Privacy Policy

We collect only what is required to run Styr and serve you well:

• Account data — full name, work email, hashed password, business name.
• Operational data — the KPIs, decisions, outcomes, tasks, signals, and integration metadata you create.
• Integration tokens — credentials for Stripe, Shopify, GA4, Xero, HubSpot, etc. Always encrypted at rest with Fernet (AES-128 + HMAC-SHA-256). Never logged, never returned over the API.
• Product analytics — anonymised usage events to improve the product (PostHog).

We do not sell your data. We do not profile users for advertising. We do not share operational data with third parties.

Your operational data drives the Service: it powers the AI assistant, the deterministic signals engine, decision recommendations, and the memory/learning loop. AI calls run on regulated infrastructure (Claude Sonnet 4.5 via Emergent's LLM proxy); prompts include only the business context strictly needed to answer the question.

We use a small set of vetted sub-processors:

• MongoDB Atlas — primary database (encrypted at rest, TLS in transit).
• Emergent — hosting, LLM proxy, deployment infrastructure.
• Namecheap PrivateEmail — transactional email (password resets, invites).
• PostHog — anonymised product analytics.

We will notify you in-product before adding any new sub-processor that touches your data.

Your data is retained for as long as your account is active. If you close your workspace, you have 30 days to export anything you need. After that, records are permanently deleted (except records we must keep for legal or accounting reasons, such as invoices).

You can, at any time:

• Access a copy of your personal data.
• Correct anything inaccurate.
• Export the full Trust Audit envelope from Settings → Trust & transparency.
• Delete your workspace.
• Object to a processing activity, or withdraw consent.

Email platform@styrbiz.com and we will respond within 14 days.

We follow industry best-practice: bcrypt password hashing, rotating JWT access tokens, encrypted integration credentials, TLS 1.2+ in transit, principle of least privilege on sub-processors, daily backups. If a breach occurs that materially affects you, we will notify you within 72 hours.

Styr only uses cookies that are strictly necessary to keep you signed in (HTTP-only session token). We do not use marketing or tracking cookies. PostHog analytics runs in identified-only mode for signed-in users.

Privacy questions go to platform@styrbiz.com. See also our Terms & Conditions for the legal framework.