Security, Confidentiality & Data Handling

Trust sits at the centre of how Stratiform AI operates.

Our clients share internal, commercially sensitive — and sometimes highly confidential — information with us. From the outset, our service has been designed to protect that information while still delivering fast, reliable, professional outputs.

This page explains, in clear terms, how your information is handled, how AI is used responsibly, and how payment and invoicing work.

Our secure working approach

Every engagement follows a controlled, deliberate process designed to minimise risk and maintain accountability.

It typically looks like this:

You contact us with an enquiry or initial request.
We clarify scope, expectations, and timescales.
If we proceed, you’re given a dedicated, secure upload route created specifically for your work.
All processing happens inside a private, controlled environment.
Every output is reviewed by a human before delivery.
Final documents are returned securely.
Files are deleted in line with agreed retention rules.

At no point are documents handled through unsecured channels or public systems.

Secure file handling and storage

Client materials are stored and managed within an enterprise-grade Google Workspace environment.

This provides:

  • encryption in transit and at rest

  • strict access controls limited to authorised Stratiform AI personnel

  • activity logging and audit trails

  • enforced multi-factor authentication

  • continuous platform security monitoring

Documents are never stored directly on the public website. Each client engagement is isolated to prevent accidental access, cross-sharing, or data leakage.

Private, ring-fenced use of AI

Stratiform AI does not rely on public or consumer AI tools.

All AI-assisted work is carried out within private, enterprise-grade environments configured so that:

  • client data is never used to train AI models

  • inputs are not retained or reused outside the session

  • processing occurs through encrypted, isolated connections

  • no content enters public datasets

AI is used strictly as a support tool — to assist with structure, clarity, and analysis — never as an unsupervised or autonomous decision-maker.

Human oversight and quality control

AI does not replace professional judgement at Stratiform AI.

Every output is reviewed by a human specialist to ensure:

  • accuracy and completeness

  • clear structure and logic

  • appropriate tone for the intended audience

  • removal of generic or unsuitable AI-generated language

  • alignment with your original intent and requirements

This balance — AI efficiency with human responsibility — is what differentiates Stratiform AI from generic tools or unsupervised automation.

Secure delivery of final outputs

Final documents are delivered using controlled, secure methods appropriate to the work, such as:

  • encrypted download links

  • restricted-access sharing

  • password-protected files where appropriate

We avoid unsecured email attachments unless explicitly requested.

Data retention and deletion

Stratiform AI operates on a data-minimisation basis.

Documents are retained only for as long as necessary to deliver the agreed service.
Standard retention is up to 30 days following delivery.
Early deletion can be requested at any time.
All deletions are permanent and not recoverable.

Clients remain the Data Controller at all times. Stratiform AI acts solely as a Data Processor.

Responsible use of AI

We believe AI should enhance professional thinking — not replace it.

Our approach ensures:

  • all AI outputs are supervised

  • no autonomous decisions are made on your behalf

  • contextual judgement remains human-led

  • AI is applied only where it delivers clear, measurable value

This reduces risk while preserving the speed and efficiency AI enables.

Payments and invoicing

Stratiform AI operates as a professional services provider.

All chargeable work is scoped and agreed in advance. Pricing is confirmed before any paid work begins, and payment is handled by invoice — not automated checkout.

In practice:

  • scope, deliverables, and cost are agreed in writing

  • an invoice is issued

  • payment follows agreed terms

  • work begins once payment is received (unless otherwise agreed)

For larger or ongoing engagements, staged or milestone-based invoicing can be arranged.

Further assurance

For organisations requiring additional assurance — including regulated sectors, charities, or public-sector-adjacent work — further documentation is available on request, such as:

  • Data Processing Agreements (DPA)

  • engagement terms

  • detailed security controls

We’re happy to provide this before any work begins.