Privacy Policy

Effective March 31, 2026 12 min read

1. Introduction

Kronisys Inc. ("Kronisys," "we," "us," or "our") operates Strata, an AI-powered enterprise intelligence platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you access or use the Strata platform, our website, and related services (collectively, the "Services").

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

Enterprise customers: If your organization has provisioned your Strata account, your organization's data processing agreement governs the handling of data submitted through your account. This Privacy Policy applies to data Kronisys controls directly.

2. Data We Collect

Data you provide directly

  • Account Information: Name, email address, organization name, and role when you create a Strata account, including identifiers generated by Microsoft SSO authentication.
  • Inputs and Outputs: Natural language prompts ("Inputs") you submit to Strata and the responses, SQL queries, charts, exports, and other content generated by Strata ("Outputs").
  • Database Connection Credentials: SQL Server connection strings, server addresses, and authentication credentials you provide to connect your databases. These are encrypted at rest and in transit.
  • Feedback: Ratings, comments, bug reports, and suggestions you submit about the Services.
  • Communications: Information you provide when contacting our support team.

Data collected automatically

  • Device & Connection Data: Device type, operating system, browser type, IP address, timezone, and general location derived from your IP address.
  • Usage Data: Dates and times of access, features used, prompts submitted, models selected, integrations activated, and interaction patterns with the Services.
  • Log Data: Server logs, error reports, performance data, and diagnostic information generated during your use of the Services.
  • Cookies & Similar Technologies: We use cookies and similar technologies to manage sessions, remember preferences, and analyze usage. See our Cookie Policy for details.

Data from third-party integrations

  • Microsoft SSO: When you sign in with Microsoft, we receive your name, email, and organization identifier from Microsoft Entra ID.
  • OneDrive: File metadata and content you choose to access or save through the OneDrive integration.
  • Outlook: Email addresses, subjects, and message content you interact with through the Outlook integration.
  • Microsoft Teams: Channel information, message content, and user identifiers when you interact with the Strata Teams bot.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the Services: To operate Strata, process your prompts, generate outputs, execute SQL against your databases, and deliver exports and reports.
  • Account Management: To create, maintain, and secure your Strata account.
  • Integration Functionality: To facilitate connections between Strata and your Microsoft services (SQL Server, OneDrive, Outlook, Teams).
  • AI Model Routing: To route your prompts to the appropriate AI model (GPT-5.4, GPT-5.4 Mini, Claude Opus 4.6, Claude Sonnet 4.6, Grok 4, or Grok 4 Fast) based on your selection.
  • Service Improvement: To analyze usage patterns, debug errors, and improve the quality, performance, and reliability of the Services.
  • Safety & Compliance: To prevent fraud, abuse, and violations of our Usage Policy, and to comply with legal obligations.
  • Communications: To send you service announcements, security alerts, and administrative messages.

4. AI Model Training & Third-Party Models

Strata routes your prompts to third-party AI models provided by OpenAI, Anthropic, and xAI via Microsoft Foundry. When processing your prompts:

  • We do not use your Inputs or Outputs to train any AI models. Your prompts and their results are not used for model training by Kronisys or, pursuant to our Microsoft Foundry agreements, by our AI providers.
  • Your Inputs are transmitted to the selected AI provider via Microsoft Foundry to generate Outputs. This transmission is governed by our Foundry agreements with Microsoft, which prohibit the use of customer data for model training.
  • We may use aggregated, de-identified usage analytics to improve Strata's prompt routing, schema matching, and semantic embedding systems. This data cannot be used to identify individual users or reconstruct specific prompts.

Your data is never used for AI training. Strata accesses AI models through Microsoft Foundry, which prohibits the use of your data for training models.

5. Data Sharing & Disclosure

We disclose personal data only in the following circumstances:

  • AI Model Providers: Your Inputs are transmitted to OpenAI, Anthropic, or xAI (depending on the model you select) via Microsoft Foundry to generate Outputs. These providers process data under Microsoft Foundry agreements that restrict their use of your data.
  • Microsoft Services: When you use Microsoft integrations, data is exchanged between Strata and Microsoft's APIs in accordance with Microsoft's privacy practices and your organization's Microsoft agreements.
  • Service Providers: We engage third-party service providers for hosting (Microsoft Azure), analytics, and customer support. These providers are contractually bound to protect your data.
  • Legal Requirements: We may disclose data to comply with applicable law, legal process, or governmental requests, or to protect the rights, property, or safety of Kronisys, our users, or the public.
  • Corporate Transactions: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

Kronisys does not sell your personal data. We do not share your personal data for targeted advertising purposes.

6. Microsoft Integrations

Strata integrates with four Microsoft services. Each integration handles data as follows:

IntegrationData AccessedHow Data is Used
SQL ServerDatabase schemas, table structures, query resultsSchema discovery, SQL generation and execution, result display and export
OneDriveFile names, metadata, file contentsSearching files, reading documents, saving generated exports and reports
OutlookEmail addresses, subjects, message body, attachmentsSearching inbox, drafting and sending emails with report attachments
TeamsChannel info, message content, user identifiersProcessing prompts via the Teams bot, sharing results in channels

All Microsoft integration data is transmitted via encrypted connections using OAuth 2.0 authentication. Strata accesses only the data necessary to fulfill your specific requests and does not persistently store Microsoft integration data beyond the active session unless explicitly saving exports to OneDrive at your direction.

7. Data Retention

  • Account Data: Retained for the duration of your account plus 30 days after deletion.
  • Inputs & Outputs: Conversation history is retained for your convenience and can be deleted by you at any time. Deleted conversations are purged from our systems within 30 days.
  • Database Credentials: Encrypted connection strings are retained while your database connection is active. You may disconnect and delete credentials at any time.
  • Usage Analytics: Aggregated, de-identified analytics may be retained indefinitely for service improvement.
  • Safety & Compliance: Data flagged for safety review or required by law may be retained for up to 3 years.

8. Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Database credentials receive additional application-layer encryption.
  • Infrastructure: Strata is hosted on Microsoft Azure with enterprise-grade security controls, including network isolation, DDoS protection, and continuous monitoring.
  • Access Controls: Employee access to production systems follows the principle of least privilege. All access is logged and audited.
  • Authentication: Strata uses Microsoft SSO (Entra ID) for authentication, inheriting your organization's multi-factor authentication and conditional access policies.
  • Incident Response: We maintain an incident response plan and will notify affected users and relevant authorities of any data breach in accordance with applicable law.

9. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention obligations. You may also delete individual conversations directly within Strata.
  • Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to processing of your personal data for certain purposes.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@kronisys.com. We will respond within 30 days of receiving your request.

10. International Data Transfers

Your data may be processed in the United States and other countries where Kronisys, its affiliates, or service providers operate. When transferring data outside the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses approved by the European Commission
  • Other legally recognized transfer mechanisms

11. Children

Strata is an enterprise product not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child under 18 has provided personal data to us, please contact us at privacy@kronisys.com and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective" date at the top of this page and, where required, by providing additional notice (such as via email or an in-product notification). We encourage you to review this page periodically.

13. Contact Information

If you have questions about this Privacy Policy, or wish to exercise your privacy rights, you can reach us at: