Legal · updated April 1, 2026

Privacy Policy

How we handle personal data, cookies, connectors, and sub-processors, without the lawyer fog.

Who we are

Strique ("we", "us", "our") operates the platform available at strique.io. This policy describes how we handle personal data collected through the platform. For GDPR purposes, the legal entity responsible is Strique Inc.

What we collect

Account data (name, email, password hash), Organization data (company name, website, brand assets), usage telemetry (agent runs, tool calls, feature usage), billing data (via our payment processor; we never see card numbers), and any content you choose to upload to the My Stuff tab or attach to chats.

Why we collect it

To run the platform, to bill you, to improve the product, and to communicate with you about service issues. We do NOT use your chats, uploaded files, or Org context to train shared AI models. Your data is yours.

Connectors and OAuth

When you connect a third-party service (Meta, HubSpot, Klaviyo, etc.), you grant Strique the scopes necessary to perform the actions you've asked for. We store refresh tokens encrypted at rest and only use them to execute your requested workflows. You can revoke any connector at any time from Org settings.

Who we share data with

Sub-processors we use to operate the platform (our cloud host, payment processor, transactional email provider, analytics, error monitoring, and the LLM/STT/TTS/image/video providers that power platform-managed services). Full sub-processor list available in the trust center at trust.strique.io. We never sell data to third parties.

International transfers

If you're in the EEA or UK, we rely on Standard Contractual Clauses (SCCs) for any data transfers to the United States. Enterprise customers can opt into EU-only data residency.

Your rights

Under GDPR and similar frameworks, you can request access to, correction of, deletion of, or export of your personal data. Email privacy@strique.io. We respond within 30 days.

Cookies

We use strictly necessary cookies (auth, session) by default. Analytics and marketing cookies only fire after you accept the cookie banner. You can change your preferences any time from the footer.

Retention

We keep account data for as long as your Org is active. After offboarding, we delete customer data within 30 days. Audit logs are retained for seven years for compliance. You can request an export at any time.

Security

See our Security page. Encryption at rest and in transit, row-level tenant isolation, KMS-backed secrets, SSO + hardware-key MFA for employees, JIT production access. ISO/IEC 27001 certified.

Children

Strique is a B2B product not directed at children under 16. We do not knowingly collect data from minors. If you believe we have, contact us and we'll delete it.

Changes to this policy

If we make material changes, we'll notify Org admins by email at least 30 days before they take effect. Non-material changes (clarifications, typos, updated sub-processor list) are reflected immediately with a refreshed "updated" date.

Contact

Questions about this policy, privacy requests, or a DPA? Email privacy@strique.io. Our Data Protection Officer can be reached at dpo@strique.io.