Strata AI

Privacy Policy

Last updated: March 15, 2026

1. Introduction

XWNK Enterprises LLC, doing business as Strata AI ("Strata AI," "we," "our," or "us"), operates the Strata AI platform (strataai.org), an AI-powered communication and productivity platform designed for financial advisors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including writing style calibration, team collaboration features, automated meeting joining, and integrations with third-party services such as Zoom, Microsoft Outlook, and Google Calendar.

2. Data Processing Roles

When you use Strata AI to process information about your clients — including meeting transcripts, contact details, financial data, and communications — you act as the Data Controller and Strata AI acts as the Data Processor. This means:

  • You determine the purposes and means of processing your client data through your use of the platform.
  • We process your data solely to provide the services you have requested and in accordance with your instructions as expressed through your use of the platform.
  • We do not sell, rent, or share your data with third parties for their own marketing or commercial purposes.
  • We do not use your client data to train AI models or for any purpose other than delivering the services to you.
  • We do not allow our third-party AI providers to use your data for model training, benchmarking, or any secondary purpose.
  • You are responsible for ensuring you have the appropriate legal basis (e.g., client consent, legitimate interest) to input your clients' data into the platform.

3. Information We Collect

3.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in through our OAuth provider, we receive your basic profile information.

3.2 Usage Data

We collect information about how you interact with our platform, including features used, pages visited, and actions taken. This helps us improve the platform experience.

3.3 Third-Party Integration Data

When you connect third-party services (such as Zoom, Microsoft Outlook, or Google Calendar), we collect and store the necessary OAuth tokens and associated account information (such as your Zoom email address) to provide the integrated functionality. We only request the minimum permissions (scopes) necessary to deliver the features you use.

3.4 Client and Prospect Data

If you use our CRM features, you may input information about your clients and prospects, including names, email addresses, phone numbers, financial details, and meeting notes. This data is stored securely and is only accessible to you and authorized users within your organization.

3.5 Meeting Recordings & Transcripts

When you use our meeting recording features, we collect audio data from your meetings (via video conferencing integrations or in-person browser recording). This audio is transmitted to third-party transcription services for processing and is not retained by those services beyond the processing window. The resulting transcripts, summaries, and AI-generated notes are stored in our database and associated with your user account.

3.6 Writing Style Calibration Data

If you use our writing style calibration feature, we collect text samples, voice recordings, or past email content that you voluntarily provide. This data is analyzed to create a writing style profile that personalizes AI-generated content to match your communication style. Voice recordings are processed by third-party transcription services and are not retained beyond the processing window. Your writing style profile is stored securely and associated with your account.

3.7 Team Collaboration Data

When you use team collaboration features (folder sharing, team invitations, assistant seats, shared meeting notes, households, and organizations), we collect information about team membership, sharing permissions, and access patterns. This data is used solely to facilitate collaboration and enforce access controls within your team or organization.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Strata AI platform
  • Facilitate integrations with third-party services you connect (e.g., scheduling Zoom meetings on your behalf)
  • Generate AI-powered communications, meeting summaries, and recommendations
  • Transcribe and analyze meeting recordings to produce notes, action items, and follow-up suggestions
  • Send you service-related notifications and updates
  • Analyze usage patterns to improve our features and user experience
  • Generate personalized writing style profiles to improve AI-generated content quality
  • Facilitate team collaboration and content sharing between authorized team members
  • Enable automated meeting bot joining for scheduled meetings you authorize
  • Ensure the security and integrity of our platform

5. Meeting Transcripts & Recording Data

When you use Strata AI's meeting recording and transcription features, the following data handling practices apply:

  • Meeting recordings and transcripts are processed using third-party transcription services (see Section 7: Sub-Processors) and stored in our secure database.
  • All transcript data is logically isolated per user account. Each user can only access their own meeting transcripts and recordings through the platform.
  • Raw audio recordings held by third-party transcription services are automatically deleted after processing is complete. Strata AI does not retain raw audio files on third-party infrastructure beyond what is necessary for transcription.
  • Transcripts stored in our database are associated with your user account and protected by the same access controls that govern all user data on the platform.
  • You may delete any meeting transcript at any time through the platform. Deletion removes the transcript, summary, action items, and all associated AI-generated content from our database.
  • You are responsible for informing meeting participants that the meeting is being recorded and transcribed, and for obtaining any required consent in accordance with applicable laws and your firm's compliance policies.

