Privacy Policy
Strategy Room is built stateless: your inputs are processed in memory to generate your brief and are not stored on our servers. This policy explains what that means in practice.
The short version (our Stateless doctrine)
Uploaded documents and the business inputs you type are processed in memory, for brief generation only, and are not stored server-side in the current version. Your generated brief is kept locally in your own browser, not in a database we control. We keep no copy. This is a deliberate privacy advantage, not an afterthought.
What we collect and why
We collect the minimum needed to provide the service:
- Intake answers (industry, pain, goal, constraint, etc.) — used solely to generate your Strategy Brief.
- Optional document uploads (PDFs you add for the Evidence Upgrade) — read transiently to extract figures, then discarded.
- Payment details — handled directly by Stripe during checkout; we do not receive or store your card data.
- Technical request data (e.g. IP address) — used briefly for security and rate limiting, not for profiling.
Legal bases (Art. 6 GDPR): performance of our contract with you (generating the brief), our legitimate interest in securing the service, and your consent for anything optional.
How it is processed
To generate a brief, your intake answers and any uploaded document text are sent to our AI processor (Anthropic) per request and returned to your browser. Processing is transient. The brief result is stored in your browser's local storage so you can return to it; you can clear it at any time by clearing your browser data.
Third-party processors
We rely on the following sub-processors. This list is maintained in one place and kept current:
| Processor | Purpose | Data |
|---|---|---|
| Vercel | Serverless/edge hosting and content delivery. | Request metadata (e.g. IP address, headers) used for routing, security, and rate limiting. |
| Anthropic (Claude API) | AI processing — generates the Strategy Brief and extracts evidence from uploads. | Intake answers and uploaded document text, sent transiently per request; not stored by us. |
| Stripe | Payment processing for the one-time Strategy Brief purchase. | Payment and billing details, handled directly by Stripe; we do not receive or store card data. |
| <<SET_EMAIL_OR_ANALYTICS_PROVIDER>> | Transactional email and/or analytics — not enabled in the current version. | None until enabled. |
Retention periods
Because the service is stateless, we hold no server-side store of your inputs or brief: in-memory data is discarded once the request completes. Browser-local data persists only in your device until you clear it. Stripe retains payment records under its own policy and applicable bookkeeping law. Technical/security logs are kept only as long as needed for security and then expire.
Your GDPR rights
You have the right to:
- access the personal data we process;
- rectification of inaccurate data;
- erasure ("right to be forgotten");
- restriction of processing;
- data portability;
- object to processing;
- withdraw consent at any time, without affecting prior lawful processing.
Because we store little to no personal data server-side, many of these requests resolve quickly. You also have the right to lodge a complaint with a supervisory authority.
Contact
For any privacy request, email <<SET_CONTACT_EMAIL>>. We aim to respond within one business day.