L-1.0Legal
Privacy Policy
This policy describes what information Strux Labs collects across strux-labs.com, the account dashboard, and the licensing service behind the StruxDraft desktop suite — and what we do with it. The short version: your engineering work stays on your machine, we keep the minimum needed to run accounts, licenses, and billing, and we do not sell personal information.
01Who we are & scope
Strux Labs is the publisher of StruxDraft, StruxCalc, and Strux4D. [PLACEHOLDER: legal entity name], a [PLACEHOLDER: state of formation] limited liability company ("Strux Labs," "we," "us"), operates this website and the related services.
This policy covers the website at strux-labs.com, the account dashboard, the free Strux4D web viewer, and the licensing service used by the desktop software. Use of the installed desktop software is licensed under its End User License Agreement (EULA), presented at installation; this policy describes the data that licensing and the applications exchange with us.
Questions about this policy go to info@strux-labs.com.
02Information we collect
Account information
When you create an account we collect your email address, name, and a password. Passwords are stored only as salted hashes by our authentication provider (Supabase) — we cannot read them. We also keep the account creation date and beta-invitation status.
Payment information
Subscriptions are billed through Stripe. Your card number is entered on, transmitted to, and stored by Stripe; card data never touches Strux Labs servers. We receive only what we need to run your subscription: plan, status, billing-cycle dates, transaction history, and the last four digits of the card for display in the billing portal.
License activation data
To enforce per-machine licensing, the desktop software sends a machine identifier — a one-way hash derived from hardware characteristics — together with the operating-system version, software version, and activation and deactivation timestamps. A license may be active on up to two machines at a time; deactivating a machine from the account dashboard frees the slot. The identifier cannot be reversed into your hardware details and is used only for license enforcement.
Contact form
Messages sent from the contact page are relayed to info@strux-labs.com by FormSubmit, a third-party form-relay service. The relay processes your name, email address, and the message contents solely to deliver the email to us.
Website analytics
The site is served by Cloudflare Pages and measured with Cloudflare Web Analytics, which is cookieless. We see aggregate page views, referrers, country, and browser class. There are no advertising cookies, no fingerprinting, and no persistent identifiers — we cannot single out an individual visitor. Signing in to the dashboard uses an essential session token stored in your browser by our authentication provider; it is required for the dashboard to function and is not used for tracking.
Desktop software diagnostics
The applications run locally. They may send error reports and anonymized usage events (which tools were used, how long a session lasted) to help us find and fix defects. This can be disabled in the application settings. License-verification requests cannot be disabled, because they enforce the license.
What we do not collect
Your project files stay on your machine. We never receive .struxdraft files, calculations, member designs, loads, analysis results, imported plan PDFs, file names, or report contents. The Strux4D web viewer loads its sample model from our server and uploads nothing.
03How we use information
We use the information above to:
- provide and maintain accounts, downloads, and license activation;
- process payments and manage subscriptions through Stripe;
- enforce the two-machine activation limit and prevent unauthorized use;
- answer support questions and beta-access requests;
- send transactional email — receipts, security notices, license events;
- improve reliability of the software using error reports;
- comply with legal obligations and resolve disputes.
We do not use your information to build advertising profiles, to train machine-learning models on your engineering data, or to send marketing on behalf of third parties.
04Service providers
We rely on four processors to run the services. Each handles data only to supply its service to us, under its own published terms:
| Provider | Role | Data handled |
|---|---|---|
| Supabase | Authentication and database for accounts and licensing | Email, name, password hash, subscription status, machine identifiers |
| Stripe | Payment processing and the billing portal | Payment details, handled directly by Stripe — we never store card numbers |
| FormSubmit | Contact-form email relay | Name, email address, and message contents of contact submissions |
| Cloudflare | Website hosting (Pages) and cookieless analytics | Request data at the network edge (IP address), aggregate visit statistics |
05How we share information
We do not sell or rent personal information, and we do not share it for cross-context behavioral advertising. We disclose information only:
- to the service providers listed in section 04, for the purposes stated there;
- when required by law or a valid legal process, such as a court order or subpoena;
- to protect the rights, property, or safety of Strux Labs, our users, or others, or to enforce this policy, our Terms of Service, or the EULA;
- as part of a merger, acquisition, or sale of assets — with notice to you before your information becomes subject to a different privacy policy.
06Data retention
| Data | Kept for |
|---|---|
| Account information | Life of the account; removed or anonymized within 30 days of a deletion request |
| Payment records | As required by tax and accounting law (typically seven years) |
| Machine identifiers | Until you deactivate the machine or delete the account |
| Error reports | Up to 12 months |
| Contact messages | Up to 24 months after the request is resolved |
| Web analytics | Aggregate only — no per-visitor data is retained |
Where law requires us to keep specific records longer (for example, transaction records for tax purposes), we keep only what that law requires.
07Security
We protect the information we hold with encryption in transit (TLS/HTTPS) for all traffic between your browser, the desktop software, and our services; encryption at rest for stored data; salted password hashing; row-level security on database tables; and access limited to what each system needs.
No internet service can promise absolute security. If we learn of a breach affecting your personal information, we will notify you as required by applicable law.
08Your rights & choices
Email info@strux-labs.com from the address on your account to exercise any of the following. We respond within 30 days:
- Access & export — request a copy of the personal information we hold about you, in a commonly used electronic format;
- Correction — fix inaccurate account information (most fields can also be updated directly in the dashboard);
- Deletion — close your account; we remove or anonymize your personal information within 30 days, except records the law requires us to keep. Project data stored locally on your machines is yours and is not affected;
- Email preferences — opt out of product announcements with the unsubscribe link in any such email. Transactional messages (receipts, security notices, license events) cannot be opted out of while you hold an account;
- Diagnostics — disable desktop error and usage reporting in the application settings at any time.
Residents of California and other states with consumer-privacy laws may have additional rights, including the right to know, the right to delete, and the right to non-discrimination for exercising those rights. We do not sell personal information, so there is no sale to opt out of. Use the same address to exercise any state-law right.
09Children's privacy
The services are not directed to anyone under 16, and we do not knowingly collect personal information from children under 16. If we learn that we have, we will delete it promptly. If you believe a child under 16 has provided us personal information, contact info@strux-labs.com.
10International transfers
The services are operated from the United States. If you use them from elsewhere, your information will be transferred to and processed in the United States, where privacy law may differ from your jurisdiction's. We apply the safeguards in section 07 to all data regardless of origin.
11Changes to this policy
We may update this policy from time to time. We will post the updated version here with a revised "Last updated" date, and for material changes we will email account holders before the change takes effect. Continued use of the services after the effective date constitutes acceptance of the updated policy.
12Contact
[PLACEHOLDER: legal entity name]
[PLACEHOLDER: mailing address — street, city, state ZIP]
info@strux-labs.com