Data Processing Addendum

This Data Processing Addendum outlines the core data processing posture Stratace offers to customers who require controller-processor clarity as part of procurement, security review, or enterprise rollout.

Roles

Customers act as controllers for the business data they provide. Stratace acts as processor where it processes that data on behalf of the customer to deliver the service.

Processing instructions

Stratace processes customer data only as necessary to provide, secure, support, and maintain the service, or as otherwise required by law.

Security posture

Stratace applies commercially reasonable safeguards that include access limitation, account controls, logging, and secure operational practices designed to reduce unauthorised access or misuse.

Subprocessors

Stratace may use infrastructure, email, payment, or related service providers where reasonably necessary. Appropriate contractual or operational safeguards are applied where commercially practical.

Deletion and return

On termination, customer data may be deleted or retained for a limited period where required for billing, disputes, fraud prevention, legal compliance, or licensing auditability.