← Back to Stratara

POTUS Privacy Policy

Effective date: 15 November 2025
Last updated: 25 November 2025

This Privacy Policy explains how Stratara Ltd ("Stratara", "we", "us") collects, uses, discloses and protects information about you when you use the POTUS mobile game and related services.

By creating an account or playing POTUS, you acknowledge that you have read this Privacy Policy and understand how we use your information.

1. Who We Are and Scope of This Policy

POTUS is a presidential strategy game operated by Stratara Ltd, an Israeli company.

This Privacy Policy applies to:

• The POTUS iOS app;
• The backend services and APIs that power POTUS;
• POTUS-specific pages and support channels on stratara.ai (for example, this legal page).

Other Stratara products or websites may have their own privacy notices. Where we link to another privacy notice, that notice governs for that specific product or service.

This Privacy Policy should be read together with:

• The POTUS Terms of Use; and
• Any in-app notices or consent screens describing specific data uses (for example, the AI and voice consent screen).

If anything in the Terms of Use conflicts with this Privacy Policy on how we handle personal data, this Privacy Policy prevails.

2. Key Principles at a Glance

We want our privacy approach to be understandable even if you do not read every detail. In summary:

Data minimisation

We collect only the information we need to run POTUS, improve it, and keep it secure.

No sale of personal data

We do not sell your personal data and we do not share it with advertisers for their own targeted advertising.

No social networking

POTUS has no human-to-human chat, public profiles, feeds or friend lists. All "conversations" are between you and AI advisors.

AI-driven by design

AI processing (including voice and text) is core to the game. There is no offline or "non-AI" mode.

Voice transparency

We clearly explain that voice calls with AI advisors are recorded and processed by ElevenLabs and other vendors for gameplay, quality, and safety. There is no hidden recording.

Sensitive political content treated with care

Because POTUS is a political simulation, you may voluntarily share political opinions or other sensitive information. We do not use this for real-world political advertising or decisions – only for the in-game narrative, scoring and safety.

First-party analytics only

We do not use advertising or marketing analytics SDKs (no Firebase Analytics, Mixpanel, Amplitude, ad SDKs, etc.). Usage telemetry stays within Stratara-controlled infrastructure.

Age limit

POTUS is intended for users aged 13 and over and is not directed at children under 13.

Your rights

Depending on where you live, you may have rights to access, correct, delete and object to certain uses of your data. We also provide an in-app account deletion function.

3. Controller, Representatives and Contact Details

3.1 Data Controller

The data controller responsible for processing your personal data in connection with POTUS is:

Stratara Ltd
Company number: 517197182
Dan 14, Ness Ziona
7412110
Israel

3.2 EU and UK Representatives

Under Article 27 GDPR and UK GDPR, non-EU/UK-established controllers must appoint local representatives when offering goods or services to individuals in the European Economic Area ("EEA") or the United Kingdom ("UK").

Stratara will appoint such representatives once we begin active marketing or offering POTUS to users in those regions. When appointed, their contact details will be published in this section. Until then, you may contact us directly using the details in section 3.4 below.

3.3 Data Protection Officer

When required by law or as our operations grow, we will appoint a Data Protection Officer ("DPO"). Once appointed, their contact details will be provided here. Until then, please use the contact details in section 3.4 for any privacy-related questions.

3.4 How to Contact Us About Privacy

For any questions, requests or complaints about this Privacy Policy or our handling of your data, you can contact us at:

Email: [email protected]
Subject line suggestion: "POTUS – Privacy request"

We may ask you for additional information to verify your identity before we respond to certain requests.

4. Information We Collect

This section describes the categories of information we collect when you use POTUS. We may collect this information directly from you, from your device, from platform providers (such as Apple), or from our service providers.

We do not collect personal data that is not described in this Privacy Policy.

4.1 Account and Identity Data

When you create and use a POTUS account, we collect:

• Email address – used as your login identifier and for important service communications.
• Account identifier – a unique internal ID we generate for your account.
• Authentication and session data – such as hashed passwords or authentication tokens, login timestamps, and session identifiers.
• Basic account settings – such as your in-game designation (e.g. your display name or "President" title), language, and your consent or preference flags (for example, whether you have accepted AI/voice processing).

This data is necessary to create and maintain your account, allow you to log in, and provide your game state across sessions and devices.

4.2 Gameplay and Game Content Data

POTUS is a story-driven strategy game. When you play, we process:

Scenarios and choices

• Scenarios you start and finish.
• Choices you make in those scenarios.
• Outcomes and consequences, including success/failure states.

Advisor conversations (voice and text)

• What you say to AI advisors (in text or via voice, once transcribed).
• The responses generated for those advisors.

AI-generated game content

• In-game world events and developments.
• AI-generated "news articles" and briefings.
• End-of-scenario performance summaries, scores, ratings and feedback.

All of this is treated as part of your game history, linked to your account ID. It allows us to restore your progress, provide consistent storylines, and generate end-of-scenario summaries and scores.

