STRATA ProtocolBeta
Legal

Privacy Policy

What personal data StrataProtocol.org collects, why, how long it is kept, and the rights you have over it.

Effective date: 2026-06-16 · Operated by: Florante Pascual

This Privacy Policy explains what personal data StrataProtocol.org collects when you use the Service, why we collect it, how long we keep it, and the rights you have. The Service is operated by Florante Pascual. We collect only what we need to run member accounts and keep them secure — nothing more.

1. Information We Collect

When you create an account, we collect and store:

  • First name and last name — to address you and personalize your account.
  • Email address — your account identifier, used for sign-in and transactional email.
  • Password — stored only as a salted bcrypt hash. We never store or transmit your plaintext password.
  • Membership level — your tier (community, customer, or partner), which determines access to member materials.
  • Stripe customer identifier — created only if you hold a paid membership, to associate your account with your billing record at our payment processor.

To verify your email address and to let you reset a forgotten password, we generate short-lived verification codes and reset tokens. These are stored only in hashed form and are never kept in plaintext.

2. What We Do Not Collect

To be clear about the limits of our data collection, the Service does not collect or store:

  • Cloud-provider credentials, API keys, or access tokens of any kind.
  • Files, uploads, documents, or project assets — there is no file storage feature.
  • File metadata, source code, or the content of any project you build using the framework.
  • Advertising identifiers or cross-site tracking data.

3. How We Use Your Information

We use the data above to:

  • Create and maintain your account and authenticate your sign-in.
  • Send transactional email (email verification, password reset, and account-related notices).
  • Provide access to the membership tier you hold, and — for paid tiers — process billing through our payment processor.
  • Maintain the security and integrity of the Service, including an audit record of significant account actions.

4. Legal Bases

Where applicable law requires a legal basis for processing, we rely on: your consent (given when you create an account); the performance of a contract (providing the account and member services you signed up for); and our legitimate interests in securing the Service and preventing abuse.

5. Email Communications

Email from the Service is transactional only — for example, verifying your address, resetting your password, or notifying you about your account. We do not send marketing solicitations and do not sell or rent your email address.

Transactional messages are delivered through a third-party transactional email provider acting as our processor. They handle delivery only and are not permitted to use your address for their own purposes.

6. Service Providers

We share personal data with service providers only to the extent needed to operate the Service:

  • A third-party transactional email provider, to deliver the messages described above.
  • A payment processor (Stripe), for paid memberships only, to handle billing. Your card details are handled by the payment processor and are never stored by us.

7. Cookies and Session

The Service sets a single strictly-necessary session cookie to keep you signed in, and stores your color-mode preference in your browser. We use no third-party advertising or tracking cookies. See the Cookie Policy for details.

8. Data Retention

We keep your personal data only as long as needed for the purposes above:

  • Account data is retained while your account is active. When you delete your account, we remove your personal data within 30 days, except where we must retain limited records to meet a legal obligation.
  • Audit records of significant account actions are retained for 12 months.
  • Email verification codes and password reset tokens expire within 1 hour(s) of being issued.

9. Security

We protect your data with industry-standard measures: passwords are stored as salted bcrypt hashes; verification codes and reset tokens are stored hashed; your session is carried in a sealed, HttpOnly cookie; and data is encrypted in transit. No method of transmission or storage is perfectly secure, but we take reasonable steps to protect your information.

10. Your Rights

Subject to applicable law, you have the right to access, correct, delete, and obtain a portable copy of your personal data, and to object to or restrict certain processing. You may also lodge a complaint with your local supervisory authority. To exercise a right, contact us at support@strataprotocol.org; we will respond within 30 days.

11. International Transfers

The Service and its providers may process your data in countries other than your own. Where data is transferred across borders, we rely on appropriate safeguards consistent with applicable law.

12. Children

The Service is not directed to children. You must be at least 16 years of age to create an account. We do not knowingly collect personal data from anyone under that age; if we learn that we have, we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make a material change, we will revise the effective date above and publish the updated policy on this page.

14. Contact

Questions about this Privacy Policy, or requests to exercise your rights, can be sent to support@strataprotocol.org.

Cookie Policy

The cookies and browser storage StrataProtocol.org uses, why, and how to manage them. No third-party tracking.

Refund & Billing Policy

How paid membership billing works on StrataProtocol.org — charges, refunds, cancellation, and pricing-change notice.