Privacy Policy

June 15, 2026

This Privacy Policy explains how Streya Technologies Inc. (“Streya”, “We”, “Us” or “Our”) collects, uses, and protects information when You use the Streya platform and website (the “Service”).

Streya is an AI analyst for business data. You connect Streya to your data warehouse, and the people in your organization ask questions in plain language and get decision-ready answers grounded in your own validated metrics. Understanding how the Service works is important to understanding this Policy, so we draw a clear line between two kinds of information:

  • Account and Usage Data — information about the individuals who sign in to and use Streya (names, emails, activity). For this information, Streya is the controller.
  • Customer Data — the business data in your data warehouse that Streya queries on your behalf to answer your questions. For this information, your organization is the controller and Streya acts only as a processor, following your instructions under our customer agreement and Data Processing Addendum.

The way Streya handles each is different, and both are described below.

Interpretation and Definitions

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access the Service.
  • Company / We / Us / Our refers to Streya Technologies Inc., 6570 Av. de l’Esplanade, Montréal, QC, Canada, H2V 4L5.
  • Controller means the party that determines the purposes and means of processing personal information.
  • Customer means the organization that subscribes to the Service.
  • Customer Data means the data in a Customer’s data warehouse, together with the semantic model and the conversations and dashboards created in a workspace. This is data that belongs to the Customer and that Streya processes on the Customer’s behalf.
  • Data Processing Addendum (DPA) means the agreement governing Streya’s processing of Customer Data on behalf of the Customer.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Processor means a party that processes personal information on behalf of, and on the instructions of, a Controller.
  • Service refers to the Streya platform and website.
  • Sub-processor means a third party engaged by Streya to process data in connection with the Service.
  • Usage Data refers to data collected automatically from use of the Service (for example, the pages visited and the time spent on them).
  • Warehouse means the data warehouse (such as Google BigQuery or Snowflake) that a Customer connects to the Service.
  • You means the individual accessing or using the Service, or the organization on whose behalf such an individual is acting.

Account and Usage Data (Streya as Controller)

Personal Data We Collect

When You create an account and use the Service, we collect:

  • Account information — your name and email address, and the organization and workspaces you belong to.
  • Authentication data — we use Clerk to authenticate users. If you sign in through a single sign-on provider (for example, Google or Microsoft), we receive the basic profile information needed to create and secure your account.
  • Usage Data — information collected automatically, such as your IP address, browser type and version, the pages of the Service you visit, the date and time of your visits, and diagnostic data used to operate and improve the Service.

Streya is a web application. We do not operate a mobile app and do not collect mobile device identifiers.

How We Use Account and Usage Data

We use this Personal Data to:

  • Provide and maintain the Service, including authenticating you, securing your account, and monitoring availability and performance.
  • Manage your Account and your access to workspaces.
  • Communicate with you about your account, security, service updates, and support requests.
  • Improve the Service by understanding how it is used.
  • Comply with our legal obligations and enforce our agreements.

We do not sell your Personal Data, and we do not use it for third-party advertising.

Customer Data (Streya as Processor)

This is the part of the Service that most likely involves the business data — and any personal information about your own customers or employees — that lives in your warehouse. How Streya handles it:

  • Streya queries your warehouse live; it does not copy or store your warehouse data. The Service connects to your warehouse with read-only access and runs queries when an answer is needed. It never writes to your warehouse, and it does not ingest or warehouse your data.
  • What we do store is limited to: your encrypted connection credentials (held in a dedicated secrets manager), the semantic model (your metric and dataset definitions), and the conversations and dashboards created in your workspace, which may include query results returned by your warehouse.
  • You control what Streya can see. Through access policies, your administrators can restrict columns and rows and mask sensitive values — including masking personal or sensitive fields from the AI agent so it can reason over the shape of your data without ever reading raw personal details.
  • We process Customer Data only on your instructions, for the purpose of providing the Service, as set out in your customer agreement and DPA. We do not use Customer Data for our own purposes, and we do not sell it.

Because your organization is the controller of Customer Data, requests from individuals to access or delete their personal information within that data should be directed to the relevant Customer. Streya will assist Customers in responding to such requests as described in the DPA.

Artificial Intelligence and Your Data

The Streya agent is powered by large language models provided by Anthropic (Claude). To answer a question, Streya may send the agent your question text, relevant semantic-model metadata (such as table, dimension, and measure definitions), and query results returned by your warehouse.

  • Your data is not used to train AI models. Under Anthropic’s Commercial Terms of Service — which govern Streya’s API use — Anthropic does not train its models on inputs or outputs submitted through its API, and a Data Processing Addendum with Anthropic is included as part of those terms. Streya does not use Customer Data to train any models.
  • Sensitive fields can be hidden from the agent. As described above, administrators can mask personal or sensitive columns from the agent.
  • Any AI processing involving Customer Data is performed for the sole purpose of generating answers within your workspace.

How We Share Information

We share information only as needed to operate the Service:

  • With Sub-processors that help us deliver the Service. Our current Sub-processors are:
    • Amazon Web Services (AWS) — cloud hosting (Canada Central region, ca-central-1) and the secrets manager that stores encrypted warehouse credentials.
    • Anthropic — the large language models that power the Streya agent.
    • Clerk — user authentication.
  • For legal reasons — when required by law or valid request from a public authority, or to protect the rights, safety, and property of Streya, our Customers, or others.
  • In a business transfer — if Streya is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will notify you before your Personal Data becomes subject to a different privacy policy.

A current list of Sub-processors is maintained in our Security Policy and is available to Customers on request. We notify Customers in advance of material changes to our Sub-processors as described in the DPA.

Data Residency and Transfers

The Service is hosted on AWS in the Canada Central region (ca-central-1), so the data Streya stores on your behalf resides in Canada. Some Sub-processors may process limited data outside Canada — in particular, requests to the Anthropic API used to power the agent. Where information is transferred across borders, we take steps to ensure it is protected in accordance with this Policy and applicable law, including appropriate contractual safeguards with our Sub-processors.

Data Retention

  • Account and Usage Data is retained for as long as your account is active and as needed to provide the Service, and thereafter as required to meet our legal obligations, resolve disputes, and enforce our agreements.
  • Customer Data (credentials, semantic model, conversations, and dashboards) is retained for the duration of the customer relationship and deleted in accordance with the DPA. Customers may request deletion of a connection’s data and its associated semantic model, conversations, and dashboards; we remove it from active systems and backups within legally permissible timelines.

Your Privacy Rights

Depending on where you live, you may have the right to access, correct, update, or delete your Personal Data, to receive a copy of it (portability), to withdraw consent, and to object to or restrict certain processing. To exercise these rights, contact us using the details below. You also have the right to lodge a complaint with your data protection authority — in Québec, the Commission d’accès à l’information (CAI).

For Personal Data contained within Customer Data, please contact the relevant Customer (the controller of that data).

Security

We take the security of your information seriously. Our technical and organizational measures — including encryption in transit and at rest, access controls, and monitoring — are described in our Security Policy. No method of transmission or storage is completely secure, but we use commercially reasonable means to protect your information.

Children’s Privacy

The Service is intended for business use and is not directed to children. We do not knowingly collect Personal Data from children. If you believe a child has provided us with Personal Data, please contact us and we will take steps to delete it.

The Service may contain links to websites we do not operate. We are not responsible for the privacy practices of those sites and encourage you to review their policies.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated Policy on this page, update the date above, and, where appropriate, notify you by email or a notice within the Service before the change takes effect.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, you can contact our Privacy Officer:

  • Matthew Bélair, CEO and Person in Charge of the Protection of Personal Information
  • By email: matthew@streya.app