Legal

Privacy Policy

How we collect, use, and protect your data at Strand Intelligence.

Last updated1 July 2025
Data ControllerStrand Intelligence Ltd
JurisdictionUK & EU GDPR

Who We Are

Strand Intelligence Ltd ("Strand", "we", "our", "us") is an AI-native digital forensics and incident response platform. We are a company registered in England and Wales (Company No. 16505027) with our registered office at GM Digital Security Hub (DISH), 47 Lloyd St, Manchester M2 5LE, United Kingdom.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This privacy policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform, agents, APIs, and related services.

Data We Process

Account & Organization Data (We are Controller)

When you create an account or join an organization:

  • • Full name and business email address
  • • Organization name, size, and industry sector
  • • Billing information (processed by Stripe)
  • • IP addresses, browser type, and device information
  • • Usage analytics and feature interaction data
  • • Support tickets and communication history

Investigation Data (We are Processor)

When you conduct investigations, you may upload:

  • • Email messages, attachments, and headers
  • • System logs, event logs, and forensic artifacts
  • • Memory dumps and disk images
  • • Network traffic captures and firewall logs
  • • User activity logs and authentication records

You remain the data controller for all investigation data. We process it solely on your instructions.

Automatically Collected Data

  • • System performance metrics and error logs
  • • Feature usage patterns and workflow analytics
  • • API call logs and integration data
  • • Session duration and interaction metrics

Contractual Necessity

To provide the Strand platform and services you've requested

Legitimate Interests

Platform security, fraud prevention, and service improvements

Legal Obligations

Financial record keeping, tax reporting, and law enforcement requests

Consent

Marketing communications and optional analytics

Data Sharing & Transfers

We do not, and will never, sell your personal data or investigation data to third parties. Your data is not our product.

Service Providers

Amazon Web ServicesUK
Cloud infrastructure and data storage
SupabaseUK
Database and authentication services
CloudflareUK
CDN, DDoS protection, and Workers
DigitalOceanGlobal
API hosting
StripeGlobal
Payment processing
OpenAIGlobal
AI processing

Data Security

Technical Safeguards

Encryption in transit and at rest, row-level security for data isolation between organizations.

Access Management

Access restricted based on business need, with regular reviews and prompt revocation.

Infrastructure Security

Reputable cloud providers with physical security and compliance certifications.

Incident Response

Procedures in place with 72-hour breach notification as required by law.

Data Retention

Account DataDuration of account + 90 days
Investigation DataConfigurable (default 180 days)
Billing Records7 years (legal requirement)
Security Logs1 year
Support Tickets3 years

Your Rights

Right to Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data

Right to Restriction

Limit how we process your data

Right to Portability

Receive your data in a portable format

Right to Object

Object to certain types of processing

Right to Withdraw Consent

Withdraw consent where we rely on it

Right to Complain

Lodge a complaint with supervisory authorities

To exercise any of these rights, email [email protected]. We'll respond within 30 days.

Contact Us

Data Protection Officer

For privacy-specific inquiries:

[email protected]

Postal Address

Strand Intelligence Ltd
GM Digital Security Hub (DISH)
47 Lloyd St, Manchester M2 5LE
United Kingdom