Information We Collect
StrataOps Risk collects information necessary to provide operational risk management services to our clients. This includes business contact information (names, email addresses, phone numbers, job titles), account credentials, usage data related to platform access and feature utilization, and operational data uploaded or integrated through our connectors.
We automatically collect technical information such as IP addresses, browser types, device identifiers, and access logs when you interact with our platform. This data helps us maintain security, troubleshoot issues, and improve service performance.
How We Use Your Information
The information we collect is used to deliver, maintain, and improve the StrataOps Risk platform. This includes processing your operational data to generate risk scores, running scenario analyses, executing stress tests, and providing regulatory signal tracking as part of our core service offering.
We use contact information to communicate with you about your account, respond to support requests, send service updates, and deliver security notifications. Usage data helps us understand how clients interact with features, identify areas for improvement, and develop new capabilities that serve midmarket organizations.
Data Sharing and Disclosure
StrataOps Risk does not sell, rent, or trade your personal information or operational data to third parties. We share data only in limited circumstances: with service providers who assist in platform operations (such as cloud infrastructure providers, security services, and communication tools) under strict confidentiality agreements, when required by law or legal process, to protect our rights or the safety of others, or in connection with a business transaction such as a merger or acquisition.
Service providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures. We conduct due diligence on all vendors and require compliance with applicable data protection standards.
Data Security Measures
We implement industry-standard security controls to protect your information from unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit and at rest, regular security assessments, access controls based on the principle of least privilege, and monitoring for suspicious activity.
Our infrastructure is hosted with reputable cloud providers who maintain SOC 2 Type II compliance and other relevant certifications. We conduct regular vulnerability assessments, maintain incident response procedures, and require multi-factor authentication for administrative access.
Data Retention and Deletion
We retain your information for as long as your account is active or as needed to provide services. Operational data used in risk scoring, scenario planning, and stress testing is retained according to your subscription tier and configured retention policies.
When you request account deletion, we remove your personal information and operational data within 90 days, except where retention is required by law, necessary to resolve disputes, enforce agreements, or maintain audit trails for compliance purposes. Backup copies are purged according to our standard backup rotation schedule.
Your Rights and Choices
Depending on your jurisdiction, you may have rights regarding your personal information, including the right to access, correct, delete, restrict processing, object to processing, and request data portability. You may also have the right to withdraw consent where processing is based on consent.
To exercise these rights, contact us at privacy@strataops.risk. We will respond to requests within the timeframes required by applicable law. Note that some rights may be limited by legal obligations or legitimate business interests, such as maintaining security or fulfilling contractual commitments.
International Data Transfers
StrataOps Risk operates globally and may transfer your information to countries outside your jurisdiction. When we transfer data internationally, we implement appropriate safeguards such as Standard Contractual Clauses approved by relevant authorities, adequacy decisions, or other legally recognized transfer mechanisms.
Our primary data processing occurs in facilities located in Canada and the United States. Clients in other jurisdictions should be aware that data protection standards may differ from those in their home country, though we maintain consistent security practices across all locations.
Cookies and Tracking Technologies
We use cookies and similar technologies to maintain sessions, remember preferences, analyze usage patterns, and improve platform functionality. Essential cookies are necessary for basic operations such as authentication and security. Analytics cookies help us understand how clients use features and identify areas for enhancement.
You can control cookie preferences through browser settings, though disabling certain cookies may limit platform functionality. For detailed information about our cookie practices, see our Cookie Policy. We do not use cookies for advertising or tracking across unrelated websites.
Third-Party Integrations
StrataOps Risk offers optional integrations with finance, project management, procurement, and regulatory data sources. When you enable an integration, you authorize us to access and process data from the connected system according to the permissions you grant.
We are not responsible for the privacy practices of third-party systems you integrate with our platform. Review the privacy policies of integrated services to understand how they collect, use, and share data. You can revoke integration permissions at any time through your account settings.
Children's Privacy
StrataOps Risk is a business-to-business platform designed for organizations and their authorized employees. We do not knowingly collect information from individuals under the age of 16. If we become aware that we have collected personal information from a child without appropriate authorization, we will take steps to delete such information promptly.
California Privacy Rights
California residents have specific rights under the California Consumer Privacy Act (CCPA). This includes the right to know what personal information we collect, the right to delete personal information, the right to opt out of sales (though we do not sell personal information), and the right to non-discrimination for exercising privacy rights.
To submit a CCPA request, contact us at privacy@strataops.risk with "California Privacy Request" in the subject line. We will verify your identity before processing requests and respond within 45 days, with the possibility of a 45-day extension for complex requests.
European Data Protection Rights
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and equivalent laws. This includes rights to access, rectification, erasure, restriction of processing, data portability, and objection.
Our legal basis for processing includes performance of contract (to provide platform services), legitimate interests (to improve services and ensure security), compliance with legal obligations, and consent where specifically obtained. You have the right to lodge a complaint with your local supervisory authority if you believe our processing violates applicable law.
Automated Decision Making
StrataOps Risk generates risk scores, scenario models, and stress test results using automated analysis of the operational data you provide. These outputs are intended as decision support tools, not as sole determinants of business decisions. You retain full control over how to interpret and act upon platform insights.
We do not use personal information in automated decision-making that produces legal effects or similarly significantly affects individuals. Our platform focuses on organizational risk assessment, not individual profiling or credit decisions.
Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email to your account address, through a prominent notice on the platform, or by other appropriate means.
The "Last updated" date at the top of this policy indicates when it was most recently revised. Your continued use of the platform after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically to stay informed about how we protect your information.
Contact Information
For questions, concerns, or requests related to this Privacy Policy or our data practices, contact our privacy team at privacy@strataops.risk. You may also reach us by phone at +1 647 305 9283 or by mail at 18 Glenrose Ave, Toronto, ON M4T 1K6, Canada.
We aim to respond to all privacy inquiries within 10 business days. For urgent security matters, please indicate "Security" in your subject line for prioritized handling.