The short version. We process no Customer Data. Your prompts, documents, and AI-generated responses never leave your device. The only personal data we collect is what you give us directly when you sign up for an account or contact us — your email and your name.
This Privacy Policy describes how StriveTech AI Limited ("we", "us", "our") handles personal data in connection with the Strive Private AI desktop application, our website at striveprivate.ai, and related services (collectively, the "Service").
Registered office: 4500 Parkway, Solent Business Park, Whiteley, Fareham PO15 7AZ, United Kingdom
Contact: info@strivetech-ai.com
ICO registration: Pending — will be published here once issued
We are the data controller for any personal data described in section 3 below. We are not the data controller for any data you process using the Strive Private AI application (see section 2).
Strive Private AI is an entirely on-device application. We have no technical means to access, retrieve, or recover any of the following:
Together, the categories above are referred to in our Terms of Service as "Customer Data." Customer Data is processed exclusively on your device, under your sole control. Even at your request, we cannot retrieve Customer Data — there is no copy of it on our infrastructure.
Because we do not process Customer Data, we are not a data processor in respect of it under UK GDPR Article 28. No Data Processing Agreement (DPA) is required for Customer Data — we cannot reasonably offer the contractual commitments of a DPA in respect of data we never see.
Why this matters. If you are an enterprise procurement reviewer, the most common compliance question — "where is our data going?" — has the simplest possible answer for Strive Private AI: nowhere it isn't already.
When you create an account, request information, or otherwise interact with us, we collect the following limited personal data:
| Data | Source | Required? | Why |
|---|---|---|---|
| Email address | You provide it | Yes | Account identification, password reset, transactional emails (license keys, security notices) |
| Name | You provide it | Optional | Personalisation in emails and the portal interface |
| Company name & role | You provide it | Optional | Sales context, lead qualification |
| Password (hashed) | You set it | Yes | Authentication. We never store plain-text passwords or have visibility of them. |
| IP address | Auto-logged | Yes | Security, fraud prevention, rate limiting |
| Browser & device info | Auto-logged | Yes | Security, session management, debugging |
| Sign-up & login timestamps | Auto-logged | Yes | Account management, security audit |
| Marketing preference | You choose at sign-up | Optional | To send (or not send) product update emails |
Under UK GDPR Article 6, we rely on the following lawful bases:
Transactional emails (e.g. confirming a license, notifying you of security incidents that affect your account) are sent regardless of marketing preference because they are necessary to perform the contract.
We use the following third-party providers to operate the Service. Each is contractually bound to UK GDPR-compliant data handling, and each is, where applicable, certified under SOC 2 and/or ISO 27001.
| Provider | Purpose | Data processed | Location |
|---|---|---|---|
| Clerk, Inc. | Authentication, user account management | Email, name, password hash, IP, session data | USA (SCCs in place) |
| HubSpot, Inc. | CRM, marketing communications | Email, name, company, lead activity | USA / EU (SCCs in place) |
| Vercel, Inc. | Website hosting, edge functions | IP, request logs (no PII content) | Global edge network (SCCs in place) |
| Microsoft 365 | Email (inbound & outbound) | Email content of correspondence with us | UK / EU |
For transfers outside the UK and EEA, we rely on the UK International Data Transfer Agreement (IDTA) or the European Commission's Standard Contractual Clauses (SCCs), supplemented by the technical and organisational measures published by each provider.
Our website uses a small number of cookies, all of which are strictly necessary for the Service to function:
We do not use analytics, advertising, or tracking cookies. There is no Google Analytics, no Meta Pixel, no third-party advertising network, no behavioural ad targeting. You may block cookies in your browser settings; this will prevent you from logging in but will not otherwise impair the website.
You have the following rights in respect of personal data we hold about you:
To exercise any of these rights, email info@strivetech-ai.com with the subject "Privacy request." We respond within 30 days as required by law.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
We implement industry-standard technical and organisational measures:
For the security of the Strive Private AI application itself (the on-device software), see our Security & Compliance page.
Some of our sub-processors (Clerk, HubSpot, Vercel) are located in the United States. Personal data transferred outside the UK is protected by:
Each sub-processor also publishes its own technical safeguards (encryption, access controls, etc.) which supplement the contractual protection.
The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this Privacy Policy from time to time. Material changes — anything that meaningfully expands what we collect or how we use it — will be communicated to registered users by email at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.
For any privacy enquiry, data subject request, or to report a concern: