Privacy Policy

Effective date: April 1, 2026

Stratium ("we", "us", or "our") operates the Cadence executive orchestration platform accessible at app.stratiumhq.com and the marketing site at stratiumhq.com. This Privacy Policy explains what personal data we collect, how we use it, and the choices you have regarding your information.

By using Cadence or visiting our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

1. Data We Collect

1.1 Account Information

When you create an account, we collect information you provide directly, including:

• Full name and email address
• Organisation name and role
• Password (stored in hashed form)
• Profile photo (optional)
• Billing information (processed by our payment provider; we do not store full card details)

1.2 Usage Data

We automatically collect information about how you interact with Cadence, including pages visited, features used, timestamps, device type, browser type, operating system, and IP address. This data is collected using privacy-friendly analytics tools and does not involve cross-site tracking.

1.3 Calendar Data

If you connect your calendar, we access event titles, times, attendees, and meeting links to power scheduling features, daily planning, and focus time governance. We access only the data necessary to provide these features.

1.4 Work Items and Tasks

Cadence stores tasks, priorities, action items, strategic goals, and related metadata that you or your executive assistant create within the platform.

1.5 Transcripts and Notes

If you use transcript-based features, we process meeting transcripts, summaries, and notes to extract action items and provide AI-powered insights. Transcript content is stored within your tenant and is not shared with other customers.

2. How We Use Your Data

We use the data we collect for the following purposes:

• Provide and operate the service: powering daily planning, calendar sync, task management, EA workflows, and reporting features.
• AI features: generating action items from transcripts, suggesting schedule optimisations, and providing executive briefings using machine learning models.
• Analytics and improvement: understanding how Cadence is used so we can improve performance, fix issues, and develop new features.
• Communications: sending transactional emails (account confirmations, password resets, billing receipts) and, with your consent, product updates and announcements.
• Security and fraud prevention: detecting and preventing unauthorised access, abuse, or security incidents.
• Legal compliance: meeting applicable legal obligations, resolving disputes, and enforcing our agreements.

3. Data Storage and Security

All customer data is hosted on Microsoft Azure in the West Europe region. We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Tenant-level data isolation ensuring your data is logically separated from other customers
• Regular security assessments and vulnerability scanning
• Role-based access controls and principle of least privilege for internal systems
• Automated backups with encryption

While we take extensive precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the highest practicable standard.

4. Third-Party Services

We work with a limited number of third-party providers to deliver Cadence. These include:

• Calendar providers: Google Calendar and Microsoft Outlook, accessed via OAuth with scopes limited to the data required for calendar sync features.
• Payment processor: our payment provider handles subscription billing. We do not store your full payment card details on our servers.
• Analytics: we use privacy-friendly analytics tools that do not use cross-site tracking or sell your data.
• Infrastructure: Microsoft Azure for hosting, compute, and storage services.

Each third-party provider is bound by their own privacy policies and data processing agreements. We only share the minimum data necessary for each provider to perform its function.

5. Data Retention and Deletion

We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data: retained while your account is active and for up to 30 days after account deletion to allow for recovery.
• Usage and analytics data: retained in aggregated, anonymised form for up to 24 months.
• Billing records: retained as required by applicable tax and accounting laws.
• Transcripts and work items: deleted when you delete them within the platform, or when your account is deleted.

You may request deletion of your account and associated data at any time by contacting us at hello@stratiumhq.com. We will process deletion requests within 30 days, subject to any legal retention obligations.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete personal data.
• Deletion: request deletion of your personal data, subject to legal retention requirements.
• Export: request a portable copy of your data in a commonly used, machine-readable format.
• Restrict processing: request that we limit how we process your data in certain circumstances.
• Object: object to processing of your data for certain purposes, including direct marketing.
• Withdraw consent: where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at hello@stratiumhq.com. We will respond to your request within 30 days.

7. GDPR Compliance

For users in the European Economic Area (EEA) and the United Kingdom, we process personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Performance of a contract: processing necessary to provide you with the Cadence service under our Terms of Service.
• Legitimate interests: processing necessary for our legitimate business interests, such as improving the product, ensuring security, and communicating with you, where those interests are not overridden by your rights.
• Consent: where you have given explicit consent, such as opting into marketing communications.
• Legal obligation: processing necessary to comply with applicable laws.

We store all data within the European Union (Azure West Europe region). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local supervisory authority.

8. Cookies

We use a limited set of cookies to operate Cadence and our website. For full details on the cookies we use and how to manage them, please see our Cookie Policy.

9. Children's Privacy

Cadence is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe a child under 16 has provided us with personal data, please contact us at hello@stratiumhq.com.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice on our website before the changes take effect. The "Effective date" at the top of this page indicates when this policy was last revised.

We encourage you to review this page periodically for the latest information on our privacy practices.

11. Contact Us

If you have questions or concerns about this Privacy Policy, your personal data, or our privacy practices, please contact us:

• Email: hello@stratiumhq.com
• Website: stratiumhq.com