Security is built into the product — not bolted on.
The AI proposes. It never writes to your systems.
Stratyfix ingests real sales-call recordings — audio and video — and read-only CRM data to coach your reps. This page is the straight answer to where that data goes, who processes it, whether it trains models, and how the AI is governed. Written for your security and procurement teams to read in isolation.

↳ REQUEST THE SOC 2 REPORT & SECURITY WHITEPAPER UNDER NDA — security@stratyfix.com
Three classes of data are processed. The highest-sensitivity item — recorded video — is called out explicitly, and how your data is used is governed by your DPA.
From training role-plays and real, consented customer calls.
The rep's camera during role-plays and uploaded call recordings — used for the non-verbal read (§05).
Used to ground coaching. We read from your CRM; we never write back.
YOUR DATA IS YOURS — ENCRYPTED IN TRANSIT AND AT REST, ISOLATED TO YOUR ACCOUNT, AND NEVER SOLD. HOW WE USE IT TO IMPROVE STRATYFIX IS SET OUT IN YOUR DPA, WITH DELETION AVAILABLE ON REQUEST. FULL SUBPROCESSOR LIST IN THE SECURITY PACKAGE.
The categories of external processing your data passes through — what each touches, where it runs, and whether it trains on your data. The named subprocessor list, with each vendor's DPA and region, is shared under NDA in the security package; we notify you of any change.
Recorded video is analyzed for the rep's delivery — facial expression, posture, eye contact and energy. Only the salesperson is read; the AI buyer/avatar is ignored. The non-verbal read runs on our video-analysis subprocessor under enterprise terms that prohibit training on your data.
- Camera off → it analyzes nothing, and says so. It never invents body language it can't see.
- Purpose-limited to coaching the rep; not used for surveillance, hiring, or termination decisions.
- Consent-gated capture, by jurisdiction, before any recording.
Facial & non-verbal analysis may constitute biometric / special-category data under GDPR Art. 9 and BIPA-style laws, and we treat it accordingly. Capture is consent-gated and the camera-off path is fully supported — the specific consent mechanism and legal classification are confirmed with your legal team at onboarding.
- Data Processing Agreement (DPA) — available on request.
- BAA available where applicable.
- Audio & video recording-consent compliance, by jurisdiction. Biometric-consent language per §04 legal review.
- Uptime target 99.9% · status page.
- Documented incident-response process.
- Breach-notification commitment per the window committed in your DPA.
- Penetration testing on a regular cadence; details shared under NDA.
- Responsible-disclosure policy.
- security@stratyfix.com