6. Zoom Integration

When you connect your Zoom account to Strata AI, we access the following through Zoom's API:

  • Your Zoom user profile (email address and user ID) to identify your account
  • The ability to create scheduled meetings on your behalf

We store your Zoom OAuth tokens securely and encrypted. These tokens are used solely to create meetings when you request them through our platform. We do not access your Zoom meeting recordings, chat messages, or any other Zoom data beyond what is listed above. You can disconnect your Zoom account at any time from your Profile settings, which will immediately delete all stored Zoom tokens.

7. Sub-Processors & Third-Party Services

To deliver our services, Strata AI engages the following categories of third-party sub-processors that may process your data:

  • Meeting Transcription: We use Recall.ai and Deepgram to record and transcribe meetings. Audio data is transmitted to these services for real-time or batch transcription and is subject to their respective data processing terms. Raw audio is not retained by these services beyond the processing window.
  • AI Language Processing: We use large language model providers to generate email drafts, meeting summaries, action items, and other AI-powered features. Data sent to these providers is used solely for generating responses and is not retained for model training.
  • Cloud Infrastructure: Your data is stored on secure cloud infrastructure with encryption at rest and in transit. Database access is restricted to authenticated application processes.
  • Payment Processing: Stripe processes all payment transactions. We do not store credit card numbers or payment credentials on our servers.
  • Calendar & Communication Integrations: When you connect Zoom, Microsoft Outlook, or Google Calendar, data is exchanged with those services under your authorization and their respective terms.

We maintain contractual obligations with each sub-processor to ensure they handle your data in accordance with applicable data protection standards. We will notify users of material changes to our sub-processor list.

8. No AI Model Training — Your Data Is Never Used to Train AI

We do not use your data to train generalized artificial intelligence or machine learning models. We do not allow any third party — including our AI language model providers — to use your data to train AI models. Your client data, meeting transcripts, emails, contact information, writing style profiles, and all other content you input into the platform is used solely to deliver the services you have requested and is never repurposed for model training, benchmarking, or any other secondary use. This commitment applies to all data processed through the platform, including data processed by our third-party sub-processors.

8A. Data Usage & Independent Business Activities

Strata AI is operated by XWNK Enterprises LLC, which may also engage in financial advisory, wealth management, and related business activities independently of the Strata AI platform. We are committed to the following:

  • We do not use user-uploaded client data for sales, marketing, lead generation, or business development purposes. Your client lists, contact information, and financial data will not be used to solicit, target, or recruit your clients.
  • Administrative access to platform data is limited to technical support, platform maintenance, service improvement, and compliance with legal obligations. All administrative access is logged in the audit trail.
  • XWNK Enterprises LLC and its affiliates may independently engage in financial advisory services and business development activities. These activities are conducted independently of and without reference to data stored on the Strata AI platform.
  • Platform user data is logically isolated per account and is not accessible to business development, sales, or advisory personnel of XWNK Enterprises LLC in the ordinary course of business.
  • The existence of overlapping clients between a platform user and XWNK Enterprises LLC or its affiliates does not constitute a breach of this policy, provided that platform data was not used to identify or target those clients.

For full details on non-competition and independent business activities, please refer to Section 6A of our Terms of Service.

9. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

  • With the third-party sub-processors described in Section 7, solely to provide the services you have requested
  • With third-party services you explicitly connect (e.g., sending meeting invites via Zoom)
  • If required by law, regulation, or legal process
  • To protect the rights, property, or safety of Strata AI, our users, or others
  • In connection with a merger, acquisition, reorganization, or sale of assets, as described in Section 10 below

10. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information. Following any such transfer, the acquiring entity will remain bound by the terms of this Privacy Policy with respect to your data until you are notified of changes and given the opportunity to opt out.

