Privacy Policy

Stratics.ai is a brand and product of Da Vinci IT bv, a company registered in Belgium (hereinafter “we”, “us”, or “our”). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Belgian law.

This Privacy Policy explains how we collect, use, share, and protect personal information when you use the Stratics.ai platform, website (stratics.ai), and any related services (collectively, the “Service”).

By using the Service, you acknowledge you have read and understood this policy. If you do not agree, please discontinue use of the Service.

The data controller responsible for your personal data is:

We collect the following categories of personal data:

• Account data: Name, email address, and password (hashed) when you register for the Service.
• Profile and organisational data: Organisation name, role, and any information you provide when setting up your workspace.
• Usage data: Pages visited, features used, actions taken within the platform, timestamps, and session information.
• Communication data: Messages, prompts, and AI interactions you create or send through the Service, including WhatsApp Business messaging content when you use our WhatsApp integration.
• Contact data (leads): First name, last name, phone number, email, and other information you or your organisation enters about your contacts or leads within the platform.
• Payment data: Billing details processed by our payment provider (Stripe). We do not store full payment card numbers.
• Technical data: IP address, browser type, device type, and cookies/local storage identifiers for session management and security.
• Meta / WhatsApp platform data: If you connect your WhatsApp Business account via the Meta API, we receive and process message content, phone numbers, and metadata provided by the Meta platform in accordance with Meta's platform policies and your end-user agreements with Meta.

We use personal data for the following purposes and on the following legal bases:

Stratics.ai integrates with the Meta (WhatsApp Business) API. When you enable this integration:

• We access and store WhatsApp message content and phone numbers on your behalf to provide the messaging features.
• Data obtained through the Meta API is used solely to operate the integration features you requested and is not used to train AI models or sold to third parties.
• We comply with Meta's Platform Terms and WhatsApp Business API Terms of Service.
• You remain responsible for ensuring your end-users have been informed and have given appropriate consent for their messages to be processed through a third-party platform.
• You can revoke the Meta API integration at any time from your organisation's connections settings, after which we will stop collecting new data from Meta.

We do not sell your personal data. We may share data with trusted third-party service providers who process it on our behalf:

• Supabase – database and authentication infrastructure (EU region)
• Stripe – payment processing
• Amazon SES – transactional email delivery
• OpenAI / Anthropic / Google / xAI – AI language model processing for features you use
• Meta Platforms, Inc. – WhatsApp Business API integration
• Vercel – hosting and infrastructure

All third-party processors are contractually required to handle data in accordance with GDPR. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses).

We may also disclose personal data if required by law or to protect the rights, property, or safety of Da Vinci IT bv, our users, or others.

We retain personal data for as long as necessary to fulfil the purposes described in this policy, or as required by law:

• Account data is retained for the duration of your subscription plus 30 days after account closure.
• Billing records are retained for 7 years as required by Belgian accounting law.
• WhatsApp message content is retained for the period configured in your account settings, or until you delete it.
• Usage logs are retained for up to 12 months for security and improvement purposes.

As a data subject in the EU, you have the following rights:

• Right of access – Request a copy of the personal data we hold about you.
• Right to rectification – Request correction of inaccurate or incomplete data.
• Right to erasure – Request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
• Right to restriction – Request we limit processing of your data in certain circumstances.
• Right to data portability – Receive your data in a structured, machine-readable format.
• Right to object – Object to processing based on legitimate interests.
• Right to withdraw consent – Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at privacy@stratics.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (GBA).

We use strictly necessary cookies and local storage for session management and authentication. We do not use third-party advertising or tracking cookies. You can manage cookie settings in your browser. Disabling session cookies will prevent you from logging in.

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (TLS), hashed passwords, role-based access controls, and regular security reviews.

The Service is intended for business users and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the Service. The “Last updated” date at the top of this page indicates when this policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: