Privacy Policy

This Privacy Policy ("Policy") describes how Strategia-X ("we," "us," or "our") collects, uses, discloses, and protects information in connection with the Strategia-X consulting services and the website located at strategia-x.com (the "Site"). We are committed to protecting your privacy and being transparent about our data practices.

This Policy applies to all visitors, users, and clients who access the Site or engage our services. By accessing or using the Site, you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please do not use the Site.

Data Controller: Strategia-X, United States.
Contact: For any privacy-related inquiries, contact us at [email protected].

1.1 Information You Provide Directly

We collect information that you voluntarily provide when you interact with us, including:

• Contact Information — Name, email address, company name, job title, and phone number when you submit a contact form, request a consultation, or email us directly.
• Communication Data — The content of messages, inquiries, consultation requests, and any correspondence you send to us through the Site, email, or other channels.
• Engagement Data — Information provided during consulting engagements, including project details, business requirements, and organizational data necessary to deliver our services.
• ROI Calculator Inputs — Business metrics you enter into our ROI Calculator tool (revenue, employee count, IT costs, etc.). This data is processed client-side and is only transmitted to our servers if you explicitly request an email report.
• Email Report Requests — When you request an ROI report via email, we collect your email address and the associated calculator results to fulfill that request.

1.2 Information Collected Automatically

When you visit the Site, we automatically collect certain information through cookies and similar technologies:

• Device and Browser Information — Browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage Data — Pages visited, time spent on pages, click patterns, scroll depth, referral URLs, and navigation paths through the Site.
• Network Information — IP address (anonymized where technically feasible), approximate geographic location (city/region level), and internet service provider.
• Performance Data — Page load times, errors encountered, and technical diagnostics used to maintain Site functionality.

1.3 Information from Third Parties

We may receive limited information from third-party services integrated into our Site, specifically Google Analytics 4 (aggregated usage statistics) and Supabase (contact form delivery confirmations). We do not purchase or obtain personal information from data brokers or other third-party data providers.

For individuals located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Consent — Where you have provided explicit consent for a specific purpose, such as opting in to receive marketing communications or submitting a contact form. You may withdraw consent at any time.
• Contractual Necessity — Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request, such as responding to a consultation inquiry or delivering consulting services.
• Legitimate Interests — Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms. This includes website analytics, security monitoring, and improving our services.
• Legal Obligation — Where processing is necessary to comply with applicable laws, regulations, or legal proceedings.

We use the information we collect for the following purposes:

• Service Delivery — To respond to your inquiries, schedule consultations, deliver consulting services, and manage client relationships.
• Communication — To send you information relevant to your inquiry, project updates, and service-related communications.
• Site Improvement — To analyze usage patterns, diagnose technical issues, and improve the content, functionality, and user experience of the Site.
• Security — To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
• Legal Compliance — To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Marketing — To send relevant communications about our services, industry insights, or educational content, but only where you have provided prior consent. You may opt out at any time.

We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects on you.

We want to be explicit about what we do not do with your data:

• We do not sell your personal information to any third party, for any purpose, under any circumstances. This applies to all users regardless of jurisdiction.
• We do not share your personal information with third parties for their own marketing purposes.
• We do not use third-party advertising cookies, retargeting pixels, or behavioral advertising technologies.
• We do not collect sensitive personal information (racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health information, sexual orientation) through the Site.
• We do not knowingly collect financial information (credit card numbers, bank account details) through the Site. Payment processing for consulting engagements is handled through separate, secure invoicing channels.

5.1 Types of Cookies We Use

• Essential Cookies — Required for the Site to function properly. These cannot be disabled and do not track your browsing activity across other websites.
• Analytics Cookies — Used by Google Analytics 4 to collect anonymous, aggregated data about how visitors use the Site. These cookies help us understand which pages are visited most, how users navigate the Site, and where technical issues may exist.

5.2 Google Analytics 4

We use Google Analytics 4 (GA4) to analyze Site traffic and usage patterns. GA4 uses first-party cookies and collects data in an anonymized format. We have configured GA4 with the following privacy-protective settings:

• IP anonymization is enabled by default in GA4
• We do not enable Google Signals (cross-device tracking)
• We do not enable User-ID tracking
• Data retention is set to the minimum necessary period
• We do not share analytics data with Google for advertising purposes

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

5.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies, accept only first-party cookies, or delete cookies when you close your browser. Note that disabling cookies may affect the functionality of the Site.

We may share your information only in the following limited circumstances:

• Service Providers — We use trusted third-party services to operate our Site (see Section 7). These providers are contractually bound to use your data only as necessary to provide their services to us and are required to maintain appropriate security measures.
• Legal Requirements — We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers — In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via the Site of any such change in ownership or use of your personal information.
• With Your Consent — We may share information with third parties when you have provided explicit consent to do so.

We do not sell, rent, or lease your personal information to third parties.

Our Site integrates with the following third-party services:

• Google Analytics 4 — Website analytics and usage tracking. Google Privacy Policy.
• Self-Hosted Fonts — The Syne and Instrument Sans typefaces used on this Site are self-hosted on our own infrastructure. No third-party font services are used, and no data is transmitted to external font providers when you visit the Site.
• Supabase — Backend services for contact form processing and email delivery. Supabase Privacy Policy.
• Cloudflare — Website hosting, content delivery, and security (DDoS protection). Cloudflare Privacy Policy.

Each of these services operates under their own privacy policies. We encourage you to review their policies to understand how they handle your data.

8.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

• TLS/HTTPS encryption for all data transmitted between your browser and our servers
• Encrypted email communications for sensitive correspondence
• Access controls limiting personal data access to authorized personnel on a need-to-know basis
• Regular security reviews and vulnerability assessments of our infrastructure
• Secure, access-controlled hosting infrastructure via Cloudflare

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

8.2 International Data Transfers

Our Site is hosted in the United States. If you access the Site from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those of your country of residence.

For individuals in the EEA, UK, or Switzerland, we ensure that international data transfers are conducted in compliance with applicable data protection laws, using appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission where required.

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy:

• Contact form submissions — Retained for up to 24 months after the last interaction, unless an ongoing client relationship exists.
• Client engagement data — Retained for the duration of the engagement plus 5 years, or as required by applicable law, tax, or contractual obligations.
• Email correspondence — Retained for as long as reasonably necessary for business purposes, typically up to 3 years after the last communication.
• Analytics data — Google Analytics data is retained according to our configured retention settings (14 months maximum).
• ROI report emails — Email addresses submitted for ROI reports are retained for up to 12 months.

When personal information is no longer needed, we securely delete or anonymize it. You may request deletion of your data at any time (see Section 10).

10.1 Rights for All Users

Regardless of your location, you have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request that we correct inaccurate or incomplete personal data.
• Deletion — Request that we delete your personal data, subject to legal retention requirements.
• Opt-Out — Opt out of marketing communications at any time by following the unsubscribe instructions in any marketing email or by contacting us directly.

10.2 Additional Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you additionally have the right to:

• Restriction of Processing — Request that we restrict the processing of your personal data in certain circumstances.
• Data Portability — Receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
• Object to Processing — Object to processing of your personal data based on legitimate interests, including profiling.
• Withdraw Consent — Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
• Lodge a Complaint — File a complaint with your local data protection supervisory authority if you believe your rights have been violated.

10.3 California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to Know — You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete — You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct — You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing — You have the right to opt out of the sale or sharing of your personal information. We do not sell or share your personal information as defined under CCPA/CPRA.
• Right to Limit Use of Sensitive Personal Information — You may limit the use of sensitive personal information. We do not collect sensitive personal information as defined under CCPA/CPRA through the Site.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, provide a different quality of service, or suggest any of these as a consequence of exercising your rights.

Categories of Personal Information Collected (preceding 12 months): Identifiers (name, email address, IP address); Internet or electronic network activity information (browsing history on the Site, interactions with the Site); Professional or employment-related information (company name, job title).

Do Not Sell or Share My Personal Information: Strategia-X does not sell or share personal information as those terms are defined under CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months.

To submit a verifiable consumer request under CCPA/CPRA, contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days.

10.4 Other State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and opt out of certain processing of personal data. To exercise any applicable rights under your state's privacy law, contact us at [email protected].

10.5 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at [email protected] with the subject line "Privacy Rights Request." We will respond to all verified requests within 30 days (or 45 days for CCPA requests). If we need additional time, we will notify you of the extension and the reason. We may request additional information to verify your identity before processing your request.

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to DNT signals. However, you can control tracking through browser cookie settings and the Google Analytics opt-out tool referenced in Section 5.

Our Site and services are intended for business professionals and are not directed at children under the age of 16 (or under 13 in jurisdictions where that is the applicable age threshold). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take prompt steps to delete that information. If you believe a child has provided us with personal information, please contact us at [email protected].

The Site may contain links to third-party websites, services, or resources that are not operated by us. We are not responsible for the privacy practices, content, or security of these third-party sites. We encourage you to review the privacy policies of any third-party site you visit. A link from our Site does not constitute an endorsement of that site's privacy practices.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Post the revised Policy on the Site
• For material changes that significantly affect how we handle personal information, we will make reasonable efforts to provide additional notice (such as a prominent notice on the Site)

Your continued use of the Site after any changes to this Policy constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Strategia-X
Email: [email protected]
Website: strategia-x.com

We aim to respond to all privacy-related inquiries within 10 business days.