Because the game is political, gameplay content can sometimes include political opinions or other sensitive topics that you choose to share. We address this specifically in our section on sensitive data and profiling (later in the policy), but at a high level we use such content only for game purposes and safety.

4.3 Voice and Audio Data

When you use voice calls with AI advisors, we process:

• Microphone audio – live audio captured from your device when you talk to your AI advisors, transmitted to our voice provider for speech processing and voice generation.
• Call metadata – such as call start and end time, call duration, call identifier, and the amount of "minutes" used.
• Transcriptions – text transcripts derived from your speech and, in some cases, from the AI advisors' spoken replies.

The audio itself is mainly processed by ElevenLabs, our voice provider. Stratara does not store raw audio long-term on its own systems; we retain the transcripts and AI outputs as part of your gameplay history. More detail is provided in the dedicated voice and AI section later in this policy.

4.4 Technical and Telemetry Data

To operate the game and understand how it performs, we collect certain technical data from your device and gameplay, such as:

Device and app information

• Device model and hardware type.
• Operating system and version.
• App version.
• Language and basic regional settings.
• IP address (used to derive a coarse region, not precise location).

Telemetry and usage data

• Scenarios started and completed.
• Number of rounds or turns completed.
• Call counts, durations, and minutes consumed.
• Errors and diagnostic information when something goes wrong.

This telemetry is stored in Supabase and other Stratara-controlled infrastructure. We do not send this gameplay telemetry to advertising networks or third-party marketing analytics tools.

4.5 Purchase and Game Economy Data

We use in-app purchases ("IAPs") and virtual resources such as "mandate" and call minutes to run the game's economy. For this, we process:

In-app purchase information

• Product purchased (e.g. a pack of minutes or mandate).
• Price and currency.
• Date and time of the transaction.
• StoreKit / App Store purchase metadata and receipts (transaction identifiers, status, and related fields).

Virtual economy data

• Your mandate balance and any other soft-currency balances.
• Your balance of call minutes and usage history.
• History of in-game spend and consumption of those virtual items.

All real-money transactions are processed by Apple's App Store billing system. Stratara does not receive your card number or bank account details. We only receive information necessary to grant purchased items, maintain balances and comply with legal and accounting requirements.

4.6 Data We Explicitly Do Not Collect

To avoid doubt, POTUS does not:

• Access or import your contacts/address book or SMS messages.
• Access your photo library, camera roll or personal files.
• Collect your precise GPS location.
• Collect your social network friend lists or social graph.
• Implement advertising SDKs that track you across apps or websites.
• Collect payment card numbers, bank account details, or full billing addresses – these remain with Apple or your payment provider.
• Collect data for gambling, fintech, or crypto use; the game's economy is purely virtual and for entertainment.

If we ever introduce new features that require additional types of personal data, we will update this Privacy Policy and provide appropriate in-app notices before we start such processing.

5. How We Use Your Information and Legal Bases

We use the information we collect for several purposes. Under European data protection law, we must also have a "legal basis" for each use. Below we describe both the purpose and the corresponding legal basis.

5.1 Providing and Operating the Game and AI Features

Legal basis: performance of a contract; legitimate interests

We use your information to:

• Create and manage your POTUS account.
• Authenticate you and keep your sessions secure.
• Run the game logic, including scenarios, choices, and outcomes.
• Enable real-time voice and text interactions with AI advisors.
• Generate in-game world events, news articles, and end-of-scenario summaries.
• Save your progress and game history so you can resume where you left off.

Without this processing, we cannot provide the POTUS game. When you create an account and accept the Terms of Use, a contract is formed between you and Stratara for the provision of the game, and this processing is necessary to fulfil that contract.

Because AI and server-side processing are essential to POTUS, there is no "offline" or AI-free mode: if you do not agree to this processing, you will not be able to play the game. Where local law requires it (for example, for voice recording or certain sensitive data), we also rely on your consent, as explained below.

5.2 Security, Fraud Prevention and Abuse

Legal basis: legitimate interests; legal obligations where applicable

We use account, gameplay, telemetry and purchase data to:

• Protect our infrastructure from attacks, abuse or unauthorised access.
• Detect cheating, misuse of free minutes or mandate, and other forms of abuse.
• Prevent and investigate payment fraud, chargebacks and suspicious patterns.
• Enforce our Terms of Use and other policies.

Our legitimate interest is to protect the integrity and security of our services and users. In some cases (for example, financial record-keeping or responding to law-enforcement requests) we may also be legally required to retain or disclose certain information.

5.3 Telemetry, Diagnostics and Product Improvement

Legal basis: legitimate interests

We analyse technical and gameplay telemetry to:

• Understand how POTUS is used and where players struggle or disengage.
• Balance difficulty, pacing and scenario design.
• Monitor the stability and performance of the app, voice calls and AI systems.
• Diagnose and fix bugs, crashes and quality issues.

We do this in a privacy-respectful way, using internal tools and infrastructure. We do not forward this telemetry to third-party advertising networks and we do not build cross-app profiles.

