Privacy Policy

Version 1.0

Effective: March 2, 2026

1. Introduction

StrategyOS, a product of North Star Agency based in the Netherlands, attaches great importance to the protection of personal data. This Privacy Policy explains what personal data we collect, what we use it for, how we protect it, and what rights you have as a data subject. This policy has been drawn up in accordance with the General Data Protection Regulation (GDPR).

2. Data Controller

The data controller within the meaning of the GDPR is: North Star Agency (trading under StrategyOS), North Star Agency | The Netherlands. Chamber of Commerce (KvK): 59019174 Email: support@strategyos.io.

3. What Personal Data Do We Process?

Account Data:

Name and email address.
Company name (sole proprietorships/partnerships).
Encrypted passwords and registration timestamps.

Business Input Data:

Information provided for strategic analyses (sector, revenue, target audience, positioning, competitors, and growth strategy) and module answers.

Usage & Communication Data:

IP address, browser/device type, visited modules, and correspondence with our support team.

Publicly Available Data (Scraped Data):

Automated collection from public sources (LinkedIn, Google Maps, Trustpilot) to generate intelligence reports. This may incidentally include names of reviewers or job titles.

4. Purposes and Legal Bases

Performance of a contract (Art. 6(1)(b) GDPR): Account management, platform access, AI analysis generation, and payment processing.

Legitimate interest (Art. 6(1)(f) GDPR): Platform improvement, security, direct marketing to existing customers, and retrieving public business data for requested intelligence.

Legal obligation (Art. 6(1)(c) GDPR): Financial records for tax compliance.

Consent (Art. 6(1)(a) GDPR): Newsletters and non-essential cookies.

5. Retention Periods

Account & Business Data: Up to 30 days after account termination.
Financial Data: 7 years (statutory tax retention).
Communication Data: 2 years.
Usage Logs: Maximum of 12 months.

6. Sharing with Third Parties

We use trusted processors acting solely on our instructions under Data Processing Agreements:

Infrastructure: Vercel (Hosting) and Supabase (Database/Auth).
Payments: [Stripe]
AI Analysis: Anthropic/OpenAI (Enterprise API endpoints: data is isolated and NOT used for foundational model training).
Data Scraping: Outscraper, SerpApi, and Apify.

7. Security & EEA Transfers

We utilize HTTPS/TLS encryption, role-based access control, and regular assessments. Transfers outside the EEA take place under European Commission adequacy decisions or Standard Contractual Clauses (SCCs).

8. Your Rights

You have the right to access, rectification, erasure (forgetting), restriction, data portability, and the right to object. Requests sent to support@strategyos.io will be handled within 30 days.

9. Automated Decision-Making

The Platform processes data to generate strategic analyses. This has no legal effects on you as an individual; analyses are informational tools and not binding advice.

Privacy Policy

Still have questions?

Cookie Preferences