 months.

5. Recipients and sub-processors

Personal data may be shared with the following categories of recipients: • Cloud infrastructure providers (Vercel Inc., AWS EU, Hetzner) — under signed DPA with appropriate safeguards • Email and communications providers (Resend, ProtonMail) • Payment processors (Stripe, where applicable) • Analytics (Plausible, EU-hosted, cookie-free) A current sub-processor list is available on request. We do not sell personal data.

6. International transfers

Most processing happens in the European Economic Area. Where data is transferred outside the EEA (for example, to US-based cloud providers), transfers are subject to Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and supplementary measures where required by Schrems II case law.

7. Your rights

Under GDPR you have the right to: access, rectification, erasure (subject to lawful exceptions), restriction of processing, portability, objection, withdrawal of consent at any time (without retroactive effect), and the right to lodge a complaint with the CNIL or another supervisory authority. Requests should be addressed to dpo@strategia.ai. We respond within one month (Article 12(3) GDPR), extendable by two months for complex requests.

8. Security

We implement appropriate technical and organisational measures including encryption in transit (TLS 1.3) and at rest, role-based access control, audit logging, periodic vulnerability scanning, and incident-response procedures aligned with ISO 27001 controls. In the event of a data breach likely to result in a risk to natural persons, we notify the CNIL within 72 hours per Article 33 GDPR.

9. Cookies

We use only strictly necessary cookies (session, security) and an EU-hosted, cookie-free analytics provider (Plausible). We do not deploy advertising cookies. Where consent is required under the ePrivacy Directive, a clear consent mechanism is presented prior to placement.

10. Changes to this Policy

Material changes are communicated by email to the administrative contact at least 30 days before they take effect. The latest version is always available at this URL.

Questions? Email compliance@strategia.ai or our DPO at dpo@strategia.ai. Our DPA template is available on request.