Privacy Policy

Last Updated: October 16, 2025

1) Who We Are (Data Controller)

  • Legal name: SStrait LLC 
  • Legal structure: Close Limited Liability Company (LLC) formed in Wyoming, USA (Articles of Organization filed April 14, 2025) 
  • Registered/principal office address: 30 N Gould St Ste N, Sheridan, WY 82801, USA 
  • Registered Agent: Northwest Registered Agent Service Inc, 30 N Gould St Ste N, Sheridan, WY 82801, USA 
  • Contact email: filings@northwestregisteredagent.com 
  • Contact phone: +1-509-768-2249 
  • Employer Identification Number (EIN): delivered upon request

For all privacy matters, contact us using the details above. If and when we are required to appoint an EU representative (GDPR Art. 27), we will update this policy and provide those details. Until then, EU/EEA residents can contact us directly at the email above.

2) Scope and Applicability

  • This policy applies to personal data we collect through our websites, applications, communications, and related services (the “Services”).
  • It applies to individuals in all jurisdictions where we operate, including residents of the EU/EEA (notably Hungary, Germany, and France), Wyoming, and North Carolina.
  • This policy covers personal data we collect from you, about you from third parties, and data collected automatically (e.g., via cookies).

3) What Personal Data We Collect

  • Identity and contact data: name, email, phone, mailing address, company details/job title (if applicable).
  • Account credentials: username, password, and related profile information (if you create an account).
  • Transaction and payment data: billing details and limited payment information processed via PCI-DSS compliant processors.
  • Communications: inquiries, support requests, survey responses, feedback.
  • Technical and usage data: IP address, device identifiers, browser type, operating system, pages viewed, time on page, referral URLs, clickstream data, general location (based on IP).
  • Cookies and similar technologies: identifiers and preferences used for session management, analytics, functionality, and (where permitted) advertising.
  • Third-party and public sources: business contact details from partners or public directories; signals from anti-fraud providers.

We do not intentionally collect special categories of personal data (e.g., health, biometric, or sensitive data). If such information is ever collected inadvertently, we will delete it unless a lawful basis applies.

4) Why We Use Your Data (Purposes) and Our Legal Bases (GDPR)

We process personal data for:

  • Service delivery and account management (contract necessity)
  • Customer support and communications (contract necessity; legitimate interests)
  • Payments, invoicing, and tax/compliance (contract necessity; legal obligation)
  • Security, fraud prevention, and service integrity (legitimate interests; legal obligation where applicable)
  • Service improvement, analytics, and research (legitimate interests; consent in the EU where required for non-essential cookies)
  • Marketing communications (consent, or legitimate interests where permitted; you can opt out at any time)
  • Compliance with law, regulatory requests, and dispute handling (legal obligation; legitimate interests)

Where we rely on consent, you may withdraw it at any time without affecting prior lawful processing. Where we rely on legitimate interests, we balance our interests against your rights and expectations.

5) Cookies and Tracking Technologies

  • We use:
    • Strictly necessary cookies (essential for site operation)
    • Functional cookies (remember preferences)
    • Analytics/performance cookies (understand usage and improve services)
    • Advertising/targeting cookies (deliver relevant content/ads; only where permitted)
  • For users in the EU/EEA (including Germany and France), we request consent for non-essential cookies via a consent banner and provide granular controls. You can also manage cookies through your browser settings.
  • You can update your cookie preferences at any time via the Cookie Preferences link (if available) or by contacting us.

6) Who We Share Data With

We do not sell personal data for money. We may share personal data with:

  • Service providers/processors: hosting, analytics, email delivery, CRM, payment processors, security/anti-fraud, and customer support tools (subject to contractual confidentiality and data protection terms).
  • Professional advisors: legal counsel, auditors, accountants.
  • Authorities and regulators: when required by law, regulation, subpoena, or court order, or to protect rights, safety, and property.
  • Corporate transactions: in mergers, acquisitions, restructuring, or asset sales, your data may be transferred as part of the transaction under appropriate safeguards.

We require all recipients to implement appropriate security and confidentiality measures and process personal data only as instructed.

7) International Data Transfers

If we transfer personal data outside your jurisdiction (including from the EU/EEA to the U.S.) we implement appropriate safeguards, such as:

  • European Commission-approved Standard Contractual Clauses (SCCs)
  • Transfer risk assessments and supplementary security measures where appropriate
  • Contractual data protection commitments with recipients

You can request a description of transfer safeguards by contacting us.

