Straitum ("Straitum," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit straitum.com or use the Straitum security risk platform at app.straitum.com (collectively, the "Services"). Please read this policy carefully. If you disagree with its terms, discontinue use of the Services.
We collect information you voluntarily provide when you:
When you use the Straitum platform, you may upload or import vulnerability scan data, asset inventories, vendor information, and related security data from third-party tools (e.g., Tenable, Qualys, CrowdStrike). This data belongs to you. We process it solely to provide the Services.
When you visit our websites, we may automatically collect:
We do not currently use third-party analytics tools that track users across sites.
We use the information we collect to:
We do not sell your personal information. We do not use your security data for any purpose other than providing the Services to you.
If you are located in the European Economic Area or United Kingdom, we process your personal data under the following legal bases:
We do not sell, trade, or rent your personal information to third parties. We may share information with:
We retain personal information for as long as necessary to provide the Services and fulfill the purposes described in this policy, unless a longer retention period is required by law.
We use the following third-party subprocessors to help deliver our Services. All subprocessors are bound by appropriate data protection agreements.
| Provider | Purpose | Location |
|---|---|---|
| Railway | Application and database hosting | United States |
| Resend | Transactional email delivery | United States |
| Anthropic | AI-assisted CVE summarization (optional feature) | United States |
We will update this list when we add new subprocessors. Material changes will be communicated to platform users.
We implement administrative, technical, and physical safeguards designed to protect your information, including:
No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will promptly notify affected users of any confirmed breach as required by applicable law.
The straitum.com marketing site does not currently use tracking cookies or third-party analytics. The platform at app.straitum.com uses only essential cookies required for authentication (session tokens). We do not use advertising cookies or cross-site tracking.
If this changes, we will update this policy and provide appropriate notice and consent mechanisms.
Depending on your location, you may have the following rights regarding your personal information:
To exercise any of these rights, contact us at hello@straitum.com. We will respond within 30 days.
The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will delete it promptly.
Straitum is based in the United States. If you access the Services from outside the United States, your information may be transferred to and processed in the United States, which may have different data protection laws than your country of residence. By using the Services, you consent to this transfer. For EEA/UK users, we rely on Standard Contractual Clauses where applicable.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new effective date and, for platform users, by sending an in-app notification or email. Your continued use of the Services after changes take effect constitutes your acceptance of the revised policy.
Questions about this Privacy Policy? Contact us at hello@straitum.com