Stratisk Policy

Privacy Policy, Data Use & Engineering Decision-Support Notice

This notice explains how Stratisk collects, uses, protects, and shares information, and how the platform should be used in municipal infrastructure planning workflows.

Effective Date: May 9, 2026 Applies to: Website, Demo, APIs, and Stratisk Services
Plain-language summary: Stratisk is designed to help municipalities organize infrastructure data, evaluate risk, preserve institutional memory, and support defensible capital planning. Stratisk does not replace engineering judgment, does not certify infrastructure safety, and does not make final capital, design, permitting, inspection, or public safety decisions.

1. Scope of This Notice

This Privacy Policy, Data Use & Engineering Decision-Support Notice applies to Stratisk websites, demos, application interfaces, data-processing tools, and related services, collectively referred to as the “Services.”

In this notice, “Stratisk,” “we,” “us,” and “our” refer to the operator of the Stratisk platform. “Customer” refers to a municipality, public agency, organization, or other entity that uses Stratisk. “User” refers to an individual who accesses the Services through an account, access code, invitation, demo, or authorized municipal workspace.

If a separate written agreement, subscription agreement, data processing agreement, professional services agreement, or municipal contract applies, that agreement may contain additional or different terms governing the use of Stratisk.

2. Information We Collect

Stratisk may collect the following categories of information, depending on how the Services are configured and used.

Account and user information

We may collect names, email addresses, phone numbers, organization names, job titles, user roles, login credentials, authentication identifiers, entity assignments, access code usage, and account status information.

Municipal, asset, GIS, and planning data

Customers and authorized users may provide or connect data such as GIS layers, infrastructure asset inventories, inspection records, condition ratings, work orders, incident history, maintenance records, storm-event records, service areas, environmental context, location data, photos, documents, sensor inputs, and related metadata.

Usage, audit, and technical information

We may collect log data, audit events, IP addresses, browser and device information, pages viewed, feature usage, API requests, login events, access code activity, administrative changes, uploaded file metadata, map interactions, and error diagnostics.

Communications

We may collect information users provide when contacting us, requesting access, submitting support requests, participating in demos, providing feedback, or communicating with Stratisk.

Billing and subscription information

If billing features are enabled, we may collect subscription, plan, invoice, payment status, billing contact, and entitlement information. Payment processing may be handled by third-party payment processors, and Stratisk should not store full payment card numbers unless expressly implemented through a compliant payment processor.

3. How We Use Information

Stratisk may use information to:

  • Provide, operate, and maintain the Services.
  • Authenticate users and manage account access.
  • Apply entity-scoped roles, permissions, and access controls.
  • Connect and process municipal data sources authorized by the Customer.
  • Generate risk, prioritization, uncertainty, and planning-support views.
  • Support asset management, inspection, incident, and maintenance workflows.
  • Maintain audit logs and system integrity.
  • Provide customer support and respond to requests.
  • Improve platform performance, reliability, usability, and security.
  • Monitor for misuse, unauthorized access, fraud, abuse, or security threats.
  • Comply with legal, contractual, regulatory, public records, or governmental obligations.
  • Prepare aggregated or de-identified analytics that do not identify a specific person, Customer, or sensitive asset location.

Stratisk does not sell personal information. Stratisk does not use municipal infrastructure data for third-party advertising.

4. Municipal and Infrastructure Data

Municipal infrastructure data may include sensitive operational, planning, geospatial, asset, or public works information. Stratisk is designed to support controlled access to that information through account permissions, entity scopes, user roles, visibility settings, and audit logging.

Customer ownership and control

As between Stratisk and the Customer, the Customer retains ownership of the municipal data, infrastructure records, GIS layers, work orders, inspections, incident records, asset inventories, and related content it provides or connects. Stratisk receives a limited right to process that information only as needed to provide the Services, support the Customer, secure the platform, and comply with applicable obligations.

Public records and disclosure obligations

Customers that are public agencies may be subject to public records, freedom of information, retention, procurement, cybersecurity, or other legal obligations. Stratisk does not determine whether Customer data is subject to public disclosure. The Customer is responsible for evaluating and responding to public records requests, legal holds, subpoenas, discovery obligations, and similar requests unless otherwise agreed in writing.

Sensitive infrastructure information

Stratisk should not be used to publicly disclose sensitive infrastructure, security, emergency response, or vulnerability information unless the Customer has authorized that disclosure and determined that disclosure is lawful and appropriate.

5. Engineering Decision-Support Notice

Stratisk is a decision-support platform for infrastructure capital planning. It is intended to help organize data, surface risk indicators, identify uncertainty, preserve institutional memory, and support prioritization workflows. Stratisk is not intended to replace engineering judgment or the responsibilities of qualified municipal staff, licensed professional engineers, inspectors, consultants, contractors, emergency managers, or public officials.

No professional engineering services unless separately agreed

Unless expressly stated in a separate written agreement and performed under appropriate professional licensure, Stratisk does not provide professional engineering services, engineering design, sealed drawings, engineering certification, permitting approval, construction documents, public safety determinations, inspection certifications, or code-compliance determinations.