11. Data Security & Access Controls

We implement the following security measures to protect your data. Strata AI is currently undergoing a SOC 2 Type 2 examination, which evaluates the design and operating effectiveness of our security controls over a sustained observation period.

  • All data is encrypted in transit using TLS 1.2 or higher.
  • Database storage uses encryption at rest.
  • User data isolation is enforced at the application layer — every database query is scoped to the authenticated user's account.
  • Authentication is managed through secure protocols with session-based access tokens.
  • Administrative access to production systems is restricted and logged. Platform administrators do not access individual user data in the ordinary course of business.
  • The platform includes an administrative impersonation feature that allows the platform owner to temporarily access a user's account for support and troubleshooting purposes. Every impersonation session is fully logged in the audit trail with the administrator's identity, the target user, and timestamps. This feature is restricted to the platform owner only.
  • Audit logs track account-level actions including meeting creation, data exports, account changes, team sharing events, and administrative impersonation sessions.
  • We conduct periodic reviews of our security practices and access controls.
  • We follow a Secure Software Development Lifecycle (SSDLC) that integrates security into every phase of development, from design through deployment and monitoring.
  • Rate limiting is applied to authentication endpoints and administrative access to prevent brute force attacks.

However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

12. Data Retention & Deletion

We retain your data for as long as your account is active and as needed to provide you with our services. Our data retention practices include:

  • Meeting transcripts and AI-generated notes are retained until you delete them or close your account.
  • Raw audio data held by third-party transcription services is automatically purged after transcription processing is complete.
  • If you disconnect a third-party integration, the associated tokens and credentials are deleted immediately.
  • Upon account termination, we will delete your data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records, dispute resolution).
  • You may request a full export of your data at any time by contacting us at [email protected].
  • You may request deletion of specific data (individual meetings, contacts, conversations) at any time through the platform interface or by contacting us.

13. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing activities
  • Disconnect any third-party integrations at any time
  • Export your data in a portable format
  • Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at [email protected].

15. Cookies & Tracking Technologies

Strata AI uses a limited set of cookies and tracking technologies to operate the platform:

  • Session cookies: Essential cookies used to maintain your authenticated session and remember your preferences. These are strictly necessary for the platform to function.
  • Analytics: We use privacy-focused analytics to understand aggregate usage patterns (pages visited, features used). We do not use Google Analytics or any advertising-based tracking.
  • Third-party cookies: Payment processing (Stripe) may set cookies during checkout. No advertising or social media tracking cookies are used.

You can control cookies through your browser settings. Disabling essential cookies may prevent the platform from functioning correctly.

16. Do Not Track Disclosure

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, Strata AI does not currently respond to DNT browser signals. However, we do not engage in cross-site tracking, behavioral advertising, or selling of personal information. Our tracking is limited to the essential analytics described in Section 15 above.

17. Anonymized & Aggregated Data

We may create anonymized or aggregated data from information collected through the platform. Anonymized data is stripped of all personally identifiable information and cannot be linked back to you or your clients. We may use anonymized and aggregated data for purposes such as analyzing platform usage trends, improving our services, and generating industry benchmarks. Anonymized data is not subject to the restrictions in this Privacy Policy because it is no longer personal information.

18. Geographic Scope & International Data Transfers

Strata AI is operated from the United States. All data is stored and processed on servers located in the United States. If you access the platform from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the platform, you consent to the transfer of your information to the United States. We implement the security measures described in this policy to protect your data regardless of where it is processed.

19. Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will notify affected users within 72 hours of becoming aware of the breach. Notification will be provided via email to the address associated with your account and, where appropriate, through a prominent notice on the platform. The notification will include a description of the nature of the breach, the types of information involved, the steps we are taking to address the breach, and recommendations for steps you can take to protect yourself.

20. Children's Privacy

Strata AI is designed for use by financial professionals and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

21. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date and, where practicable, by email notification. Your continued use of the platform after changes constitutes acceptance of the updated policy.

22. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your data rights, please contact us at [email protected].