Our legitimate interest is to improve POTUS over time, while respecting your privacy and expectations.

5.4 Customer Support and Communication

Legal basis: performance of a contract; legitimate interests; consent (where required)

We use your contact details and relevant account/game data to:

• Respond to support tickets and bug reports.
• Help you recover access to your account, where possible.
• Communicate important service information, such as major updates, security notices, or changes to this Privacy Policy or the Terms of Use.

We do not send frequent marketing emails about unrelated products. If we ever send optional marketing communications, we will do so only with your consent and provide a clear way to opt out at any time.

5.5 Legal and Compliance Purposes

Legal basis: legal obligations; legitimate interests

We may need to use and retain some of your information to:

• Comply with tax, accounting and financial reporting requirements (for example, keeping records of purchases and refunds for a legally mandated period).
• Respond to lawful requests from public authorities, courts, or regulators.
• Establish, exercise or defend legal claims.

In these cases, we rely on our legal obligations or our legitimate interest in protecting our rights, our users and the public.

5.6 AI-Related Use and Model Training

Legal basis: performance of a contract; legitimate interests; consent (for sensitive content)

POTUS is heavily AI-assisted. We use your gameplay content, including transcripts and scenario context, to:

• Generate advisor responses, world events, news articles and summaries.
• Evaluate your in-game performance and produce scores and feedback.
• Run safety checks (for example, detecting abusive behaviour towards the AI or other violations of our rules).
• Improve the quality and reliability of these AI-based features, for example by analysing aggregated patterns of how scenarios perform.

Our approach to AI training and reuse is:

Stratara's own use

• We do not use your individual conversations to train separate general-purpose models that could be reused across other products.
• We may use aggregated, de-identified analytics (such as scenario completion rates or difficulty metrics) to improve POTUS.

Third-party AI providers

• We access AI models through commercial APIs (such as Groq, OpenAI, Anthropic, xAI, Replicate) and not via consumer chat products.
• Where possible, we configure these services to opt out of using customer data for their own model training and to minimise retention.
• However, these providers may still process data under their own privacy terms. We bind them contractually and through settings, but we cannot fully control their internal model-training practices.

For EU/UK users, we typically rely on performance of contract (providing the AI-driven game) and legitimate interests (improving quality and safety). If you voluntarily share sensitive data (for example, political opinions) in your interactions, we treat this as shared with your explicit consent for the limited purpose of providing the game and maintaining safety. You can always avoid sharing such information by choosing not to include it in your gameplay content.

We do not:

• Use your gameplay data for real-world political advertising,
• Make automated decisions that produce legal or similarly significant effects on you outside the game, or
• Sell or share your data with third parties for their own advertising or profiling.

5.7 No Unannounced New Purposes

We will not use your personal data for purposes that are materially different from those described in this Privacy Policy without:

• updating this Privacy Policy; and
• where required by law, obtaining your additional consent before such new use.

If we introduce a new feature that requires a different type of processing (for example, a social feature or external research programme), we will provide clear, upfront information so you can make an informed choice.

6. Voice, Audio Calls and Transcription (ElevenLabs)

POTUS allows you to speak with AI "advisors" in real time. This feature is central to the experience, so we want to be very clear about how voice data is handled.

6.1 How Voice Calls Work

When you start a call in POTUS:

• The app activates your device microphone only while you are in an active call screen.
• Your live audio is streamed over an encrypted connection to our voice provider, ElevenLabs, which:
  • converts your speech into text, and/or
  • generates synthetic speech for the advisor's replies.

We do not access your microphone when:

• the app is closed;
• you are not on a call screen; or
• you have disabled microphone access at the operating system level.

You will see clear in-app indicators (such as a call screen and/or recording icon) when the microphone is in use.

6.2 What We Collect During Calls

During a POTUS call, we collect and process:

• Your spoken audio, streamed in real time to ElevenLabs.
• Call metadata, such as:
  • call start and end times;
  • call duration;
  • minutes consumed;
  • a technical call identifier.
• Transcripts, which are text versions of:
  • what you say; and
  • in some cases, what the AI advisor says.

In practice, Stratara:

• uses the audio stream only for live processing; and
• retains transcripts and related AI outputs (not the raw audio) as part of your game history.

6.3 Storage and Retention of Audio

Our goal is to keep raw audio as ephemeral as possible.

Stratara systems

• We do not store raw call audio long-term on our own servers.
• We focus on storing transcripts and game content derived from your calls.

ElevenLabs systems

• ElevenLabs may store audio recordings on its own infrastructure for up to 90 days, for quality, safety and service-improvement purposes, in line with their settings and policies.
• Where configuration options are available, we enable "no training / limited retention" settings for customer data.

We do not control ElevenLabs' internal systems, but we bind them contractually and configure their service to minimise data retention and reuse wherever possible. Details of our sub-processors, including ElevenLabs, are published on our sub-processors page (see the "Sub-processors" section later in this policy).

6.4 How We Use Voice and Transcripts

We use voice data and transcripts to:

• Provide the real-time advisor call experience.
• Understand what you say so the game logic and AI can respond appropriately.
• Generate and store transcripts, summaries and game outcomes associated with your account.
• Perform quality assurance, for example investigating persistent call problems or obvious AI malfunctions.
• Maintain safety and abuse controls, for example detecting repeated violations of our rules or serious misuse.

We do not:

• use your voice recordings for advertising or marketing;
• sell or rent voice data to third parties;
• use your voice to create a separate biometric profile or voiceprint for authentication in other products.

6.5 Consent to Recording and Local Laws

When you first use POTUS, we present a consent screen explaining:

• that voice calls with AI advisors are recorded and transcribed;
• that this data is sent to external AI/voice providers; and
• how it is used for gameplay, quality and safety.

By:

• accepting that consent screen, and
• starting a call and speaking into the app,

you consent to the recording and processing of your voice for these purposes, including in jurisdictions where explicit consent is required for call recording.

POTUS does not initiate real phone calls or VoIP calls with other human users. All calls take place inside the app between you and AI advisors.

If you do not agree to voice recording and AI processing, you cannot create an account or use POTUS, because these features are essential to how the game works.

6.6 ElevenLabs as a Service Provider

ElevenLabs acts as our service provider / processor for voice processing:

• We send them only the data necessary to provide speech-to-text and text-to-speech services.
• They process this data under their own terms and privacy policy, and under a contract with us that includes data protection obligations.

Where possible, we:

• enable settings that opt out of model training on customer data; and
• limit the retention of audio and transcripts on ElevenLabs systems.

However, we cannot fully control how a third-party AI provider designs its internal models. For this reason, we:

• choose reputable providers; and
• keep an up-to-date list of sub-processors, so you can see who is involved.

If you are uncomfortable with this, you can choose not to use POTUS and may delete your account at any time.

7. AI Vendors, Transcripts and Content Processing

POTUS relies on external AI infrastructure to generate advisor responses, world events, and scenario summaries. This section explains what is shared and with whom.

7.1 What We Send to AI Providers

From our own servers, we may send the following to AI providers:

Textual content

• Your text messages to advisors.
• Transcripts of your voice input.
• Relevant snippets of prior in-game conversations.

Game context

• Scenario and world state (e.g. which crisis you are handling, choices already made).
• Your in-game performance to date for that scenario.
• System prompts describing how the AI should behave (e.g. "act as a foreign policy advisor").

Technical metadata

• Request identifiers and timestamps.
• High-level model parameters (e.g. which model version we are calling).

We do not intentionally send your email address or other direct contact information to these AI services. Instead, we link their responses back to your account through internal identifiers that remain on Stratara systems.

7.2 Which AI and Infrastructure Vendors We Use

We may use a combination of:

• Auth, database and edge infrastructure – for example Supabase, and cloud hosting providers.
• AI model providers – accessed via commercial APIs, such as:
  • Groq
  • OpenAI
  • Anthropic
  • xAI
  • Replicate
• Other orchestration or tooling providers – used internally to route and monitor AI requests.

Rather than hard-coding this list in the policy, we maintain a live list of sub-processors and vendors on our website. You can find the current list in the "Sub-processors" section referenced later in this policy.

7.3 How AI Providers Use Your Data

We use AI providers in a way that is intended to be service-like, not as open consumer chat products:

• We access them via API / enterprise endpoints, not via public chat interfaces.
• We configure their settings to limit retention and training on customer data where such options exist.
• We require them, by contract, to handle your data securely and only for the purposes of providing their service to us.

However:

• Each provider also operates under its own privacy policy and terms.
• In some cases, they may retain limited logs, or use data in aggregated or de-identified form to improve their systems.

We aim to choose providers whose practices are compatible with our own privacy commitments. Nevertheless, we cannot fully control how a third party designs its internal models, and some residual training or retention risk remains when using any external AI service.

7.4 Your Data, Our Models and Third-Party Training

Our approach is:

Stratara's own use

• We do not train separate general-purpose models on your individual conversations or game sessions, outside what is necessary to operate POTUS.
• We may use aggregated analytics (e.g. scenario completion rates, difficulty metrics) to improve game design.

Third-party training

• By default, we attempt to opt out of providers using customer content to train or refine their general models, where such options exist.
• Where we cannot fully opt out, we configure settings to minimise retention and reuse, and we limit what data we send to what is necessary for gameplay.

We do not provide your data to third parties for their own targeted advertising or political campaigning.

8. Telemetry and Analytics (First-Party Only)

We collect telemetry and analytics data to run POTUS effectively, but we keep this strictly first-party.

8.1 No Third-Party Marketing or Ad Analytics SDKs

POTUS:

• does not include advertising SDKs;
• does not use mobile marketing analytics SDKs such as Firebase Analytics, Mixpanel or Amplitude for cross-app tracking; and
• does not share telemetry with ad networks or data brokers.