Outputs require professional review

Risk scores, prioritization rankings, budget scenarios, map overlays, asset flags, data completeness indicators, and recommendations generated by Stratisk are informational and planning-support outputs. They should be reviewed by qualified personnel before being used to support funding decisions, design decisions, maintenance actions, emergency response, procurement, regulatory submissions, or public communications.

Data quality affects results

Stratisk outputs depend on the availability, accuracy, completeness, timeliness, configuration, and interpretation of data provided by Customers, users, third-party systems, public datasets, GIS layers, work order systems, inspections, sensors, and other sources. Incomplete, outdated, inconsistent, or inaccurate data may affect platform results.

No guarantee of risk elimination

Stratisk does not guarantee that all infrastructure defects, failures, hazards, future incidents, downstream impacts, budget needs, or public safety risks will be identified, prevented, predicted, or resolved. Stratisk is one input into a broader professional and governmental decision-making process.

Emergency and life-safety uses

Stratisk should not be used as the sole source for emergency response, evacuation, real-time public safety decisions, structural safety determinations, flood rescue, utility isolation, or other urgent life-safety actions. Users should follow applicable emergency procedures, professional standards, legal requirements, and instructions from responsible authorities.

6. How We Share Information

Stratisk may share information in the following limited circumstances:

  • With authorized users. Information may be visible to users within the same authorized entity, role, organization, or sharing scope.
  • With service providers. We may use vendors for hosting, storage, security, authentication, analytics, communications, support, payment processing, mapping, data processing, and infrastructure operations.
  • With Customer-authorized integrations. If a Customer connects ArcGIS, work order software, asset systems, sensors, cloud storage, or other third-party tools, information may be exchanged with those systems according to the Customer’s configuration and the third party’s terms.
  • For legal and safety reasons. We may disclose information when required by law, legal process, governmental request, public records obligations, contract requirements, security investigations, or to protect rights, safety, property, or platform integrity.
  • In a business transaction. Information may be transferred as part of a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, subject to appropriate confidentiality protections.
  • With consent. We may share information when the Customer or user directs us to do so.

Stratisk does not sell municipal infrastructure data or personal information.

7. Security

Stratisk uses reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards may include access controls, authentication, role-based permissions, audit logging, encryption in transit, secure hosting, backups, monitoring, and internal access restrictions.

No system can be guaranteed to be completely secure. Customers and users are responsible for maintaining secure credentials, limiting access to authorized personnel, promptly revoking access when users change roles or leave an organization, and notifying Stratisk of suspected unauthorized access.

If Stratisk becomes aware of a security incident affecting Customer data or user information, we will take reasonable steps to investigate, contain, remediate, and notify affected Customers or users as required by applicable law or contract.

8. Data Retention and Deletion

Stratisk retains information for as long as reasonably necessary to provide the Services, maintain accounts, support Customer operations, comply with legal or contractual obligations, resolve disputes, enforce agreements, maintain audit records, improve security, and preserve business records.

Customers may request deletion, export, correction, or return of Customer data, subject to applicable contracts, retention requirements, backup practices, audit logs, legal holds, public records obligations, and technical limitations.

Some information may remain in backups, logs, or archived records for a limited period after deletion from active systems. Where appropriate, Stratisk may retain aggregated or de-identified information that does not identify a specific user, Customer, or sensitive infrastructure asset.

9. User Rights and Choices

Users may request access to, correction of, export of, or deletion of personal information by contacting their organization administrator or Stratisk. Because many Stratisk accounts are controlled by municipal Customers, certain requests may need to be handled by the Customer that manages the user’s account.

Depending on where a user lives and the laws that apply, users may have additional rights regarding access, correction, deletion, portability, objection, restriction, consent withdrawal, or appeal. Stratisk will respond to applicable requests as required by law and may need to verify identity before completing a request.

Users may choose not to provide certain information, but doing so may limit access to the Services or prevent use of certain features.

10. Cookies, Sessions, and Authentication

Stratisk may use cookies, session storage, anti-forgery tokens, authentication cookies, and similar technologies to keep users logged in, secure accounts, remember preferences, prevent fraud, measure performance, and operate the Services.

Users can control cookies through browser settings. Blocking required cookies may prevent login, account management, or secure portal features from working correctly.

11. Third-Party Integrations

Stratisk may connect with third-party systems selected or authorized by the Customer, such as ArcGIS, work order software, asset management platforms, cloud storage, email providers, data warehouses, environmental datasets, sensor systems, analytics tools, and payment providers.

Third-party systems may collect, process, store, or transmit information according to their own terms, privacy policies, security practices, and Customer configurations. Stratisk is not responsible for third-party systems that are not controlled by Stratisk.

12. Children’s Privacy

Stratisk is intended for municipal, professional, organizational, and governmental use. It is not directed to children, and we do not knowingly collect personal information from children through the Services.

13. Changes to This Notice

Stratisk may update this notice from time to time to reflect changes in the Services, data practices, security practices, legal requirements, or business operations. The updated notice will be posted with a revised effective date. Continued use of the Services after an updated notice is posted means the updated notice applies to future use of the Services.

14. Contact

Questions about this notice, privacy practices, data handling, or account requests may be directed to:

Stratisk Privacy Contact Email: privacy@stratisk.com Mailing Address: [Add business mailing address before launch]