Privacy Policy

Last updated: February 1, 2026

1. Introduction

Stratusec ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, disclose, and safeguard your information when you use our open-source software, website (stratusec.ai), and enterprise services.

2. Information We Collect

Open Source Software: The self-hosted open-source version of Stratusec does not transmit any data to us. All data remains on your infrastructure. We have zero visibility into your cloud accounts, findings, or security posture when you run Stratusec yourself.

Website: We collect basic analytics data (page views, referrer, country) using privacy-respecting analytics. We do not use third-party tracking cookies.

Enterprise SaaS: If you use our managed enterprise service, we process cloud security findings, account metadata, and user information necessary to provide the service. This data is encrypted at rest and in transit.

Account Information: When you create an account, we collect your name, email address, and organization name.

3. How We Use Your Information

  • To provide, maintain, and improve our services
  • To communicate with you about your account and service updates
  • To respond to support requests
  • To detect and prevent security incidents
  • To comply with legal obligations

We do not sell your data. We do not use your security findings to train AI models. We do not share your data with third parties for marketing purposes.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your data at any time by contacting us at privacy@stratusec.ai.

5. Data Security

We implement industry-standard security measures including encryption at rest (AES-256) and in transit (TLS 1.3), role-based access control, audit logging, and regular security assessments. See our Security Policy for details.

6. Your Rights

You have the right to access, correct, delete, or export your personal data. You may also object to processing or request restriction of processing. To exercise these rights, contact privacy@stratusec.ai.

7. Third-Party Services

Our enterprise service may integrate with third-party tools (SIEM, ticketing, notification platforms) at your direction. Data shared with these services is governed by their respective privacy policies.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a notice on our website.

9. Contact

For privacy-related inquiries: privacy@stratusec.ai