Install Core StrataGet instant launch + an offline app shell. No app store.
We use a small number of essential cookies to keep you signed in. With your consent, we also use anonymised analytics (PostHog) to improve the product. Read our Cookie Policy and Privacy Policy.
This Privacy Policy describes how Intel Core Strata (“we”, “us”) collects, uses, and protects personal information when you use our website and dashboard (the “Service”). It is written to satisfy the GDPR (EU/UK) and CCPA (California) baseline. If you have specific questions, contact [email protected].
Subscription & billing metadata: Stripe customer ID, plan, subscription status. Card data is handled exclusively by Stripe; we never see it.
Usage data: login timestamps, IP address (last login), user-agent string, session activity, calendar notes and journal entries you choose to save.
Analytics: with your consent, anonymised product analytics via PostHog (page views, feature usage). IPs are anonymised and session recording is disabled.
2. How we use it
To provide, secure, and improve the Service;
To process your subscription and send transactional emails;
To detect abuse and enforce our Terms of Service;
To meet legal, tax, and accounting obligations.
3. Legal bases (GDPR)
We rely on (a) contract for account and subscription processing, (b) legitimate interest for security and fraud prevention, (c) consent for analytics and non-essential cookies, and (d) legal obligation for tax records.
4. Sharing
We share data only with vetted processors needed to run the Service:
PostHog (anonymised product analytics — only after consent)
Sentry (error tracking — request scope only, no PII)
We do not sell or rent personal data. We may disclose data when legally required (court order, regulatory request).
5. Retention
Account & profile: until you delete your account.
Calendar notes & journal entries: until you delete them or your account.
Login IP / user-agent: rolling 30 days.
Stripe records: retained by Stripe per their policies and tax law (typically 7 years).
Sentry events: 30 days.
Server logs: 30 days.
6. Your rights
You have the right to:
Access & portability: request a machine-readable export via GET /api/auth/export-data (Settings → Export).
Erasure: delete your account and content via Settings → Delete Account.
Rectification: update inaccurate information in your profile.
Withdraw consent: revoke analytics consent via the cookie banner at any time.
Lodge a complaint: contact your local data-protection authority.
7. Security
We use TLS-encrypted transport, bcrypt-hashed passwords, JWT access tokens, role-based access control on admin endpoints, automatic backups, and Sentry-monitored exception tracking. No system is perfectly secure; please use a strong, unique password.
8. International transfers
Your data is processed in the United States and the European Union. Where data is transferred outside the EEA, we rely on Standard Contractual Clauses with our sub-processors.
9. Children
The Service is not directed to children under 18. We do not knowingly collect personal data from minors.