Stratos Academy · Privacy Policy

Privacy Policy

Last updated: 2026-05-09

1. Who we are

Stratos Academy is a clinical-grade exam preparation platform operated by Stratos Technologies LLC, a Virginia limited liability company. This privacy policy explains how we collect, use, and protect personal information when you use exams.stratostech.ai or related services.

2. What we collect

Account data — email address, name (optional), tier (Starter / Pro / Elite), billing status. Stored in Cloudflare KV. We assign each member an immutable internal ID (member_id) so you can change your email without losing your records.
Payment data — handled exclusively by Stripe (PCI-DSS Level 1 compliant). We never see or store your card number, CVV, or bank details. We receive only an anonymous Stripe customer ID and a charge confirmation.
Activity data — pages visited, exam attempts (score, time, protocol, version), magic-link sign-in timestamps, IP address, country, user agent. Used to improve your experience and to flag account abuse. Logged to Cloudflare KV with a 365-day retention.
Technical data — Cloudflare collects standard request logs (IP, ASN, TLS version) for security and DDoS protection.

3. How we use it

To deliver the service you paid for (auth, exam content, score tracking).
To send transactional email — sign-in links, welcome messages, billing receipts. Sent via Resend. We do not send marketing email without your explicit opt-in.
To improve the platform — anonymized aggregate analytics on which protocols and lessons are most used.
To enforce our Terms (e.g., flagging account sharing).

4. Who we share it with

We share the minimum necessary data with:

Stripe — payment processing.
Resend — transactional email delivery.
Cloudflare — hosting, CDN, edge compute, KV storage. All data resides in Cloudflare's global network.
Google Translate — only if you opt in to a non-English UI language. Page content is translated client-side in your browser; we do not send your data to Google ourselves.

We do not sell, rent, or trade your personal data. We do not use third-party advertising networks. There are no behavioral tracking cookies on this site.

5. How long we keep it

Account data: as long as your account is active. After cancellation, retained for 90 days for billing-dispute support, then deleted.
Payment data: retained per Stripe's policies. We retain the Stripe customer ID for the same 90-day window.
Activity events: 365 days.
Exam attempts: 3 years (so you can review your trajectory across years of credentialing).

6. Your rights

Under GDPR (EU), CCPA (California), and similar regimes, you have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your account (and most associated data).
Export your exam history and account data.
Withdraw consent for non-essential processing.

To exercise any of these rights, email [email protected]. We respond within 30 days.

7. Children

Stratos Academy is not directed at children under 16. We do not knowingly collect data from minors. If you are under 16, do not create an account.

8. Security

All traffic is HTTPS-only with TLS 1.3. Sessions use httpOnly + Secure + SameSite=Lax cookies. Auth uses one-time magic links — we never store passwords. Payment processing is delegated to Stripe. We use Cloudflare's DDoS mitigation and bot defense at the edge.

9. Changes to this policy

If we make material changes to this policy, we'll email active members and post a notice at the top of this page for 30 days.

10. Contact

Questions? Email [email protected] — Michael reads every message personally.