What we keep, and what we don't.

Stravix is an AI content engine. Using it requires us to handle some personal data. Your account details, the brand context you give us, the prompts you write. This policy tells you exactly what happens to that data, who else might see it, and how to make it disappear when you're done.

We're a GDPR-aligned company headquartered in the EU. If anything here is unclear, email us at hello@stravix.app.

Information you give us

• Account details. Name, email, password.
• Profile and brand information used to personalise output.
• Content you create using our AI tools.
• Messages you send our support team.
• Payment information. Processed by Stripe; we never see your full card number.

Information collected automatically

• Usage analytics and the actions you take in the app.
• Device data. IP address, browser, operating system.
• Cookies and similar tracking. See the Cookie Policy.
• Log files and error reports.

Legal basis (GDPR)

We process data under one of four lawful bases: contract performance (delivering the service), consent (marketing, optional features), legitimate interests (security, fraud prevention, analytics), and legal obligation (tax, accounting).

• To operate, secure, and improve the service.
• To personalise your experience.
• To process payments and manage your subscription.
• To send service updates and. With your consent. Newsletters and product announcements.
• To answer your support requests.
• To comply with our legal obligations.

AI-powered content generation

When you use our generation features, here's what travels and what stays:

• What we send to AI providers: brand profile, content prompts, and the business details you give us to personalise output.
• What we don't send: your name, email, or payment details. AI providers never see who you are.
• Where it lives: generated content and brand profiles are stored in our Supabase database, region EU.
• Who owns it: you. Delete it any time.

We share personal data only with:

• Service providers. Hosting (Vercel), database (Supabase), email (Resend), payments (Stripe), analytics (Plausible, PostHog), AI inference (OpenAI, Anthropic, Google). Each is bound by a Data Processing Agreement.
• Authorities. When legally compelled.
• Acquirers. If Stravix is ever acquired or merged, we'll notify you before any transfer of data.

We never sell personal data.

We encrypt data in transit (TLS 1.3) and at rest (AES-256). Access is role-based and audited. We follow OWASP best practices and run quarterly third-party security reviews. No system is perfectly secure. If we discover a breach affecting you, you'll hear from us within 72 hours.

• Account data. For the life of your account.
• Generated content. Until you delete it, or up to 30 days after account closure.
• Payment records. 7 years (tax obligation).
• Analytics. 26 months, then aggregated.

You have the right to:

• Access the personal data we hold about you.
• Correct anything that's wrong.
• Delete your data (the “right to be forgotten”).
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent at any time.
• Lodge a complaint with your local data protection authority.

Email hello@stravix.appand we'll respond within 30 days.

We use a small set of cookies. Strictly necessary, analytics (opt-in), and preference. The full breakdown lives in our Cookie Policy, which is updated alongside this one.

Some of our processors (notably AI providers) are based in the US. We rely on the EU-US Data Privacy Framework and Standard Contractual Clauses for those transfers. We choose EU-based alternatives wherever we can.

Stravix is not directed at children under 16. We don't knowingly collect their data. If you're a parent who believes we have, write to us and we'll remove it.

Generated content is produced by AI models that we license. It is not a “solely automated decision producing legal effects on you” under GDPR. You remain in control: review, edit, or reject anything before you publish. We don't use AI to make decisions about your account, pricing, or access.

In the unlikely event of a breach affecting your data, we'll notify the supervisory authority within 72 hours and email affected users with what happened, what we did, and what you should do.

We may update this policy as the service evolves. Material changes will be flagged by email and at the top of this page. The “Last updated” date above always reflects the current version.

Chime Stream B.V., Rotterdam, the Netherlands.
Privacy: hello@stravix.app · Support: hello@stravix.app