Any analytics or telemetry we collect is for our own internal use to improve POTUS and understand performance, not for external advertising.

8.2 What Telemetry We Use

Typical telemetry includes:

• How often you launch the app and how long you play.
• Which scenarios you start, how far you get, and where you stop.
• How many calls you make, and how many minutes you consume.
• Technical diagnostics such as crash traces, error codes and request latency.

We usually link this telemetry to your account ID, so we can:

• troubleshoot specific user-reported problems;
• understand the full context of a failing session; and
• relate usage to subscription or purchase history (for billing and abuse prevention).

Where possible, we also work with aggregated or anonymised reports for high-level product decisions.

9. Purchases, Mandate and Game Economy

The POTUS game economy uses virtual resources and in-app purchases. This section explains how we handle related data.

9.1 Apple as Payment Processor

On iOS:

• All purchases are processed by Apple's App Store.
• Apple is responsible for collecting and processing your payment details (such as card or Apple Pay information).
• Stratara never sees your full credit card number or bank account details.

We receive from Apple only the information that is necessary to:

• confirm that a purchase was made or refunded;
• identify which product or subscription you bought; and
• handle entitlements, disputes and fraud prevention.

For questions about how Apple handles your payment details, you should consult Apple's own privacy information.

9.2 What We Store About Purchases

We may store:

• Product IDs and descriptions (e.g. which minutes or mandate pack you purchased).
• The date and time of the transaction.
• StoreKit transaction identifiers and receipt data needed for verification.
• The price and currency of the purchase.
• Refund or chargeback status, where applicable.
• The internal account ID that made the purchase.

We combine this with your in-game economy data (mandate, minutes and entitlements) to:

• grant and restore purchased content;
• display your balances and purchase history in the app;
• detect and investigate suspicious transactions;
• maintain accurate financial and tax records.

9.3 Virtual Currency and No Real-Money Transfers

POTUS uses virtual resources such as "mandate" and call minutes:

• These are not real money and cannot be withdrawn or transferred outside the game.
• Their use is governed by the Terms of Use, not by financial or banking regulations.

From a privacy perspective, we treat your balances and transaction history as part of your account data. We do not share this information with third parties for their own marketing.

10. Sensitive Data and Political Content

POTUS is a political simulation game. During normal gameplay, you may choose to express:

• political views and preferences;
• opinions about public figures or policies;
• other potentially sensitive information (for example, about your beliefs or background).

10.1 We Do Not Intentionally Solicit Sensitive Data

We do not design the game to deliberately solicit personal political or other sensitive data about you as a real individual. However:

Because the game involves political scenarios and conversations, you may voluntarily say or type things that reveal or suggest your personal views or other sensitive details.

10.2 How We Treat Sensitive Content

If you choose to share sensitive information in the game:

• We treat it as gameplay content, used to:
  • shape the in-game narrative and consequences;
  • generate advisor responses;
  • create summaries and scores;
  • ensure safety and enforce our rules.
• For users in the EEA/UK and other similar jurisdictions, we treat this as shared with your explicit consent for:
  • providing the game; and
  • ensuring safety and abuse prevention.

We do not:

• use this content for real-world political advertising;
• sell it to third parties;
• use it to make real-world decisions about you (such as credit, employment or housing).

The only "profiling" we perform is within the game context:

• evaluating how you performed in a scenario;
• assigning in-game scores, reputational outcomes and narrative branches.

These in-game consequences do not extend beyond POTUS.

If you prefer not to share such information, you can avoid including personal political details in your speech or text. You also have rights (described later in this policy) to request access, deletion or restriction of your data.

11. Children and Minimum Age

11.1 Minimum Age

• POTUS is intended for users aged 13 and over.
• We do not knowingly collect personal data from children under 13.
• We do not market POTUS to children or place it in the "kids" category of app stores.

If we learn that a child under 13 has created an account or provided personal data, we will:

• take steps to delete the account; and
• remove personal data from our systems as far as technically and legally possible.

If you are a parent or guardian and believe your child has used POTUS without your consent, please contact us at [email protected].

11.2 Teen Users (13–17)

Users aged 13–17 are still minors in many jurisdictions. For these users:

• POTUS does not contain public social networking features, open chatrooms, or friend-finding tools that would allow them to communicate with strangers inside the app.
• We do not serve third-party advertising or build advertising profiles based on their data.
• Where local law requires parental consent for certain processing (for example, under some EU/UK rules for users under a certain age), we will implement appropriate measures or rely on the app store's own parental control mechanisms.

We encourage parents or guardians to monitor how teens use POTUS and to discuss appropriate use and in-game spending with them.

12. International Data Transfers and Hosting

Stratara is based in Israel and uses cloud infrastructure and service providers located in multiple countries. This means your personal data may be stored and processed outside your country of residence.

12.1 Where Your Data May Be Processed

Depending on your location and how you use POTUS, your data may be processed in:

• Israel (where Stratara is headquartered);
• European Union / EEA data centres;
• the United States; and
• other countries where our cloud providers and AI vendors maintain infrastructure.

