How Stract handles personal data

1. Who we are

Stract is provided by Stract ApS, Kanonbådsvej 2, 1437 Copenhagen, Denmark. For the personal data we process for our own purposes, Stract ApS is the data controller.

You can contact us about privacy at hello@stract.com.

2. What this policy covers

This Privacy Policy explains how we collect, use, share, and protect personal data when you visit stract.com, create an account, use Stract workspaces, receive communications from us, or otherwise interact with Stract.

Customer content in a workspace may include personal data submitted by you, your organization, or workspace users. If your organization controls that content, we process it as instructed by your organization and under the applicable customer agreement.

3. Personal data we collect

We collect personal data that depends on how you use Stract, including:

• Account and workspace information, such as your name, email address, organization, role, login details, workspace membership, and settings.
• Billing and subscription information, such as plan details, invoices, payment status, business address, and tax information. Payment card details are handled by our payment providers.
• Customer content, such as story drafts, prompts, campaign notes, outreach records, uploaded materials, prospect lists, contacts, and messages you choose to process through Stract.
• Product usage and device information, such as pages viewed, features used, timestamps, approximate location from IP address, browser, device, operating system, and logs needed to secure and operate the service.
• Support and communication information, such as messages you send us, survey responses, sales conversations, and marketing preferences.
• Public and third-party information, such as publicly available professional information about journalists, creators, podcasts, publications, and other media contacts that may be relevant to Stract features.

4. How we collect personal data

We collect personal data directly from you, from your organization or workspace administrators, from integrations you connect, from service providers, and from public or licensed data sources used to support Stract discovery and outreach features.

We also collect technical information automatically when you use our websites and applications.

5. How we use personal data

We use personal data to:

• Provide, maintain, secure, and improve Stract.
• Create and manage accounts, workspaces, subscriptions, billing, support, and service communications.
• Process customer content, prompts, discovery queries, contact data, and outreach workflows so the service can return relevant results and recommendations.
• Personalize the product experience, remember settings, measure usage, debug errors, and prevent abuse.
• Communicate with you about the service, product updates, security notices, and, where permitted, marketing.
• Comply with legal obligations, enforce our terms, resolve disputes, and protect the rights, safety, and security of Stract, our users, and others.

6. Legal bases

When the GDPR or similar laws apply, we rely on the legal bases that fit the processing activity. These may include performance of a contract, legitimate interests, consent, and compliance with legal obligations.

Our legitimate interests include operating and securing Stract, improving the service, communicating with customers and prospects, preventing abuse, and helping users discover relevant professional media contacts, provided those interests are not overridden by individual rights and freedoms.

7. Prospect and contact data

Stract may process publicly available or third-party professional contact information about journalists, creators, podcasts, publications, and similar media contacts so customers can discover relevant voices and manage outreach.

This data may include names, professional roles, organizations, work contact details, public profiles, publication history, podcast or creator metadata, topical relevance, and related professional context.

If you are included in Stract as a professional contact, you can ask us to access, correct, restrict, or delete your information, or object to our processing, by contacting hello@stract.com.

8. Cookies and similar technologies

Stract may use cookies, local storage, and similar technologies to keep you signed in, remember settings, secure the service, understand product usage, and improve performance.

Where required, we will ask for consent before using non-essential cookies or similar technologies. You can also control cookies through your browser settings, though some product features may not work without essential storage.

9. How we share personal data

We do not sell personal data. We may share personal data with:

• Service providers that help us host, operate, secure, support, analyze, communicate, bill, and improve Stract.
• Workspace administrators and members according to the permissions and settings inside a workspace.
• Integration providers when you choose to connect or use an integration.
• Professional advisers, authorities, courts, or other parties when needed for legal, compliance, safety, security, or dispute purposes.
• A successor or relevant party in connection with a merger, acquisition, financing, reorganization, or sale of business assets.

10. International transfers

Stract is based in Denmark, and our service providers may process personal data in other countries. When personal data is transferred outside the European Economic Area, we use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, or equivalent transfer mechanisms.

11. Retention

We keep personal data for as long as needed to provide Stract, maintain accounts and workspaces, comply with legal obligations, resolve disputes, enforce agreements, protect the service, and support legitimate business purposes.

Retention periods vary depending on the type of data, the workspace settings, legal requirements, and the context in which the data was collected. When personal data is no longer needed, we delete it or anonymize it where practical.

12. Security

We use technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. No online service can be guaranteed to be completely secure, so you should use strong credentials and keep account access limited to trusted users.

13. Your rights

Depending on where you live and which laws apply, you may have rights to request access, correction, deletion, restriction, portability, objection, or withdrawal of consent for your personal data.

You may also have the right to complain to your local supervisory authority. In Denmark, the supervisory authority is the Danish Data Protection Agency.

• To make a privacy request, contact hello@stract.com. We may need to verify your identity or authority before acting on a request.
• If your personal data is controlled by a Stract customer workspace, we may direct your request to that customer or support them in responding.

14. Automated processing

Stract may use automated processing, matching systems, ranking systems, and AI-assisted features to provide suggestions, summaries, relevance signals, and workflow support.

Stract does not make decisions with legal or similarly significant effects about individuals solely through automated processing.

15. Children

Stract is not intended for children, and we do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to Stract, contact us so we can take appropriate action.

16. Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new last-updated date. If a change is material, we will use reasonable efforts to provide additional notice.

17. Contact

For privacy questions or requests, contact Stract ApS at hello@stract.com or by mail at Kanonbådsvej 2, 1437 Copenhagen, Denmark.