Privacy Policy

Account and Business Information

When you create an account, we collect your name, email address, company name, and facility information. This is used to authenticate you and provide the service.

Operational Data You Enter

STRATA stores data you input directly, including roast logs, orders, inventory records, customer records, product information, and related operational data. This data belongs to you.

Shopify Store Data

If you connect a Shopify store, we access and store the following data from Shopify on your behalf, using the permissions you grant during installation:

• Orders — order number, line items, quantities, fulfillment status, order date, and order-level notes
• Products and variants — product names, variant titles, SKUs, and prices, used to map Shopify products to STRATA products
• Customer information — name and email address, used to match Shopify orders to existing STRATA customers or create new customer records

We do not access or store Shopify payment details, card numbers, or financial account information.

Usage and Technical Data

We may collect standard server logs and usage metadata (such as pages visited and actions taken) to operate and improve the platform. This data is not sold or shared with third parties for marketing purposes.

We use the data we collect to:

• Provide, operate, and maintain the STRATA platform
• Import and sync orders, products, and customers from your connected Shopify store
• Match incoming Shopify orders to products and customers in your STRATA account
• Send webhooks and process real-time order updates from Shopify
• Respond to your support requests
• Send service-related communications (account notices, security alerts)
• Improve and develop platform features
• Comply with legal obligations

We do not sell your data. We do not use your Shopify store data or your customers’ data for advertising or marketing purposes.

STRATA accesses Shopify merchant data solely to provide the integration features you have enabled. Specifically:

• Order data is imported into STRATA to allow you to manage fulfillment within our platform
• Product data is used only to build and maintain your product mappings between Shopify and STRATA
• Customer data (name and email) is used only to associate orders with customer records in STRATA

We do not share Shopify store data with any third party except as necessary to operate the service (e.g., our hosting provider, Supabase). We do not combine your Shopify data with data from other merchants.

When Shopify orders are imported into STRATA, we process the name and email address of your end customers (Shopify buyers) solely to fulfill the purpose of the integration — matching orders to customer records. This data is:

• Used only within your STRATA account
• Not sold or shared with any third party
• Not used for marketing or profiling
• Stored securely within our infrastructure

You, as the merchant, are the data controller for your customers’ information. We act as a data processor on your behalf.

We share data only in the following limited circumstances:

• Infrastructure providers — We use Supabase (database and authentication) and Vercel (hosting). These providers process data on our behalf under appropriate data processing agreements.
• Legal requirements — We may disclose data if required by law, regulation, or valid legal process.
• Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

We do not sell, rent, or trade your data to any third party.

We retain your account data and operational data for as long as your account is active. If you close your account, we will retain your data for a reasonable period (up to 90 days) to allow for data export, after which it will be deleted from our systems.

Shopify data imported into STRATA (orders, products, customer records) is retained as part of your operational records and is subject to the same retention policy. Disconnecting the Shopify integration stops future data sync but does not automatically delete previously imported records.

If you would like us to delete specific data, please contact us at privacy@strataroast.com.

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS) and at rest
• Role-based access controls limiting who can access your facility’s data
• Secure credential storage — we never store Shopify OAuth tokens in plaintext
• HMAC-SHA256 signature verification for all incoming Shopify webhooks

While we take reasonable steps to protect your data, no system is completely secure. We cannot guarantee absolute security.

Depending on your location, you may have the following rights with respect to your personal data:

• Access — Request a copy of the data we hold about you
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your data (subject to legal retention requirements)
• Portability — Request your data in a machine-readable format
• Restriction — Request that we limit processing of your data
• Objection — Object to certain types of processing

For California residents: we do not sell personal information as defined under the CCPA.

To exercise any of these rights, contact us at privacy@strataroast.com. We will respond within 30 days.

STRATA uses session cookies strictly necessary for authentication and platform operation. We do not use advertising or tracking cookies. We do not use third-party analytics services that set cookies on your device.

STRATA is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the platform. The “Effective date” at the top of this page reflects when the policy was last updated. Continued use of the platform after changes take effect constitutes your acceptance.

For privacy-related questions, data requests, or concerns, contact us at:

Strata Roast
privacy@strataroast.com