STRAT

Privacy Policy

Last updated: May 2026

Data Controller: STRAT · getstrat.co.uk · hello@getstrat.co.uk

1. Introduction

STRAT ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform at getstrat.co.uk.

We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

STRAT is the data controller for personal data collected through this Platform. If you have any questions about how we handle your data, contact us at hello@getstrat.co.uk.

3. What Data We Collect

Account data: Name (if provided), email address, password (encrypted), account preferences, subscription tier, billing history.

Business data: Property records, deal information, investor contact details, financial data, and documents that you input into the Platform. This data belongs to you.

Usage data: Pages visited, features used, session duration, device type, browser, IP address.

Payment data: Billing information processed via Stripe. We do not store card details - these are handled entirely by Stripe under their own privacy policy.

Communications data: Messages sent via our contact form, support emails, and any correspondence with our team.

4. How We Use Your Data

We use your data to:

  • Provide, operate, and improve the STRAT Platform
  • Process your subscription and manage your account
  • Send you important account and service notifications
  • Respond to your enquiries and support requests
  • Send product updates and feature announcements (you can opt out at any time)
  • Comply with legal obligations
  • Detect and prevent fraud or misuse of the Platform

We do not sell your data to third parties. We do not use your data for advertising purposes.

5. Legal Basis for Processing

  • Contract: Processing necessary to deliver the Platform and your subscription
  • Legitimate interests: Improving the Platform, preventing fraud, ensuring security
  • Legal obligation: Compliance with applicable UK law
  • Consent: Marketing communications (you can withdraw consent at any time)

6. Data Sharing

We share your data only with trusted third-party service providers necessary to operate the Platform:

  • Stripe - payment processing
  • Supabase - database hosting and storage
  • Resend - transactional email delivery
  • Anthropic / OpenAI - AI processing for Co-Pilot and Deal Analyser features (data is not used to train models)
  • Vercel - Platform hosting

All third-party providers are contractually required to handle your data securely and in accordance with UK GDPR.

We will disclose your data if required by law, court order, or to protect the rights and safety of STRAT or others.

7. Data Storage & Security

Your data is stored on UK/EEA-based servers. We implement appropriate technical and organisational security measures including:

  • Encryption in transit (SSL/TLS)
  • Encrypted password storage
  • Access controls and authentication
  • Regular security reviews

No system is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the ICO as required by law.

8. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription or delete your account:

  • Your data will be retained for 90 days to allow for reactivation
  • After 90 days, your personal data will be permanently deleted
  • Anonymised usage data may be retained for analytics purposes

You can request deletion of your data at any time by emailing hello@getstrat.co.uk.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access - request a copy of the personal data we hold about you
  • Rectification - request correction of inaccurate data
  • Erasure - request deletion of your data ("right to be forgotten")
  • Restriction - request that we limit how we use your data
  • Portability - receive your data in a portable format
  • Object - object to processing based on legitimate interests
  • Withdraw consent - for any processing based on consent (e.g. marketing emails)

To exercise any of these rights, email hello@getstrat.co.uk. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

We use cookies to operate the Platform and improve your experience. Cookie types:

  • Essential cookies - required for login, security, and Platform functionality
  • Analytics cookies - help us understand how the Platform is used (you can opt out)

A cookie consent banner will appear on your first visit. You can manage cookie preferences at any time from the cookie settings link in the footer.

11. Children

The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification. Continued use of the Platform after changes take effect constitutes acceptance.

13. Contact

For any privacy-related questions or to exercise your rights:
📧 hello@getstrat.co.uk
🌐 getstrat.co.uk/contact