stratai
  • Pricing
  • Blog
LoginBook a demo
Draft — pending legal review. This policy has been drafted against the Australian Privacy Principles in the Privacy Act 1988 (Cth) and is intended for review by external counsel before stratai accepts paying customers. Do not rely on it as a final statement of how we will handle personal information.

Privacy Policy

Last updated: 18 May 2026

This Privacy Policy explains how stratai ("we", "us", "our") handles personal information when you use our software-as-a-service platform. We comply with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme.

1. Who we are (APP 1)

stratai is operated by stratai Pty Ltd, an Australian company. We are an APP entity for the purposes of the Privacy Act. We are the primary collector and processor of personal information when you use the platform directly; when you use stratai as a member of a strata scheme managed by a stratai customer, that customer is the relevant APP entity for the strata data they upload and we act as their processor.

2. What we collect (APP 3)

  • Account information you give us: name, email, phone, organisation, role.
  • Strata data you (or your strata firm) upload: lot ownership, financial ledgers, levy notices, repairs, renovations, by-laws, and meeting documents. This may include personal information about lot owners, residents, and contractors.
  • Usage data: pages visited, actions performed, device and browser metadata, IP addresses, and timestamps, recorded in our audit log and analytics tooling.
  • Communications: messages and attachments you send through the in-product inbox or to support.
  • Sensitive information: we do not knowingly collect sensitive information (APP 3.3) and ask that you do not upload it through the platform.

3. How we use it (APP 6)

  • To provide, operate, and improve the platform.
  • To send transactional emails (account, billing, notice generation, invitations).
  • To generate AI-assisted features (drafting, summarisation, by-law search). See section 5 for the sub-processors involved.
  • To meet legal and regulatory obligations, including responses to lawful requests from authorities.
  • For aggregated, de-identified analytics to understand product usage. We do not sell personal information.

4. Storage, security, and data residency (APP 11)

Our primary database is hosted on Supabase in an Australian region (Sydney ap-southeast-2). The application is deployed on Vercel; static assets and edge cache nodes are global, but personal information in our database stays in Australia. The verification runbook is documented internally in our compliance handbook.

We use encryption in transit (TLS 1.2 or higher) and at rest, restrict access on a need-to-know basis with multi-factor authentication, and maintain an append-only audit log of regulated actions performed by users and staff. We periodically review access controls and remove dormant accounts.

5. Disclosure and overseas sub-processors (APP 8)

We share personal information only with (a) service providers acting on our written instructions; (b) your strata firm or owners corporation, where you participate in a scheme they manage; and (c) authorities, where required by law. The following sub-processors may handle personal information on our behalf:

  • Supabase (database, auth, storage) — primary region Sydney, Australia. Some platform metadata may be processed in the United States.
  • Vercel (application hosting, edge compute, analytics) — global edge network with primary region configured for Sydney. Logs may be processed in the United States.
  • AI model providers accessed via the Vercel AI Gateway (currently includes Anthropic, OpenAI, and Google). Prompts and completions may be processed in the United States or the European Union. We do not permit these providers to train models on your data.
  • Email delivery (transactional email provider, configured per environment).

6. Your rights (APP 12 and APP 13)

You can request access to, or correction of, personal information we hold about you, and ask us to delete or anonymise it where we are not required to retain it. Email privacy@stratai.com.au. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.

7. Retention

We retain account information for as long as you have an active account, and audit-log entries for at least seven years to support compliance and dispute resolution. Strata data uploaded by a customer is retained under the terms of our agreement with that customer.

8. Data breach notification (NDB scheme)

If we become aware of an eligible data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

9. Complaints

If you believe we have mishandled your information, contact us first at privacy@stratai.com.au. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner at oaic.gov.au.

10. Cookies and analytics

We use first-party session cookies for authentication, and Google Tag Manager and Vercel Analytics for aggregate product analytics. You can disable non-essential cookies in your browser settings.

11. Changes

We may update this policy. Material changes will be notified in-product or by email at least 14 days before they take effect.

12. Contact

Privacy enquiries: privacy@stratai.com.au

stratai

Strata management for managers and owners, without the chaos.

Product

  • Repairs
  • Owner portal
  • AI assistant
  • Pricing
  • Book a demo

Solutions

  • For strata managers
  • For owners & committees
  • Login

By state

  • Strata software NSW
  • Owners corporation VIC
  • Body corporate QLD

Company

  • About
  • Blog
  • Contact

Legal

  • Privacy
  • Terms
  • Security

© 2026 stratai. All rights reserved.

FacebookInstagramXGitHubYouTube