Privacy Policy

Last updated: 28 May 2026

1. Who we are

Stricca (“we”, “us”) is operated by Zero One Research s. r. o., IČO 55472524, DIČ 2121997911, with registered office in Bratislava, Slovak Republic. For any privacy question, contact us at support@zerooneresearch.ai. We are the data controller for the personal data described below.

2. What we collect

• Account data — your email address, and (if you sign in with Google or GitHub) your name and avatar.
• Profile & preferences — units, an optional home location, and default route preferences you set.
• Route & location data — the start points, destinations, and routes you generate or save. This can reveal places you visit, so we treat it as personal data.
• Messages — the text you send to the route assistant.
• Technical data — a strictly-necessary session cookie to keep you signed in, and — only if you opt in via the cookie banner — usage analytics (see Microsoft Clarity below). We do not use advertising cookies.

3. How we use it

• To authenticate you and keep you signed in.
• To generate, display, and let you save and revisit running routes.
• To apply your saved preferences.
• To secure the service and prevent abuse.

4. Legal bases

We process your data to perform our contract with you (providing the service you request), on the basis of your consent where required, and for our legitimate interest in keeping the service secure.

5. Third parties we share data with

To deliver features, limited data is processed by:

• Microsoft Azure (Microsoft Ireland Operations Ltd) — hosting, database, and the AI model (Azure AI Foundry) that interprets your route requests. Your request text is sent to this model.
• MailerSend (MailerSend, UAB, Lithuania) — sends your sign-in magic-link emails. We share your email address and the sign-in URL.
• OpenStreetMap Foundation — operates the Nominatim (address / place search) and Overpass (nearby points of interest) servers we query. We send your search terms and the approximate area around your route; we do not send your account or identity.
• Google LLC and GitHub, Inc. — only if you choose to sign in with them. They receive the data the OAuth flow exposes (your email and basic profile).
• Microsoft Clarity (Microsoft Corporation) — optional usage analytics and session replay, active only if you accept analytics in the cookie banner. Clarity records how you interact with the pages (clicks, scrolls, page structure) to help us improve the product. We have configured it without advertising features. See Microsoft’s privacy statement.

The routing engine (GraphHopper) is self-hosted by us within the same Azure region; route generation is not sent to a third-party routing API.

6. International transfers

Data is hosted in Azure North Europe (Republic of Ireland). Where a provider processes data outside the UK/EEA we rely on UK Standard Contractual Clauses and the UK International Data Transfer Addendum (IDTA), or other appropriate safeguards under UK GDPR.

7. Retention

• Account, profile, saved routes, chat history: kept for the life of your account. You can clear chat history at any time from the chat panel, and delete your entire account (with all data) from your profile page.
• Verification tokens (used by the email sign-in flow): valid for 24 hours, then expire and are pruned.
• Server logs (request timestamps, IPs, response codes): retained for up to 30 days for security and abuse monitoring, then rotated.
• Consent records: retained for the life of your account plus 6 years thereafter, as required to evidence GDPR compliance.

8. Your rights

You have the right to access, rectify, erase, restrict, object to, and port your data. Our lead supervisory authority is the Slovak Úrad na ochranu osobných údajov (dataprotection.gov.sk). UK users can also complain to the UK Information Commissioner’s Office (ico.org.uk); other EU/EEA users may complain to their local data protection authority. You can exercise the main rights directly:

• Access & portability — export everything we hold on you as JSON from your profile page.
• Erasure — delete your account (and all associated data) from your profile page.
• Rectification — edit your preferences any time, or contact us.

9. Cookies

We use a single strictly-necessary cookie to maintain your signed-in session. If — and only if — you accept analytics in the cookie banner, Microsoft Clarity additionally sets analytics cookies (_clck, _clsk) to distinguish sessions. No advertising or cross-site tracking cookies are used. To withdraw analytics consent, clear this site’s stored data in your browser (the banner will ask again), or contact us.

10. Changes

We may update this policy; the “last updated” date will change accordingly.

11. Children

Stricca is not intended for users under the age of 13. We do not knowingly collect personal data from children under 13. If you are between 13 and 17, you may use Stricca only with the consent of a parent or legal guardian. If you believe we have collected data from a child under 13 in error, please contact us and we will delete it promptly.

12. Contact

Questions or requests: support@zerooneresearch.ai.