Privacy Policy

Stratify ("we", "our", "us") operates the Stratify platform, a B2B contact discovery and profiling service accessible at stratify.in. We are a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (India).

When you create a Stratify account, we collect:

• —Email address: to identify your account and send service communications
• —Password (hashed): if you register with email/password
• —Google account ID: if you sign in with Google OAuth
• —Usage data: contacts used per day/month, jobs run, plan tier
• —Billing data: subscription status via Dodo Payments (we do not store card numbers)

We do not sell your personal account data to any third party.

Stratify discovers professional profiles from publicly available web data indexed by Google Search. We do not scrape LinkedIn directly. The data we process includes: full name, job title, company, location, company website, industry, and public profile URL, all sourced from Google search results.

When you use email or phone enrichment (Pro/Agency plans), we obtain additional contact data from third-party data brokers:

• —Work email addresses: via Hunter.io (hunter.io/privacy-policy)
• —Personal emails and phone numbers: via RocketReach (rocketreach.co/privacy)

This data is stored in your account and exported only by you. Stratify does not share enriched profile data with other users or third parties.

• —To provide and operate the Stratify service
• —To enforce usage limits based on your subscription plan
• —To process payments via Dodo Payments
• —To improve search relevance and profile scoring
• —To send essential service communications (plan changes, security alerts)

We do not use your data for advertising or sell it to third parties.

Stratify uses Google Gemini (a large language model) to extract structured information from Google search result titles and snippets. Only publicly indexed text is sent to Gemini; no emails, phone numbers, or account data. Google's API terms prohibit using API inputs for model training.

We share data with the following services to operate Stratify:

• —Google OAuth: account authentication
• —Serper.dev: Google Search API for profile discovery
• —Google Gemini: AI-based profile data extraction
• —Hunter.io: work email enrichment
• —RocketReach: personal email and phone enrichment
• —Dodo Payments: subscription billing (Merchant of Record)
• —Railway: cloud hosting (servers and database)
• —Vercel: frontend hosting
• —Redis: caching layer for profile data and session management
• —PostHog: product analytics (only when analytics cookies are accepted)

Under the DPDP Act 2023 and GDPR (for EU residents), you have the right to:

• —Access: request a copy of the personal data we hold about you
• —Correction: request correction of inaccurate data
• —Erasure: request deletion of your account and associated data
• —Withdraw consent: stop using the service at any time

To exercise any of these rights, you can delete your account directly from your account settings. We will process requests within 30 days.

We retain your account data for as long as your account is active. If you delete your account, your personal data and associated search results are permanently deleted within 30 days. Anonymised, aggregated usage statistics may be retained indefinitely.

Profile data discovered during searches is stored in a shared cache and automatically deleted after 60 days of inactivity (i.e. if the profile has not appeared in any search within that period). AI-parsed profile data in our temporary processing cache is automatically deleted after 7 days.

Specific retention periods:

• —Profile cache: 60 days of inactivity
• —Search job results: 90 days
• —Account data post-deletion: 30 days
• —Payment records: 7 years (legal requirement)
• —Audit logs: 3 years
• —Consent records: account lifetime + 3 years

Passwords are hashed using bcrypt. Data is transmitted over HTTPS. Access to the database is restricted to authorised services. JWT tokens expire after 24 hours.

Stratify is a professional B2B service and is not directed at persons under 18. We do not knowingly collect data from minors.

We may update this Privacy Policy as our services evolve. Material changes will be communicated by email or prominent notice on the platform. Continued use after notice constitutes acceptance.

For any privacy-related questions or requests, please use the account settings page within the Stratify platform, or submit a request through our Privacy Rights Request page.

Stratify collects consent for the following data processing activities:

• —Account Processing: core data processing required to operate your Stratify account, manage authentication, enforce usage limits, and deliver the service. This consent is required and cannot be withdrawn while your account is active.
• —Analytics Tracking: collection of anonymous usage analytics (via PostHog) to understand how users interact with the platform and improve the product experience.
• —Marketing Communications: receiving product updates, feature announcements, and promotional communications via email.
• —Third-Party Enrichment: allowing third-party data providers (Hunter.io, RocketReach) to enrich discovered contact profiles with additional information such as work emails and phone numbers.

Depending on your location, you may have additional rights under the following regulations:

DPDP (India — Digital Personal Data Protection Act, 2023)

Right to access, correction, erasure, and grievance redressal. Stratify acts as a Data Fiduciary. You may nominate another person to exercise your rights.

GDPR (EU/EEA/UK — General Data Protection Regulation)

Right to access, rectification, erasure, restriction, portability, and objection. Right to withdraw consent at any time. Right to lodge a complaint with a supervisory authority.

CCPA (California — California Consumer Privacy Act)

Right to know, delete, and opt-out of the sale of personal information. Right to non-discrimination for exercising your rights.

DPA_PH (Philippines — Data Privacy Act of 2012)

Right to be informed, access, rectification, erasure, and to file a complaint with the National Privacy Commission.

PDP_Law (Indonesia — Personal Data Protection Law)

Right to access, correction, deletion, and withdrawal of consent. Right to request data portability.

PDPL_UAE (UAE — Personal Data Protection Law)

Right to access, rectification, erasure, restriction, and portability. Right to object to automated decision-making.

PDPL_SA (Saudi Arabia — Personal Data Protection Law)

Right to access, correction, and destruction of personal data. Right to withdraw consent.

To exercise any of these rights, visit our Privacy Rights Request page.