📋 This is a draft template to help you get started. You should have it reviewed by a qualified legal professional to ensure it matches your exact data flows and legal obligations in all regions.
This Privacy Policy explains how Strivia ("we", "us", "our") collects, uses, shares, and protects personal data when you use strivia.ai and the Strivia application (the "Service").
1. Who we are (Controller)
- Service: Strivia (strivia.ai)
- Hosting/provider: Hosted on a VPS provided/managed by Kodly (kodlyweb.com)
- Data Protection Officer (DPO): Kurt Bartolo
- Contact: support@strivia.ai
2. What data we collect
We may collect the following categories of information:
- Account data: name, email address, password (stored in hashed form), authentication/session identifiers.
- Workspace and profile data: workspace name, settings, team/member information, roles and permissions.
- Content you provide: messages and prompts you send to bots, conversation history, knowledge base ("Brain") entries, client/contact records you add, and other content you store in the Service.
- Uploaded files: files you upload to the Service (and associated metadata such as filename, size, type, upload time).
- Usage and activity logs: actions taken in the app (e.g., logins, page access, feature usage, changes to settings), timestamps, and related identifiers.
- Device and technical data: IP address, browser type, device identifiers (where available), operating system, approximate location derived from IP, and diagnostic data.
- Cookies and similar technologies: session cookies and other cookies required to operate the Service.
- Billing data (if applicable): subscription status, plan details, invoices/receipts, and limited payment-related metadata. Payment card details are processed by our payment providers and are not stored by Strivia.
3. How we use your data
We use personal data to:
- Provide, maintain, and secure the Service.
- Create and manage accounts, workspaces, and team access.
- Enable core features such as chat, knowledge base storage, client management, and integrations.
- Process subscriptions and billing.
- Monitor usage, prevent fraud/abuse, and enforce our terms.
- Troubleshoot bugs, improve performance, and develop new features.
- Communicate with you about service updates, security notices, and support.
4. Legal bases (GDPR/UK GDPR)
Where GDPR or similar laws apply, we process personal data under one or more of these legal bases:
- Contract: to provide the Service you request.
- Legitimate interests: to secure, maintain, and improve the Service, prevent abuse, and operate our business.
- Consent: where required (e.g., certain cookies or marketing communications).
- Legal obligation: to comply with applicable laws (e.g., tax/accounting obligations).
5. AI processing and third-party model providers
Strivia may use third-party AI providers (for example, Anthropic) to process messages and generate responses.
- What is shared: your prompts/messages and relevant context needed to generate responses.
- Purpose: to provide AI features within the Service.
Important: do not submit sensitive personal data or confidential information unless you are comfortable with it being processed for this purpose.
6. Integrations and third-party services
We may share data with third parties to operate the Service, including:
- Payment processing: e.g., Stripe.
- AI providers: e.g., Anthropic.
- Messaging and social platforms (if you connect them): e.g., WhatsApp Business, Meta Business Suite/Ads, and other integrations you enable.
If you connect an integration, Strivia may store tokens/credentials and exchange data with that provider as required to deliver the integration features.
We may add additional third-party services over time (e.g., LinkedIn and others). We will update this policy when we make material changes.
7. Cookies
We use cookies and similar technologies to:
- Keep you signed in (session cookies).
- Maintain security and prevent abuse.
- Remember preferences and settings.
Depending on your configuration, we may also use analytics or performance cookies. Where required by law, we will request consent.
8. Data retention
We retain personal data for as long as necessary to:
- Provide the Service.
- Comply with legal obligations.
- Resolve disputes and enforce agreements.
You may request deletion of your account and associated data, subject to legal retention requirements.
9. International transfers
Because we serve users worldwide, your data may be processed in countries other than your own. Where required, we use appropriate safeguards for international transfers (such as contractual protections).
10. Security
We implement reasonable technical and organisational measures to protect your data, including access controls and encryption where appropriate. However, no method of transmission or storage is 100% secure.
11. Your rights
Depending on your location, you may have rights such as:
- Access to your personal data.
- Correction of inaccurate data.
- Deletion of your data.
- Restriction or objection to certain processing.
- Data portability.
- Withdrawal of consent (where processing is based on consent).
To exercise these rights, contact us using the details in Section 1.
12. Children's privacy
The Service is not intended for children under the age of 16 (or the minimum age required by your local law). We do not knowingly collect personal data from children.
13. Changes to this policy
We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Service or by other means.
14. Contact
For privacy questions or requests, contact:
Last updated: 14 April 2026