We may change or expand our hosting regions over time as the service scales. We will always ensure that any such locations offer an adequate level of protection for your data.

12.2 Protection for EEA/UK Users

If you are in the EEA or UK:

• Israel is currently recognised as providing an adequate level of data protection. Transfers of data from the EEA/UK to Israel may therefore take place without additional authorisation.
• For transfers to countries that may not be recognised as adequate (for example, the US in some circumstances), we rely on appropriate legal safeguards, such as:
  • Standard Contractual Clauses approved by the European Commission; and
  • UK-specific transfer mechanisms for UK users.

We also:

• seek to use providers that implement strong security practices; and
• limit the data we send to what is necessary for the relevant purpose.

12.3 Changes to Hosting Locations

As we grow, we may:

• add or change cloud regions;
• migrate parts of our infrastructure between providers or countries.

We will not reduce the level of protection for your personal data as a result of these changes. If any change materially affects your privacy rights, we will:

• update this Privacy Policy; and
• provide additional notice (for example in-app or by email) where required by law.

13. Data Retention

We keep personal data only for as long as we reasonably need it for the purposes described in this Privacy Policy, and to comply with our legal obligations. When we no longer need data in identifiable form, we either delete it or anonymise it so it can no longer be linked to you.

13.1 General Principles

When deciding how long to keep data, we consider:

• The purpose for which the data was collected.
• The type and sensitivity of the data.
• Our legal and regulatory obligations (for example, tax and accounting).
• The likelihood of disputes or the need for historical records to defend against claims.

Where specific retention periods are mentioned below, they may be extended if required by law or by an ongoing dispute or investigation.

13.2 Audio Recordings (Voice Calls)

ElevenLabs audio

• ElevenLabs may store call audio for up to 90 days on its systems, mainly for quality and safety purposes, in line with its own policies and settings.

Stratara audio

• We do not keep raw call audio on our own systems beyond short buffering needed for streaming.
• Our long-term record of calls is in the form of transcripts and derived game content, as described below.

13.3 Transcripts, AI Outputs and Gameplay Content

Transcripts and AI-generated content (such as advisor messages, world events, news articles, summaries and scores) are treated as part of your game history:

• We retain this content for as long as your account remains active.
• If you delete your account, we:
  • Delete or irreversibly anonymise gameplay content linked to your account, including transcripts and AI outputs, subject to any legal obligations to keep certain records.
• We may keep aggregated, anonymised statistics derived from gameplay (for example, scenario completion rates) indefinitely, as they no longer identify you.

13.4 Telemetry and Usage Data

Telemetry data (for example, calls made, scenarios started/finished, performance metrics) is used for diagnostics, balancing and abuse detection.

• While your account is active, we retain telemetry linked to your account ID for those purposes.
• After you stop using POTUS, we keep such telemetry for up to 24 months from your last activity.
• After that period, we either:
  • Delete the telemetry; or
  • Retain it only in an aggregated or anonymised form that can no longer be reasonably linked to you.

13.5 Purchase and Economy Data

Purchase and economy data (for example, store receipts, mandate/minutes balances and transaction history) have longer retention due to legal and financial requirements:

• We typically keep these records for at least seven (7) years from the end of the relevant financial year, or longer if required by local law.
• Where possible after account deletion, we:
  • Minimise or pseudonymise identifiers in these records; and
  • Keep only what we genuinely need for tax, accounting, audits, fraud prevention or legal claims.

13.6 Technical Logs and AI Request Logs

Technical logs include:

• Server logs and error traces.
• AI request and response logs that are not directly part of stored gameplay.

We keep most of these for relatively short periods, typically 30–90 days, to:

• Diagnose issues and incidents.
• Monitor security and performance.
• Generate aggregate statistics.

Where a particular log is needed for a longer period (for example, in the context of a security incident or legal claim), we may retain it for as long as necessary.

13.7 Backups

We maintain encrypted backups of our systems:

• Backups are typically retained on a rolling basis and overwritten after a certain period (for example, around 35 days, depending on our backup schedule).
• When you delete your account or we delete data at your request, the live data is removed or anonymised; residual copies may remain in backups until those backups are overwritten.
• We restrict access to backups and only use them for disaster recovery and similar purposes.

14. Sharing of Information with Third Parties

We do not sell your personal data and we do not share it with third parties for their own advertising purposes. We do share data with certain categories of third parties where this is necessary to provide POTUS, comply with the law, or protect our rights.

14.1 Service Providers and Sub-Processors

We work with service providers who process data on our behalf ("sub-processors"). These include:

• Infrastructure providers – cloud hosting, content delivery networks and database services (for example, Supabase and cloud platforms).
• AI and voice providers – such as model vendors and ElevenLabs.
• Analytics and monitoring services – limited to those acting as processors and not allowed to use data for their own advertising.
• Professional service providers – such as accountants, auditors and legal advisers.

