Privacy Policy

Introduction and Scope

StrataSpend ("we," "us," or "our") operates a cloud cost intelligence platform. This Privacy Policy describes how we collect, use, disclose, and protect information when you access or use our services, website, and related applications.

This policy applies to all users of our platform, including visitors to our website, trial users, and enterprise customers. By using our services, you consent to the practices described in this policy.

Information We Collect

We collect several categories of information to provide, maintain, and improve our services:

Account and Profile Information: When you register for an account, we collect your name, email address, company name, job title, and billing information. Enterprise customers may provide additional contact details for team members.

Infrastructure Data: Our platform analyzes your cloud infrastructure, including resource utilization metrics, configuration data, spending patterns, license allocations, and usage statistics from connected platforms such as AWS, Azure, Google Cloud, and SaaS vendors.

Usage and Activity Data: We automatically collect information about how you interact with our platform, including login times, features accessed, queries performed, reports generated, and optimization actions taken.

Technical and Device Information: We collect IP addresses, browser types, operating systems, device identifiers, and referring URLs to maintain security and improve service performance.

How We Use Your Information

We process your information for the following purposes:

Service Delivery: To provide cost optimization analysis, generate recommendations, forecast availability impact, model scenarios, and deliver reports on verified savings.

Platform Improvement: To enhance our AI algorithms, improve anomaly detection accuracy, develop new features, and optimize system performance based on aggregated usage patterns.

Security and Integrity: To detect and prevent fraud, unauthorized access, security incidents, and violations of our Terms of Service.

Communication: To send transactional messages, platform updates, security alerts, and respond to your inquiries. With your consent, we may send marketing communications about new features or offerings.

Compliance and Legal Obligations: To comply with applicable laws, respond to lawful requests, enforce our agreements, and protect our rights and property.

Data Sharing and Disclosure

We share information in the following circumstances:

Service Providers: We engage third-party vendors to perform functions on our behalf, including cloud hosting providers, payment processors, analytics services, and customer support platforms. These providers are contractually obligated to protect your information and may only use it to provide services to us.

Cloud Platform Integrations: To deliver our services, we connect to your authorized cloud and SaaS platforms. We access only the permissions you grant and do not share your infrastructure data with these providers beyond what is necessary for integration functionality.

Business Transfers: If we are involved in a merger, acquisition, sale of assets, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

Legal Requirements: We may disclose information if required by law, court order, legal process, or governmental request, or to protect the rights, property, or safety of StrataSpend, our users, or others.

Aggregated and Anonymized Data: We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you, including industry benchmarks and trend analyses.

Data Security and Protection

We implement administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit and at rest, access controls, security monitoring, regular security assessments, and employee training.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Account information is retained for the duration of your active subscription and for a reasonable period thereafter to facilitate reactivation and comply with legal obligations.

Infrastructure data is retained as needed to provide historical analysis and trend identification. When you close your account or request deletion, we will delete or anonymize your information within 90 days, except where retention is required for legal, accounting, or security purposes.

Your Rights and Choices

Access and Portability: You may request a copy of the personal information we hold about you. Where technically feasible, we will provide your data in a structured, commonly used, and machine-readable format.

Correction and Update: You can update your account information at any time through your account settings. If you believe any information we hold is inaccurate, you may request correction.

Deletion and Erasure: You may request deletion of your personal information, subject to legal and contractual obligations that may require retention.

Restriction and Objection: You may object to certain processing of your information or request that we restrict processing in specific circumstances.

Marketing Communications: You can opt out of marketing emails by using the unsubscribe link in any marketing message or by adjusting your account preferences.

International Data Transfers

Our services are operated from the United Kingdom, and your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer information internationally, we implement appropriate safeguards, including standard contractual clauses approved by relevant authorities, to ensure adequate protection of your personal data.

Children's Privacy

Our services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

Third-Party Links and Services

Our platform may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

Analytics and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your use of our services. These technologies help us analyze usage patterns, remember your preferences, authenticate users, and improve platform performance.

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our platform. For more information, please see our Cookie Policy.

California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information as defined by the CCPA.

To exercise your rights, please contact us using the information provided in the Contact section below.

European Data Protection Rights

If you are located in the European Economic Area or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing.

You also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable data protection law.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other operational reasons. We will notify you of material changes by posting the updated policy on our website and updating the effective date. Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@strataspend.io
Phone: +44 7492 805 361
Address: 45 Knighton Church Road, Leicester LE2 3JG, United Kingdom

Data Protection Officer

For matters related to data protection and privacy compliance, you may contact our Data Protection Officer at dpo@strataspend.io.