Privacy Policy

Interstrata provides an accountability layer for AI workflows. We process data you import (conversation exports, agent logs) to extract structured insights (decisions, commitments, events) and build your continuity timeline. This policy explains what data we collect, how we use it, and the controls you have over it.

Our core principle is data minimization: we collect the minimum data necessary to provide the service, and our custody system lets you choose who can decrypt your content — including an option where we cannot access it at all.

We do not capture by default: raw message content beyond what you explicitly import, full URLs or query strings from browsing, precise location data, contact graphs, or any data from AI platforms you haven't connected. We do not sell your data to third parties. We do not serve advertising. We do not use your content to train AI models.

Interstrata provides three custody profiles that determine who can decrypt your content. You choose your profile during onboarding and can change it at any time.

We use your data to: provide and improve the Interstrata service, extract structured insights from your imported content, generate accountability reports and incident binders, send service-related communications (account security, product updates), and maintain system security and prevent abuse.

We do not use your content for: training machine learning models, advertising or marketing profiling, sale to third parties, or any purpose beyond providing and improving the service you've subscribed to.

We use a limited set of third-party services: Supabase (infrastructure and database hosting, US-based), Stripe (payment processing), Vercel (application hosting), Plausible (privacy-focused analytics, EU-based), and LLM providers (for extraction processing — content is sent to LLM APIs in accordance with your custody profile). We do not share your data with any other third parties.

Your imported content and extracted artifacts are retained for as long as your account is active. You can delete specific content or your entire account at any time. Upon account deletion, content objects are removed within 30 days. Trust receipts may be retained in redacted form (timestamps and hashes only, no content) where legally required. Backups are purged within 90 days of deletion.

Regardless of jurisdiction, you have the right to: access your data (export your vault at any time), correct inaccurate data, delete your data (with clear "what remains" summary), restrict processing, port your data (encrypted export bundles), and withdraw consent for optional processing.

For users subject to GDPR, UK GDPR, or comparable regulations: we process personal data under legitimate interest (service provision) and consent (optional features). You may exercise your rights by contacting privacy@interstrata.ai or through the Settings panel in the application. We respond to all requests within 30 days.

When we receive a legal request for user data, we: record the request immediately with jurisdiction tags and scope, apply internal policy review, produce the minimal data set when compelled (preferring hashes and metadata over plaintext), emit a disclosure receipt for the user's audit trail, and notify the user when legally permitted.

Under Profile A or B custody, we cannot produce plaintext content because we do not hold decryption keys. In these profiles, legal responses are limited to service metadata (account creation date, last login, IP addresses if logged) and redacted trust receipts.

Interstrata is not intended for use by anyone under 16. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it promptly.

We will notify you of material changes via email and/or in-app notification at least 30 days before they take effect. Non-material clarifications may be made at any time. The "last updated" date reflects the most recent revision.

For privacy-related inquiries: privacy@interstrata.ai. For data subject requests: use the Settings panel in the application or email privacy@interstrata.ai. We respond within 30 days.