We require these providers by contract to:

• Use appropriate technical and organisational security measures.
• Process personal data only on our documented instructions.
• Not use personal data for their own independent advertising or profiling purposes.

A current list of our main sub-processors is provided at https://stratara.ai/legal/potus/subprocessors.

14.2 Platform and Payment Providers

We share certain data with platform and payment providers, primarily:

Apple (App Store) – for:

• Verifying in-app purchases and subscriptions.
• Managing refunds and disputes.
• Complying with platform terms and requirements.

Apple may also process some information as a controller under its own privacy policy (for example, your Apple ID, device info, and payment details).

14.3 Legal and Regulatory Recipients

We may disclose information to third parties where we reasonably believe it is necessary to:

• Comply with a law, regulation, legal process or enforceable governmental request.
• Enforce our Terms of Use or other agreements with you.
• Protect the safety, rights or property of Stratara, our users or the public.

Where legally allowed, we will:

• Consider whether the request is sufficiently narrow and justified; and
• Attempt to notify you, unless doing so would be illegal or clearly counter-productive (for example, in case of an emergency or court order prohibiting notification).

14.4 Business Transfers

If Stratara is involved in a merger, acquisition, restructuring or asset sale involving the POTUS product:

• Personal data may be transferred as part of that transaction, subject to appropriate confidentiality and security safeguards.
• We will ensure that any successor entity will continue to honour this Privacy Policy or will provide an equivalent level of protection.

Where required by law or if the change is significant, we will notify you and may offer options (for example, account deletion) before the transfer becomes effective.

14.5 Aggregated and Anonymised Data

We may share or publish aggregated, anonymised data that does not reasonably identify individuals, for example:

• Statistics on how many users completed a given scenario.
• Overall difficulty and performance metrics.
• General technical performance data.

This type of data is not considered personal data once it has been anonymised, and may be used without further notice.

15. Your Rights and Choices

Depending on where you live, you may have certain rights regarding your personal data. We try to make these rights available in a consistent way, even where not strictly required by local law, but some details and legal bases can differ.

You can exercise your rights by:

• Using in-app controls where available (for example, account deletion).
• Contacting us at [email protected].

We may need to verify your identity before fulfilling certain requests.

15.1 Rights for EEA and UK Users

If you are in the EEA or UK, you have the following rights under data protection law:

Right of access

You can request confirmation of whether we process your personal data, and receive a copy of that data, along with certain information about how we use it.

Right to rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to erasure

You can ask us to delete your personal data in certain circumstances, for example where it is no longer needed for the original purpose and we have no other legal reason to keep it.

Right to restriction of processing

You can ask us to restrict the processing of your data in certain cases, for example while we are verifying its accuracy or considering an objection you raised.

Right to data portability

You can request a copy of certain personal data in a structured, commonly used, machine-readable format, and ask us to transfer it to another controller where technically feasible.

Right to object

You can object, on grounds relating to your particular situation, to our processing of your data where we rely on legitimate interests as the legal basis. We will then stop processing unless we have compelling legitimate grounds or need the data for legal reasons.

Right to withdraw consent

Where we process personal data based on your consent (for example, certain voice and sensitive data uses), you can withdraw that consent at any time. This will not affect processing that has already taken place, but it may mean we can no longer provide some or all of the game features.

Right to lodge a complaint

You can lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection law. We would, however, appreciate the chance to address your concerns first.

Information on how to contact your supervisory authority is generally available on that authority's website.

15.2 Rights for US/California Users

If you are a California resident, you have certain rights under the California Consumer Privacy Act ("CCPA"), as amended by the CPRA, including:

Right to know

You can ask us to disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.

Right to deletion

You can request that we delete personal information we have collected about you, subject to certain exceptions (for example, where we need it to complete a transaction, detect security incidents, or comply with legal obligations).

Right to correct

You can request that we correct inaccurate personal information we hold about you.

Right to non-discrimination

We will not discriminate against you for exercising your CCPA rights, for example by denying you access to POTUS or offering you a different level or quality of service, except where a difference is reasonably related to the value provided by your data (as allowed by law).

Right to opt out of sale or sharing

You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioural advertising.

We do not sell your personal information, and we do not share it with third parties for cross-context behavioural advertising.

Consequently, we do not offer a "Do Not Sell or Share My Personal Information" link, because we do not engage in these practices.

If you submit a request under CCPA, we may ask you to verify your identity (for example, by confirming account details). You may also designate an authorised agent to submit a request on your behalf, subject to verification.

15.3 Exercising Your Rights

You can exercise your rights by:

• Using in-app tools such as the Delete Account function; and/or
• Contacting us at [email protected] with a clear description of your request.

We will:

• Respond within the timeframes required by law (for example, usually one month under the GDPR, extendable where permitted, or 45 days under CCPA).
• Explain if we cannot fully comply with your request (for example, because we must retain certain data for legal reasons).

