Privacy Policy.

1. Scope

This policy covers the website at stratum.fyi (the “Site”) and information collected during discovery calls, scoping conversations, and active client engagements. It does not cover websites or services operated by third parties, even when linked from the Site.

By using the Site or engaging Stratum's services, you agree to the practices described here. If you do not agree, please do not use the Site or engage our services.

2. Information we collect

We collect only what is necessary to operate the Site, to communicate with you, and to deliver engagements you have contracted for. Specifically:

Information you provide directly

• Contact details — name, email address, company, role, and any context you share when you schedule a discovery call, complete a scoping questionnaire, or email us directly.
• Engagement information — business goals, marketing data, account access, and any other materials shared with us during an active engagement.
• Payment information — billing details for invoiced engagements. Payment instruments are handled by our payment processors and we do not store full card numbers or wallet keys.

Information collected automatically

• Server logs — IP address, browser type, device type, referring URL, pages viewed, and access timestamps. Logs are kept for security and aggregate analytics only.
• Privacy-respecting analytics — if enabled, we use cookieless or first-party analytics to understand site usage in aggregate. We do not build cross-site advertising profiles.

Information from third parties

• Calendly — when you book a call, we receive the name, email, and timezone you provide.
• Email providers — when you email us, we receive your message and the metadata your email client sends.
• Public sources — to prepare for a call, we may review publicly available information about you or your company (LinkedIn, company website, news).

3. How we use information

We use information to:

• Schedule, conduct, and follow up on discovery calls.
• Scope, propose, and deliver client engagements.
• Send transactional and engagement-related communications.
• Operate, secure, and improve the Site.
• Comply with legal obligations and enforce our agreements.
• Maintain reasonable records of our business operations.

We do not sell your personal information. We do not use your information for cross-context behavioral advertising. We do not train AI models on your confidential business data without explicit written consent.

4. Sharing & service providers

We share information only as follows:

• Service providers — vendors that help us run the business (hosting, email, scheduling, analytics, payment processing, accounting). Each is bound by confidentiality and data-handling obligations.
• Professional advisors — legal, accounting, and insurance professionals, when needed.
• Legal & safety — to comply with law, respond to legal process, protect rights and property, or address fraud and security issues.
• Business transfers — if Stratum is involved in a merger, acquisition, or sale of assets, information may transfer subject to this policy.
• With your consent — anything else only with your explicit permission.

5. Cookies & analytics

The Site uses minimal cookies. Strictly necessary cookies keep the Site working. We may use first-party or cookieless analytics to understand aggregate traffic. We do not use third-party advertising cookies or cross-context tracking.

You can block or delete cookies in your browser settings. Doing so may affect how the Site behaves but will not prevent you from contacting us.

6. Third-party services

The Site embeds Calendly for scheduling. When you load the embed, Calendly may set its own cookies and process your information under its own privacy policy. Other third parties referenced from the Site (LinkedIn, email, etc.) are governed by their own terms.

7. Retention

We keep information only as long as needed for the purposes described in this policy and to meet legal, accounting, or reporting obligations. Indicative timelines:

• Discovery-call inquiries that do not become engagements — up to 24 months, then deleted or anonymized.
• Engagement records — for the duration of the engagement plus the period required by tax, legal, and insurance obligations (typically 7 years).
• Server logs and analytics — short retention, typically under 13 months.

You may request earlier deletion at any time, subject to overriding legal obligations.

8. Security

We use reasonable administrative, technical, and physical safeguards to protect information. These include access controls, encryption in transit, vendor due diligence, and least-privilege handling of client credentials. No method of transmission or storage is fully secure; we do not guarantee absolute security.

If we learn of a security incident affecting your information, we will notify you and applicable regulators as required by law.

9. Your rights

Depending on where you live, you may have the right to:

• Know what personal information we hold about you.
• Access a copy of that information.
• Correct inaccurate information.
• Delete information, subject to overriding legal obligations.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Receive your information in a portable format.
• Lodge a complaint with a data protection authority.

To exercise any of these rights, email luke@stratum.fyi. We will respond within the timeframe required by applicable law (typically 30 to 45 days). We may verify your identity before fulfilling a request.

10. California (CCPA / CPRA)

California residents have the rights described in Section 9 above, plus the right to opt out of the “sale” or “sharing” of personal information and to limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising and we do not use sensitive personal information for inferences about you.

You may designate an authorized agent to exercise these rights on your behalf. We will not discriminate against you for exercising your rights.

11. EEA / UK (GDPR)

If you are in the European Economic Area or the United Kingdom, the legal bases on which we process your information include:

• Contract — to enter into and perform an engagement with you or your organization.
• Legitimate interests — to operate, secure, and improve the Site and our business, in a way that does not override your rights.
• Consent — where you have given it (and can withdraw it at any time).
• Legal obligation — to comply with applicable law.

Stratum is the controller of personal information processed through the Site and during engagements. To contact us about EEA/UK matters, email luke@stratum.fyi.

12. International transfers

Stratum is based in the United States. If you contact us or engage our services from outside the United States, your information will be transferred to and processed in the United States and other jurisdictions where our service providers operate. We use appropriate safeguards for such transfers where required by law.

13. Children

The Site and our services are intended for businesses and professionals. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us and we will delete it.

14. Do Not Track

The Site does not respond to browser “Do Not Track” signals because no consistent industry standard for them exists. We honor opt-out preference signals where required by applicable law.

15. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be highlighted on the Site or communicated to active clients directly.

16. Contact

Questions, requests, or concerns about this policy or our handling of your information can be sent to:

Stratum Studio LLC
Attn: Privacy
Email: luke@stratum.fyi