Privacy Policy

1. Introduction

Strata Console (“we”, “us”, “our”) operates Console, an AI-assisted platform for strata (body corporate) management. This policy describes how we collect, use, store, and protect your personal information, including data we obtain when you connect third-party identity and productivity accounts (such as Google or Microsoft). Our use of data from these providers complies with each provider’s terms and data-use policies,including the Google API Services User Data Policy and Microsoft’s requirements for applications using the Microsoft identity platform and Microsoft Graph (see Microsoft identity platform Terms of Use).

2. Data we collect

We may collect: account information (e.g. name, email); data you provide when using the service (e.g. emails, documents); usage data (e.g. how you use the product); and technical data (e.g. IP address, device information).

3. Data from connected accounts (e.g. Google, Microsoft)

When you connect a third-party account to Console, we request only the access necessary to provide the features you use. Depending on which services you connect, we may receive:

• Profile and identity (name, email address, and optionally profile picture): to identify your account and personalise the service.
• Email (messages, metadata, and the ability to compose, modify, and send mail): to sync your inbox, prioritise and organise emails, draft replies, and provide AI-assisted correspondence in the context of strata management. For Google this includes Gmail; for Microsoft this includes Outlook/Mail.
• Calendar (events, attendee information, descriptions): to sync your calendar, show meetings and AGMs, and help you prepare agendas and minutes. For Google this is Google Calendar; for Microsoft this is Outlook Calendar.
• Cloud storage (where applicable): for Google we may access files created or opened by Console via Google Drive (“drive.file” scope) only to store or access files you explicitly use within Console (e.g. meeting minutes, documents). We do not request broad access to your cloud storage beyond what is needed for these features.

We do not collect data from connected accounts beyond what is necessary for these user-facing features. We do not use such data for advertising, retargeting, interest-based advertising, selling to data brokers or information resellers, or for determining credit-worthiness or lending. We do not use it to train AI models except where we have disclosed that use and obtained your explicit consent.

4. How we use your data (including data from connected accounts)

We use your data only to provide and improve the service, to communicate with you, to ensure security and compliance, and as otherwise described in this policy or with your consent. We use data from connected accounts only to:

• Provide email sync, search, and drafting within Console.
• Provide calendar sync and meeting-related features (agendas, minutes).
• Store or access files you use within the app (where applicable).
• Improve user-facing features that are prominent in the Console interface.

Our use of data obtained through third-party APIs complies with each provider’s policies,including Google’s API Services User Data Policy (and its Limited Use requirements) and Microsoft’s requirements for applications. We limit use of such data to providing or improving user-facing features that are prominent in our application. We do not sell your personal information or data from connected accounts.

5. With whom we share, transfer, or disclose data

We do not sell, rent, or share your personal information or data from connected accounts with third parties for their marketing or advertising purposes. We do not transfer or disclose such data to advertising platforms, data brokers, or information resellers. We may share data only:

• With service providers who assist us in operating the service (e.g. hosting, infrastructure), under strict confidentiality and only to provide or improve the service.
• When required by law or to protect our rights and safety.
• With your consent, for a specific purpose we have disclosed to you.

Any such sharing is limited to what is necessary and does not include use for targeted advertising, selling to data brokers, or other uses prohibited by applicable provider policies (e.g. Google, Microsoft).

6. Human access to your data

Our employees, agents, and contractors do not read your data from connected accounts (e.g. email content, calendar events) unless: (a) we have obtained your affirmative agreement to view specific messages, files, or other data; (b) it is necessary for security purposes (e.g. investigating abuse or a bug); or (c) it is necessary to comply with applicable law. We comply with applicable provider policies (including Google’s API Services User Data Policy) in this regard.

7. Data protection and security

We implement appropriate technical and organisational measures to protect your data, including data from connected accounts. This includes encryption in transit (e.g. TLS) and at rest where applicable, access controls, and secure storage. We maintain a secure operating environment and do not use undocumented or unauthorised means to access any provider’s APIs (e.g. Google API Services, Microsoft Graph). No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we take reasonable steps to protect your information.

8. Data retention and deletion

We retain your data for as long as needed to provide the service and to comply with legal obligations. When the retention period for a given type of data expires, we delete or destroy it in accordance with our internal policies. You may request deletion of your data at any time; we will process such requests in line with applicable law. You may also revoke Console’s access to your connected accounts at any time,for example via Google Account settings (Security → Third-party apps with account access) or via your Microsoft account or your organisation’s app consent settings. Revoking access will stop new data from being collected; we will handle previously collected data in accordance with this policy and your deletion requests.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, or port your data, or to object to or restrict certain processing. Contact us to exercise these rights. For data from connected accounts, you can also manage and revoke access through your Google Account settings or your Microsoft account / organisation’s app consent settings.

10. Cookies and similar technologies

We may use cookies and similar technologies to operate the service and to analyse usage. You can adjust your browser settings to manage cookies.

11. Changes to this policy

We may update this policy from time to time. We will indicate the last updated date and, where appropriate, notify you of material changes. If we change how we access, use, store, or share data from connected accounts, we will notify you and, where required by applicable or provider policies (e.g. Google, Microsoft), prompt you to consent to the updated practices before making use of your data in the new way. Your continued use of the service after such notice constitutes acceptance of the updated policy where permitted by law.

12. Contact

For privacy-related questions, requests, or to exercise your rights, contact us at privacy@strataconsole.com. This privacy policy is linked from our homepage and from our in-app interface so that you can find it easily. The same privacy policy URL is used in our app registration and consent configurations for third-party providers (e.g. Google, Microsoft).