Stratedo Privacy

1. Who We Are

Stratedo (“we”, “us”, “our”) operates an AI-powered web platform that helps entrepreneurs and intrapreneurs analyze, design, and improve business strategy using structured methodologies such as the Business Model Canvas and customer journey modeling.

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Stratedo acts as a Data Controller for personal data collected through the platform.

2. What Data We Collect

A. Account Data

Name
Email address
Company name
Billing address
Password (hashed)

B. Payment Data

Payments are processed by third-party payment processors (e.g., Stripe or PayPal). We do not store full credit card details.

We may store:

Subscription status
Payment transaction ID
Last 4 digits of card
Billing country

C. Usage Data

Log files (IP address, browser type, device type)
Login timestamps
Feature usage
Session activity

D. Strategy Content Data

Business model inputs
Strategic analysis data
Uploaded documents (if applicable)
AI-generated outputs

E. Communication Data

Support messages
Feedback submissions
Emails sent to us

3. Legal Basis for Processing (GDPR Article 6)

Purpose Legal Basis

Account creation & service delivery Contract performance

Subscription billing Contract performance

Service improvement & analytics Legitimate interest

Security & fraud prevention Legitimate interest

Marketing emails Consent

Legal compliance Legal obligation

4. How We Use Your Data

We use your data to:

Provide access to the Stratedo platform
Generate AI-powered strategic insights
Manage subscriptions and payments
Improve platform performance
Ensure security and prevent abuse
Respond to support inquiries
Comply with legal obligations

We do not sell personal data.

5. AI Processing & Confidentiality

Stratedo processes business inputs using artificial intelligence systems.
AI outputs are generated automatically.
We do not use customer private business data to train public AI models unless explicitly stated.
Access to customer data is restricted to authorized personnel.
Data is processed securely and confidentially.

6. Data Retention

We retain data:

While your account is active
For up to 6 years for financial records (where legally required)
Until deletion request (for non-financial data)
Backups may persist for a limited period

Upon account deletion, strategy content will be deleted within 30 days.

7. International Transfers

If data is transferred outside the EU/EEA:

We rely on Standard Contractual Clauses (SCCs)
Or adequacy decisions by the European Commission
Or GDPR-compliant processors

8. Your Rights Under GDPR

You have the right to:

Access your personal data
Rectify inaccurate data
Erase your data (“right to be forgotten”)
Restrict processing
Object to processing
Data portability
Withdraw consent
Lodge a complaint with your local supervisory authority

To exercise rights: [email protected]

If located in Greece, you may contact the Hellenic Data Protection Authority.

9. Security Measures

We implement:

SSL/TLS encryption
Encrypted data storage (where applicable)
Role-based access control
Secure hosting infrastructure
Regular security updates

10. Cookies & Tracking

We use:

Essential cookies (authentication)
Analytics cookies (e.g., Google Analytics) — if enabled
Functional cookies

Users may manage cookies via browser settings or a cookie banner.

11. Children’s Data

Stratedo is not intended for individuals under 18 years old.

12. Changes to This Policy

We may update this policy. Material changes will be notified via email or platform notification.

Privacy Policy