Data Connections & Security
Overview
StratEngine allows you to connect your cloud storage providers for two purposes:
1. Import - Search your proprietary documents alongside web research
2. Export - Save analysis results directly to your cloud storage
This document explains how your data is handled, stored, and protected at every step.
---
How Your Data Stays Secure
We Never Permanently Store Your Files
When you connect a storage provider for import (like Google Drive), we:
1. Sync your files through our secure data pipeline
2. Parse documents locally to extract text content
3. Convert that text into numerical representations (embeddings) for search
4. Store only these search-optimized representations in our database
Your original files are only temporarily cached during processing (less than 8 hours), then deleted. We retain only the searchable index.
Minimal Permissions
We request only the permissions needed for your selected use case:
What You Want | What We Request |
|---|---|
Import documents for AI search | Read-only access |
Export results to your storage | Write access to app-created files only |
Both import and export | Both permissions (separate connections) |
For Google Drive exports, we use `drive.file` scope - this means we can only access files that StratEngine creates, not your other documents.
---
Import Connections (Proprietary Data Search)
What Happens When You Connect
1. You authenticate with your storage provider through our secure OAuth flow
2. Your files are synced to our infrastructure via an enterprise-grade data pipeline (SOC 2 Type 2, ISO 27001 certified)
3. Files are parsed locally using self-hosted document processing (no third-party access to content)
4. Text is converted to search embeddings using AI (Zero Data Retention and not used for training data)
5. When you run research queries, we search these embeddings to find relevant content
6. Relevant excerpts are included in your research reports
What We Store
Stored | Not Stored |
|---|---|
Text excerpts (for search) | Original files (deleted after processing) |
Search embeddings (numerical vectors) | Images or binary attachments |
File names and metadata | Your storage passwords |
Data Isolation
Your data is completely isolated from other organizations:
Every piece of indexed content is tagged with your organization's unique identifier
All searches are filtered to only return your organization's data
No other organization can ever access your indexed documents
All team members within your organization share access to your organization's connected data
---
Export Connections (Analysis Results)
Product Storage Breakdown
Product | What's stored in our database | Export Behavior |
|---|---|---|
VC Analysis | Nothing (with export connected) | Documents created in your storage, content cleared from our database |
Strategy Creation | Strategies, inputs, and conversation history (for editing and iteration) | Exports are one-way snapshots; changes don't sync between app and exported documents |
Why Strategy mode stores data: Strategy development is iterative—you refine inputs, have conversations, and evolve your strategy over time. We store this so you can pick up where you left off. Exported documents are point-in-time snapshots for sharing or archiving.
What Changes When You Export (VC Analyses)
Without Export | With Export |
|---|---|
Full memo content in our database | Only document URL in our database |
Full research report in our database | Only document URL in our database |
View in-app only | Open directly in Google Docs, Word, etc. |
Read-only | Full editing capabilities |
Strategy Analyses do not have changes upon export, they are moment in time snapshots.
Exporting Existing Analyses (VC Analyses)
If you've already run analyses before connecting an export destination, you can export them afterward:
1. Connect your export destination
2. Click "Export" on any existing analysis
3. Documents are created in your storage
4. The content is cleared from our database - only the link remains
This means you can start with the free tier, then upgrade to export and have your sensitive content moved to your own storage.
---
Folder Organization
When you connect an export destination, we create a clean folder structure:
Your Storage/
└── StratEngine/
└── VC/Strategy Analysis/
├── 2025-01-05 - Company A/
│ ├──Generated files
├── 2025-01-06 - Company B/
│ ├── Generated files
└── ...
Each analysis gets its own dated folder with both the investment memo and detailed research report.
Security Architecture
Authentication
OAuth 2.0 industry-standard authentication
We never see or store your storage passwords
Connections managed by enterprise-grade OAuth handling services
You can revoke access anytime from your storage provider's security settings
Database Security
Our databases are configured with enterprise-grade security:
Private network only - Databases use private IP addresses and are not accessible from the public internet
VPC isolation - All database traffic stays within our private Google Cloud network
No public endpoints - There is no public IP or URL that could be used to access the database externally
Encrypted connections - All internal database connections use TLS encryption
Import Pipeline Security
Data retention during sync: Less than 8 hours. Files are transferred directly to our Google Cloud Storage, then purged from the sync provider.
Data in Transit
All connections use TLS 1.3 encryption
No data transmitted over unencrypted channels
Data at Rest
All stored data encrypted at rest using AES-256
Database hosted on Google Cloud Platform with enterprise security
Regular security audits and monitoring
Processing
Document parsing performed locally (self-hosted, no third-party access)
Document embeddings generated using AI with Zero Data Retention
Your content is not used for model training
All processing stays within Google Cloud infrastructure
---
Privacy Summary
Your Data | Where It Lives | Who Can Access |
|---|---|---|
Original files | Your storage (temporarily cached <8 hrs during import) | Only your organization |
Search embeddings | Our database (encrypted, private network) | Only your organization |
VC analysis results (with export) | Your storage | Only your organization |
VC analysis results (without export) | Our database (encrypted, private network) | Only your organization |
Strategy inputs & results | Our database (encrypted, private network) | Only your organization |
Strategy exports | Your storage (one-way snapshot) | Only your organization |
OAuth tokens | Secure enterprise services | System only |
---
Frequently Asked Questions
Can other organizations see my data?
No. All data is tagged with your organization's unique identifier and every query is filtered to only return your organization's data. There is no way for another organization to access your documents or analysis results.
Can everyone in my organization see connected data?
Yes. Currently, all team members within your organization share access to your organization's connected storage and analysis results. Data connections and search results are shared at the organization level, not the individual user level.
What happens when I disconnect my storage?
For Import: All indexed search data for your organization is permanently deleted from our system. This includes all text excerpts, search embeddings, and metadata associated with that connection. Future searches won't include documents from that connection.
For Export: Documents already created in your storage remain there - they're yours. We simply remove the connection, and future analyses won't auto-export.
Can I use different providers for import and export?
Yes. You can import from multiple providers (search across Google Drive AND Dropbox) while exporting to a single destination (all results go to Google Drive, for example). Import and export use separate connection flows.
What happens if export fails?
If we can't save to your storage (permissions issue, quota full, etc.), the analysis fails and you're notified. We **never** silently fall back to storing sensitive content in our database when you've chosen export - that would violate your security expectations.
How do I revoke access?
You can disconnect anytime from:
1. Your StratEngine settings page
2. Your storage provider's connected apps settings (Google Account → Security → Third-party apps)
Both methods immediately revoke our access.
Is my data used to train AI models?
No. We use AI with Zero Data Retention. Your content is processed for embedding generation only and is never used to train or improve any AI models.
How long do you keep my files during import?
Files are only temporarily cached during processing. Our sync provider retains data for less than 8 hours during transfer. Once files are parsed and indexed, the originals are deleted from our infrastructure.
What certifications does your import pipeline have?
Our import pipeline uses an enterprise data integration platform that maintains:
- SOC 2 Type 2 certification
- ISO 27001 certification
Is the database accessible from the internet?
No. Our databases use private IP addresses only and are not accessible from the public internet. All database access happens through our private Google Cloud network, protected by VPC isolation and firewall rules.
---
Questions?
If you have additional questions about data security or privacy, contact us at info@stratengineai.com.