Privacy Policy

Effective date: March 17, 2026 · Version 1.1

Strutter Technology Corp (“Strutter,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Strutter platform (“the Service”). By accessing or using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following categories of information:

a. Account Information

When you create an account, we collect your name, email address, organization name, and authentication credentials. If you sign in via Google OAuth, we receive your name, email address, and profile picture from Google.

b. Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, browser type, device information, IP address, and referring URLs.

c. AI-Processed Content

When you use AI-powered features (RFP generation, response scoring, vendor recommendations), the content you provide, including RFP descriptions, vendor responses, and evaluation criteria, is processed by our AI systems and third-party AI providers to deliver results.

d. Payment Information

If you subscribe to a paid plan, payment information (such as credit card number, billing address, and transaction details) is collected and processed by our payment processor, Stripe. We do not store your full payment card details on our servers. Please refer to Stripe's Privacy Policy for details on how they handle your payment data.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To operate, maintain, and provide the features of the Service, including account management, RFP creation, vendor invitations, and response management.
  • AI Processing: To generate RFP content, score vendor responses, and produce vendor recommendations using artificial intelligence. Your content is not used to train AI models.
  • Analytics & Improvement: To analyze usage patterns, diagnose technical issues, and improve the Service's technical performance and reliability. Your content is never used to build features or products for other customers.
  • Communications: To send you transactional emails (account verification, vendor invitations, password resets), service announcements, and, where permitted, product updates. You may opt out of non-essential communications at any time.
  • Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. Data Sharing

We do not sell your personal information to third parties. We share your information only in the following circumstances:

  • Payment Processing: We share necessary billing information with Stripe to process your payments and manage subscriptions.
  • AI Providers: Your RFP content and vendor responses are sent to third-party AI providers (such as Google Gemini) solely to provide the Service and improve its technical performance and reliability. These providers process your data according to their own privacy policies and data processing agreements. We do not permit them to use your content for model training.
  • Service Providers: We may share information with third-party vendors who assist us in operating the Service (hosting, analytics, error monitoring), subject to confidentiality obligations.
  • Legal Requirements: We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with legal obligations, protect our rights, or ensure the safety of our users.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

Data Processing Agreements: Business customers who require a Data Processing Agreement (DPA) may request one by contacting us at privacy@strutterai.com. We will provide a DPA that covers the processing of personal data in connection with your use of the Service.

4. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Access controls and authentication mechanisms to restrict data access to authorized personnel
  • Regular security assessments and monitoring
  • Secure vendor token handling using HMAC-SHA256 hashing (raw tokens are never stored)
  • Multi-tenant isolation ensuring organizations can only access their own data

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5. Data Retention

We retain your personal information and account data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal data within thirty (30) days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or enforcing our agreements). You may request deletion of your data at any time by contacting us (see Section 13).

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to certain legal exceptions.
  • Data Portability: Request a machine-readable copy of your data to transfer to another service.
  • Objection: Object to certain processing of your personal information.
  • Restriction: Request that we restrict processing of your personal information under certain circumstances.

To exercise any of these rights, please contact us at privacy@strutterai.com. We will respond to your request within thirty (30) days.

7. Cookies and Tracking

We use only essential cookies that are strictly necessary to operate the Service. These include session cookies for authentication and security, and preference cookies to remember your settings. We do not use advertising cookies, third-party tracking pixels, or cross-site tracking technologies. We do not participate in advertising networks or sell data to advertisers.

8. Your California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

No Sale or Sharing: Strutter does not sell or share your personal information as those terms are defined under the CCPA. We have not sold or shared personal information in the preceding twelve (12) months.

Your Rights: As a California resident, you have the right to:

  • Right to Know: Request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
  • Right to Delete: Request the deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct: Request the correction of inaccurate personal information that we maintain about you.
  • Right to Opt Out: Opt out of the sale or sharing of your personal information. Because we do not sell or share personal information, this right is already honored by default.
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising any of your CCPA rights. We will not deny you the Service, charge different prices, or provide a different level of quality because you exercised your privacy rights.

How to Submit a Request: To exercise your CCPA rights, please contact us at privacy@strutterai.com. We will verify your identity before processing your request by matching the information you provide against the information we have on file. We will respond to verifiable consumer requests within forty-five (45) days.

9. Privacy Rights for EEA Residents (GDPR)

If you are located in the European Economic Area (EEA), the General Data Protection Regulation (GDPR) provides you with additional rights and protections regarding your personal data.

Legal Bases for Processing: We process your personal data on the following legal bases:

  • Contract Performance: Processing is necessary to perform our contract with you and provide the Service you have requested.
  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving the technical performance and reliability of the Service, ensuring security, and preventing fraud, provided these interests are not overridden by your rights and freedoms.
  • Consent: Where required, we process your personal data based on your freely given, specific, and informed consent. You may withdraw your consent at any time by contacting us.

International Data Transfers: Your personal data may be transferred to, and processed in, the United States, where our servers and service providers are located. We take appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy and applicable data protection laws when transferred internationally.

Additional Rights: In addition to the rights described in Section 6, EEA residents have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, work, or where the alleged infringement took place if you believe that our processing of your personal data violates the GDPR.

For data protection inquiries, please contact us at privacy@strutterai.com.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 13, please contact us at privacy@strutterai.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Privacy Policy on the Service and updating the effective date. Your continued use of the Service after such changes constitutes acceptance of the revised Privacy Policy. If you do not agree with the updated Privacy Policy, you should stop using the Service.

12. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Kansas, without regard to its conflict of law provisions.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Strutter Technology Corp
Email: privacy@strutterai.com

Privacy Policy | Strutter AI