We may reject requests that are:

• Excessive or clearly unfounded; or
• Not reasonably verifiable as coming from the correct user.

16. Account Deletion

You can delete your POTUS account at any time.

16.1 How to Delete Your Account

We provide an in-app Delete Account option in the game's settings (or an equivalent mechanism). When you trigger this:

• You will be asked to confirm that you want to delete your account and understand the consequences (including loss of game progress and entitlements).
• Once confirmed, we start the deletion process for your account and associated data.

If you are unable to access your account (for example, because you lost access to your email), you can contact us at [email protected] and we will provide instructions, subject to identity verification.

16.2 What Happens When You Delete Your Account

When your account is deleted:

We delete or irreversibly anonymise:

• Your account profile (email, account ID and settings).
• Gameplay content linked to your account, including:
  • Scenarios and progress.
  • Transcripts of calls and text conversations with AI advisors.
  • AI-generated summaries, scores and world events associated with your account.
• Telemetry data linked to your account, subject to the retention principles described above.

We may retain:

• Purchase and economy records needed for tax, accounting, fraud prevention and dispute resolution for the legally required retention periods (usually up to 7 years).
• Data needed to demonstrate compliance with your deletion request (for example, a record that your account was deleted on a certain date, without retaining the underlying content).

We will not use any retained data to provide further game functionality to you.

16.3 Backups and Residual Copies

Even after account deletion:

• Residual copies of some data may remain in backups for a limited period until those backups are overwritten in the ordinary course of operations.
• During that period, backups are stored securely and are not actively processed except for disaster recovery.
• If it becomes necessary to restore a backup that still contains your deleted data (for example, after a major incident), we will re-apply deletion where technically feasible.

17. Security

We take appropriate steps to protect your personal data from unauthorised access, use or disclosure.

17.1 Technical Measures

Our technical measures include:

Encryption in transit

• Communications between your device and our servers, and between our servers and AI/voice providers, are typically protected using HTTPS/TLS.

Encryption at rest

• Where feasible, we use encryption or equivalent protections for stored data (for example, database encryption, encrypted storage volumes).

Access controls

• Personal data is accessible only to authorised personnel and service accounts that need it to operate, improve or secure POTUS.
• We follow a least-privilege principle: access is granted at the minimum level necessary.

Logging and monitoring

• We log certain access and operations, and monitor for unusual activity or potential security incidents.
• We apply security updates and patches to our infrastructure as needed.

17.2 Organisational Measures

Our organisational measures include:

• Restricting access to personal data to staff who need it for their role.
• Using confidentiality obligations in staff and contractor agreements.
• Providing guidance and internal rules on how to handle user data securely.

17.3 No Absolute Security Guarantee

No system can be guaranteed to be 100% secure. While we work hard to protect your data, we cannot promise that unauthorised access, hacking, data loss or other breaches will never occur.

17.4 Data Breach Notification

If we become aware of a data breach affecting your personal data that is likely to result in a high risk to your rights and freedoms, we will:

• Take prompt steps to contain and investigate the incident.
• Notify relevant regulators where required by law (for example, generally within 72 hours under the GDPR for certain breaches).
• Notify affected users without undue delay where the law requires it, and provide information about:
  • What happened.
  • The type of data involved.
  • Steps we have taken and recommend you take.

18. Sub-Processors and Changes to Vendors

We rely on a number of third-party vendors (sub-processors) to operate POTUS. We want this to be transparent so you know who may be processing your data.

18.1 Sub-Processor List

We maintain a current list of our key sub-processors at:

https://stratara.ai/legal/potus/subprocessors

This list includes, for each sub-processor:

• Name and general role (for example, "cloud infrastructure provider", "AI model provider", "auth/database provider").
• General categories of personal data processed.
• General location or region where processing occurs.

18.2 Adding or Changing Sub-Processors

We may need to add, remove or change sub-processors as our infrastructure and product evolve. When we do:

• We carefully assess the vendor's security and privacy practices.
• We enter into contracts that include appropriate data protection obligations.
• We update the sub-processor list to reflect the change.

Where a change represents a material increase in risk to your privacy (for example, adding a new category of vendor that processes large volumes of personal data), we will:

• Update this Privacy Policy to reflect the change; and
• Provide additional notice where required by law (for example, via in-app notification or email).

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes to POTUS or our data practices.
• New legal or regulatory requirements.
• Feedback from players or regulators.

19.1 How We Inform You

When we change the policy, we will:

• Update the "Last updated" date at the top.
• For material changes (for example, introducing new types of data processing or new categories of recipients), we will provide a more prominent notice, which may include:
  • An in-app notification.
  • An email to your registered address (where appropriate).

19.2 Your Continued Use

If you continue to use POTUS after a revised Privacy Policy takes effect:

• We will treat that as your acceptance of the updated policy, to the extent permitted by law.

If you do not agree with the changes:

• You should stop using POTUS and, if you wish, use the in-app Delete Account function; and
• You may contact us at [email protected] if you have questions or concerns about the changes.