Product Pricing About Contact Log In

Privacy Policy

Last updated: April 9, 2026

What We Collect

When you use Stratum AI, we collect information necessary to provide and improve the service:

  • Account information: Name, email address, and organization name when you create an account.
  • Documents: Files you sync from SharePoint, Google Drive, or upload directly. These are stored in your tenant's isolated database.
  • Usage data: Chat queries, session metadata, and feature usage to improve the service. We log actions for HIPAA audit compliance.
  • Technical data: Browser type, IP address, and device information for security and troubleshooting.

How We Use It

We use collected information to:

  • Provide RAG search, document retrieval, and AI-assisted workflows
  • Maintain and improve the platform's performance and reliability
  • Comply with legal obligations, including HIPAA audit requirements
  • Communicate with you about your account, support requests, and service updates

Data Security

Security is foundational to Stratum, not an afterthought. Your data is protected by:

  • Self-hosted AI: All AI models run on our own infrastructure. Your data is never sent to third-party AI providers like OpenAI, Google, or Anthropic for processing.
  • Encryption: Data is encrypted at rest (AES-256 via Fernet) and in transit (TLS 1.2+). Encryption keys are managed in our infrastructure and never exposed to clients or models.
  • Tenant isolation: Each organization's data lives in a separate database. There is no shared data layer between tenants.
  • Audit logging: All data access is logged for HIPAA compliance and security monitoring.
  • Session controls: Automatic session timeouts and API key expiration protect against unauthorized access.

Data Sharing

We do not sell, rent, or share your data with third parties for marketing or advertising purposes. We may share information only in the following circumstances:

  • Infrastructure providers: Our hosting providers (Railway, RunPod) process data as part of providing infrastructure services. They are bound by data processing agreements.
  • Legal requirements: We may disclose information if required by law, subpoena, or court order.
  • With your consent: We will share information with third parties only when you have explicitly agreed.

Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Export: Request an export of your data in a portable format.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

HIPAA Compliance

For healthcare organizations and other covered entities, we offer Business Associate Agreements (BAAs). A signed BAA is required before any Protected Health Information (PHI) is stored or processed on the platform. Our infrastructure includes HIPAA technical safeguards: encryption, audit logging, access controls, tenant isolation, and session management. Contact us at hello@stratumbase.ai to request a BAA.

Contact

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Berlin AI Solutions LLC
hello@stratumbase.ai