Privacy Policy
StrategyWorks is committed to protecting your personal data and being transparent about how we use it. This policy explains what we collect, why we collect it, and what rights you have in relation to it. It applies to all users of this website and of the StrategyWorks platform.
1. Who we are
StrategyWorks is operated by Shapecast Ltd, a company registered in England and Wales (Company No. [registered number]), with a registered office at [registered address].
Shapecast Ltd is the data controller for personal data collected through this website and the StrategyWorks platform. For data processed on behalf of our customers within their StrategyWorks accounts, Shapecast Ltd acts as a data processor and our customers are the data controllers.
If you have questions about this policy or our data practices, contact us at privacy@strategyworks.io.
2. What we collect
Information you give us
- Name and job title when you fill in a contact or demo request form
- Business email address and organisation name
- Account credentials when you register for the platform
- Content you enter into the platform (strategies, OKRs, plans, notes)
- Communications you send us by email or through the platform
Information collected automatically
- IP address and browser type when you visit this website
- Pages visited and time spent on the site
- Referring URL (the page that brought you here)
- Device and operating system information
- Log data from platform usage (feature interactions, timestamps)
Information from third parties
If you connect a third-party service (such as Microsoft 365 or Google Workspace) to your StrategyWorks account, we may receive information from that service as necessary to enable the integration.
3. How we use your data
| Purpose | What data |
|---|---|
| Providing and maintaining the platform | Account data, platform content, usage logs |
| Responding to demo requests and enquiries | Name, email, organisation, message |
| Sending product updates and relevant communications | Email address (where you have opted in) |
| Billing and account management | Name, organisation, payment details (handled via our payment processor) |
| Improving the platform and website | Aggregated, anonymised usage data |
| Security monitoring and fraud prevention | IP addresses, login data, usage patterns |
| Complying with legal obligations | As required by applicable law |
We do not sell your personal data to third parties. We do not use it for automated decision-making or profiling that produces legal or significant effects.
4. Lawful basis for processing
Under UK GDPR we rely on the following lawful bases:
- Contract. Processing necessary to provide the StrategyWorks service under our agreement with you.
- Legitimate interests. Improving our product, securing our systems, and communicating about services you might find useful. We have assessed that these interests are not overridden by your rights.
- Consent. Where we send marketing communications. You can withdraw consent at any time.
- Legal obligation. Where we are required to process data to comply with applicable law.
5. Sharing your data
We share personal data only where necessary, and only with:
- Service providers acting as processors on our behalf - including cloud infrastructure, payment processing, and email delivery. All are bound by data processing agreements.
- Professional advisors (lawyers, accountants, auditors) where required.
- Regulators and authorities where we are legally required to disclose information.
- A successor organisation if StrategyWorks is acquired or merged, subject to equivalent protections being maintained.
We do not share data with advertisers or data brokers.
6. How long we keep it
We keep personal data only as long as necessary for the purposes described in this policy.
- Active accounts: Data is retained for the duration of your subscription.
- Closed accounts: Platform data is deleted within 90 days of account closure, unless you request earlier deletion or we are required to retain it by law.
- Enquiries and demo requests: Retained for up to 2 years unless a business relationship develops.
- Marketing contact records: Until you unsubscribe or ask us to remove you.
- Legal and financial records: As required by UK law (typically 6 years).
7. Your rights
Under UK GDPR you have the following rights:
- Access. Request a copy of the personal data we hold about you.
- Rectification. Ask us to correct inaccurate or incomplete data.
- Erasure. Ask us to delete your data in certain circumstances.
- Restriction. Ask us to limit how we use your data while a dispute is resolved.
- Portability. Receive your data in a structured, commonly used format.
- Objection. Object to processing based on legitimate interests.
- Withdraw consent. Where we rely on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email privacy@strategyworks.io. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular security reviews. No method of transmission over the internet is completely secure, but we take our obligations seriously and review our security practices regularly.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay where required.
9. International data transfers
StrategyWorks is operated from the United Kingdom. If we transfer your data outside the UK, we ensure an equivalent level of protection applies through UK adequacy regulations, standard contractual clauses, or other approved mechanisms.
Our primary cloud infrastructure is hosted in the UK and European Economic Area.
10. Cookies
This website uses a small number of strictly necessary cookies to make the site function, including remembering your light or dark theme preference. We do not currently use analytics, advertising, or tracking cookies.
If we add analytics or other non-essential cookies in future, we will update this policy and provide appropriate consent options at that time.
11. Changes to this policy
We may update this privacy policy from time to time. When we make material changes, we will notify platform users by email or in-app notification, and update the "last updated" date above. We encourage you to review this page periodically.
Continued use of the platform after changes take effect constitutes acceptance of the updated policy.
12. Contact us
If you have any questions about this privacy policy or how we handle your data:
- Email: privacy@strategyworks.io
- Post: Data Protection, Shapecast Ltd, [registered address]
For general enquiries: hello@strategyworks.io