8) Data Retention

We retain personal data only as long as necessary for the stated purposes or to comply with legal, tax, and accounting obligations. Typical periods include:

  • Account and service records: for the life of the account and up to 7 years thereafter (to support legal/tax records and dispute resolution)
  • Transaction/financial records: 7 years (tax/accounting)
  • Marketing data: until you withdraw consent or after 3 years of inactivity
  • Security and log data: typically up to 2 years, longer if needed for security or legal reasons

We will delete or anonymize data when no longer needed.

9) Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: obtain confirmation and a copy of your personal data
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion of your data (subject to legal exceptions)
  • Restriction: limit how we use your data in certain cases
  • Portability: receive your data in a structured, commonly used format
  • Objection: object to processing based on legitimate interests or to direct marketing
  • Consent withdrawal: withdraw consent at any time where consent is the basis
  • Complaint: lodge a complaint with your supervisory authority (EU/EEA residents)

Wyoming and North Carolina residents: While your states do not currently impose comprehensive consumer privacy regimes, we voluntarily honor reasonable requests to access, correct, delete, and opt out of marketing, and we comply with each state’s breach notification and identity theft protection requirements.How to exercise your rights:

  • Email: sstrait@sstrait.com
  • We may need to verify your identity to process requests. We will respond within 30 days (GDPR) or within a reasonable period as permitted by applicable law. If we need more time, we’ll let you know why and when you can expect a response.

10) Data Security

We use appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit (TLS) and at rest, where feasible
  • Access controls, least-privilege principles, and authentication safeguards
  • Network and application security controls and monitoring
  • Vendor risk management and contractual data protection obligations
  • Employee training and confidentiality commitments
  • Incident response and disaster recovery procedures

No system is perfectly secure; we cannot guarantee absolute security. We guarantee that we do our best to secure your data, operate transparently, and act with honesty.

11) Data Breach Notification

If a security incident leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data:

  • We will assess, document, and mitigate the incident
  • We will notify relevant authorities and affected individuals when required by law (including GDPR’s timelines) and comply with Wyoming and North Carolina breach notification obligations

12) Children’s Privacy

  • Our Services are not directed to children. We do not knowingly collect personal data from children under 13 (U.S.) or from children under 16 in the EU/EEA. If you believe a child has provided us with personal data, contact us and we will take appropriate steps to delete it.

13) Automated Decision-Making

  • We do not engage in automated decision-making that produces legal or similarly significant effects on individuals without human involvement. If this changes, we will provide meaningful information about the logic involved and your rights to request human review, express your views, and contest decisions.

14) Jurisdiction-Specific Disclosures

  • EU/EEA (including Hungary, Germany, and France): We provide the GDPR rights listed above, specify our legal bases for processing, and implement recognized safeguards for international transfers. Where consent is required (e.g., for non-essential cookies), we request it before processing.
  • Wyoming: We comply with Wyoming’s data breach notification rules and applicable sectoral/federal privacy/security requirements.
  • North Carolina: We comply with state identity theft protection and breach notification obligations and will align with any future comprehensive privacy requirements as they come into force.

15) Third-Party Links and Services

Our Services may link to third-party websites or services. Their privacy practices are governed by their own policies. We encourage you to review those policies; we are not responsible for their practices.

16) Changes to This Policy

We will update this Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be posted on this page with a new “Last Updated” date, and we will provide additional notice where required. If changes require new consent, we will seek it.

17) Contact Us

  • Controller: SStrait LLC 
  • Address: 30 N Gould St Ste N, Sheridan, WY 82801, USA 
  • Email: sstrait@sstrait.com
  • Phone: +1-509-768-2249 

EU/EEA residents: You may also raise concerns with your local supervisory authority. We will cooperate with EU data protection authorities as required.

18) Definitions (Plain Language)

  • “Personal data”: information that identifies or can reasonably be linked to a person.
  • “Processing”: any operation performed on personal data (e.g., collection, storage, use, disclosure).
  • “Controller”: the entity that determines purposes and means of processing (SStrait LLC).
  • “Processor”: a service provider processing personal data for the controller under contract.

Summary Table: Why we use your data and on what basis

PurposeExamplesLegal Basis
Service deliveryAccount setup, support, core featuresContract necessity; Legitimate interests
Payments and billingInvoicing, tax recordsContract necessity; Legal obligation
Security and integrityFraud prevention, access controlsLegitimate interests; Legal obligation
Analytics and improvementPerformance metrics, UX improvementsLegitimate interests; Consent where required (EU cookies)
Marketing and communicationsNewsletters, offersConsent or legitimate interests (opt-out anytime)
Legal and complianceAudits, regulatory requestsLegal obligation; Legitimate interests