Stratiform AI went far beyond a standard legal review — the strategic breakdown of risks and opportunities was exceptional They gave us total clarity on our compliance responsibilities — we now know exactly how to manage our obligations The human oversight and editing by a senior professional made all the difference to the quality of the output We can now deploy our team with full confidence that they are protected and well-informed They translated a complex contract analysis into practical, actionable tools our business can actually use Stratiform AI went far beyond a standard legal review — the strategic breakdown of risks and opportunities was exceptional They gave us total clarity on our compliance responsibilities — we now know exactly how to manage our obligations The human oversight and editing by a senior professional made all the difference to the quality of the output We can now deploy our team with full confidence that they are protected and well-informed They translated a complex contract analysis into practical, actionable tools our business can actually use
Security & Data Handling

Trust sits at the
centre of what we do.

Our clients share internal, commercially sensitive — and sometimes highly confidential — information with us. From the outset, our service has been designed to protect that information while still delivering fast, reliable outputs.

🔒
GDPR Aligned
🛡️
Encrypted in transit & at rest
🚫
Never used for AI training
👁️
Human reviewed outputs
🗑️
30-day data deletion
🔐
Multi-factor authentication
Why this matters — read this first

Most AI platforms say your data won't be used for training.
That's not the same as your data being private.

When you use a standard AI platform — even one that promises not to train on your data — your information still passes through and exists within their online environment during the session. It is processed on their infrastructure, visible to their systems, and subject to their internal access policies. Not used for training does not mean not retained, not visible, or not at risk.

Before choosing any AI service for sensitive business information, you should ask: where exactly does my data go, who can see it during processing, and what controls exist over that environment? Most platforms cannot give you a clear answer.

Standard AI platforms
Your data enters their shared online environment
Processed on their infrastructure — you have no visibility
"Not used for training" does not mean not retained
Session data may persist within their systems
Access controls are theirs to define, not yours
Stratiform AI
AI accessed via private API keys — not through public platforms
Processing happens within our standalone, controlled environment
No data retained by the AI model outside the session
Outputs saved in a strictly access-controlled file system
Only you and authorised Stratiform AI personnel have access

Stratiform AI has built its own standalone processing platform that connects to AI models through secure API keys. This means the AI generates your output without the underlying model retaining any information beyond the active session. Your data is never held in a public or shared environment, never exposed to the platform owner's broader systems, and never accessible to anyone outside your agreed engagement.

We recommend that any business sharing sensitive information with an AI service asks these three questions: How is my data processed — through a public platform or a private environment? Who can access my data during and after processing? What access controls govern where my output is stored? Stratiform AI can answer all three clearly and in writing before any work begins.

Our secure working approach

A controlled, deliberate process

Every engagement follows a structured workflow designed to minimise risk and maintain accountability at every stage.

1

You contact us with an enquiry

We clarify scope, expectations, and timescales before anything begins.

2

You receive a dedicated secure upload route

A private, isolated channel created specifically for your engagement — not shared with anyone else.

3

Processing inside a private, controlled environment

All AI processing happens via secure API keys within our standalone platform. No public tools, no shared environments — your data never enters a consumer AI interface.

4

Human review before delivery

Every output is checked by a specialist. Accuracy, tone, logic, and quality — all verified before it reaches you.

5

Secure delivery of final documents

Encrypted download links or restricted-access sharing. Never unsecured email attachments unless explicitly requested.

6

Deletion in line with agreed retention rules

Files deleted after 30 days as standard. Early deletion available on request — permanent and not recoverable.

Technical security

Enterprise-grade. Built in from day one.

🔐

File storage & access

Encryption in transit and at rest
Strict access controls — authorised personnel only
Activity logging and audit trails
Enforced multi-factor authentication
Continuous platform security monitoring
🤖

AI environment

AI accessed via private API keys — not public platforms
Client data never used to train AI models
No data retained by AI outside the active session
Processing via our own standalone controlled platform
No content enters public or shared AI environments
👤

Human oversight

Every output reviewed by a specialist
Accuracy and completeness checked
Tone verified for intended audience
Generic AI language removed
Alignment with your original intent confirmed
Responsible use of AI

AI enhances. Humans decide.

AI handles

  • Structuring and formatting documents
  • Drafting from raw inputs
  • Consistent, rapid processing
  • Identifying key information
supervised by

Humans handle

  • All quality control and review
  • Contextual judgement calls
  • Final accountability for outputs
  • Client relationship and communication

AI is used strictly as a support tool — never as an unsupervised or autonomous decision-maker.

Data retention

Minimised by design

30
Day standard retention
Retained only as long as needed to deliver the agreed service.
0
Days after early deletion
Requested at any time. Permanent and not recoverable.

Clients remain the Data Controller at all times. Stratiform AI acts solely as a Data Processor.

Payments & invoicing

Simple & transparent

📝

Scope, deliverables, and cost agreed in writing before work begins.

📄

Invoice issued in advance of work starting.

💳

Payment follows agreed terms.

Work begins once payment is received (unless otherwise agreed).

📅

Staged or milestone-based invoicing available for larger engagements.

Further assurance

Regulated sectors & additional documentation

For organisations requiring additional assurance — including regulated sectors, charities, or public-sector-adjacent work — further documentation is available on request before any work begins:

Data Processing Agreements (DPA)
Engagement terms
Detailed security controls documentation

Questions about security?

Get in touch before committing to anything. We're happy to provide full documentation for regulated sectors.

Contact Us → Try For Free