Privacy Policy

Last updated: March 8, 2026 — Compliant with GDPR (EU) 2016/679

1. Introduction

Stratus ("we", "our", "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our financial diagnostic platform at stratus.homes.

As a data controller, we comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Data We Collect

2.1 Account Information

▸Name and email address (from OAuth login)
▸Account creation date and last login
▸User role and access status

2.2 Financial Data (provided by you)

▸Revenue figures (actual and forecast)
▸Fixed and variable costs
▸Cash position and total debt
▸Number of active clients
▸Business sector and objectives

This financial data is used exclusively to generate your diagnostic reports. It is never sold, shared with third parties, or used for advertising purposes.

2.3 Usage Data

▸Pages visited and features used
▸Diagnostic history and monthly tracking data
▸Chat messages with the AI assistant
▸PDF export activity

2.4 Payment Data

Payment processing is handled entirely by Paddle. We do not store your credit card numbers, bank details, or payment credentials. Paddle's privacy policy applies to payment data: paddle.com/legal/privacy

3. How We Use Your Data

Purpose	Legal Basis
Provide financial diagnostic services	Contract performance
Generate AI-powered recovery plans	Contract performance
Process payments and verify access	Contract performance
Improve our AI models (anonymized)	Legitimate interest
Send important service updates	Legitimate interest
Comply with legal obligations	Legal obligation

4. Data Storage & Security

Your data is stored on secure, encrypted servers. We implement industry-standard security measures including:

▸TLS/SSL encryption for all data in transit
▸AES-256 encryption for data at rest
▸Regular security audits and vulnerability assessments
▸Access controls limiting data access to authorized personnel only
▸Automatic session expiration and secure cookie handling

Your financial data is stored in our database and is only accessible by you through your authenticated account.

5. Data Retention

We retain your data for as long as your account is active. If you request account deletion:

▸Account data is deleted within 30 days
▸Financial diagnostic data is permanently deleted
▸Anonymized aggregate statistics may be retained for service improvement
▸Payment records are retained for 7 years as required by law

6. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

Right of Access — Request a copy of all personal data we hold about you

Right to Rectification — Correct inaccurate or incomplete data

Right to Erasure — Request deletion of your personal data ('right to be forgotten')

Right to Portability — Receive your data in a machine-readable format

Right to Object — Object to processing based on legitimate interests

Right to Restriction — Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Cookies

Stratus uses minimal, essential cookies only:

▸Session cookie: maintains your authenticated session (expires on logout)
▸Language preference: remembers your chosen language (localStorage)
▸No advertising cookies, no tracking pixels, no third-party analytics cookies

8. Third-Party Services

Service	Purpose	Privacy Policy
Paddle	Payment processing	paddle.com/legal/privacy
Manus Platform	Hosting & infrastructure	manus.im/privacy

9. Contact & Data Protection Officer

Stratus — Data Protection

Email: [email protected]

Website: https://stratus.homes

You also have the right to lodge a complaint with your local data protection authority (e.g., CNIL in France, ICO in the UK).