Privacy Policy
Last updated: February 22, 2026
1. Introduction
Stratacle ("we," "our," or "us") is operated by Terrence Conrad, DBA Stratacle, based in Tracy, California. This Privacy Policy describes how we collect, use, and protect your personal information when you use our accounting practice management platform at accounting.stratacle.com (the "Service").
2. Information We Collect
Account Information
When you create an account, we collect your name, email address, and password (hashed with Argon2id). If you sign in via Google or GitHub OAuth, we receive your name and email from those providers.
Client and Business Data
Data you enter about your clients (names, contact details, documents, deadlines) is stored securely and accessible only to your account. We do not access, analyze, or share your client data.
Payment Information
We use Stripe, Inc. as our payment processor. When you subscribe to a paid plan, your payment details (card number, billing address) are collected and processed directly by Stripe. We do not store your full card number or CVV on our servers.
Stripe's privacy policy is available at stripe.com/privacy.
Usage Data
We collect basic usage data including pages visited, features used, and actions taken within the Service. This data is used to improve the Service and is recorded in our cryptographic audit trail.
AI Interactions
When you use AI features (email drafting, chat assistant), your prompts and the generated responses are processed by Anthropic's Claude API. We do not use your data to train AI models. Anthropic's usage policy applies to API interactions.
3. How We Use Your Information
- To provide and maintain the Service
- To process your subscription payments via Stripe
- To send you service-related communications (document requests, deadline reminders)
- To respond to your support inquiries
- To maintain our cryptographic audit trail for data integrity
- To improve the Service based on usage patterns
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Data Sharing
We share data only with the following service providers, solely for operating the Service:
- Stripe — Payment processing
- Anthropic — AI features (Claude API)
- Cloudflare — CDN, security, and DNS
- Google / GitHub — OAuth authentication (only if you choose social login)
5. Data Security
We take security seriously. Your data is protected by:
- AES-256-GCM encryption for sensitive data at rest
- TLS/HTTPS for all data in transit
- Argon2id password hashing
- Cryptographic audit trail with SHA-256 hashing and HMAC signatures
- Per-user data isolation at the database level
- Scoped API keys with granular permissions
6. Cookies
We use a single HTTP-only session cookie to keep you logged in. We do not use tracking cookies or third-party advertising cookies. Cloudflare may set security cookies for bot protection.
7. Data Retention
Your data is retained for as long as your account is active. After account cancellation, your data is retained for 30 days to allow for reactivation, then permanently deleted. Audit trail records may be retained longer for regulatory compliance purposes.
8. Your Rights
Depending on your location, you may have the following rights:
- Access — Request a copy of your personal data
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your data
- Export — Request your data in a portable format
- Opt-out — Opt out of non-essential communications
California residents have additional rights under the CCPA. We do not sell personal information as defined by the CCPA.
9. Children's Privacy
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact
For privacy-related inquiries, contact us at: