Last Updated: January 15, 2026
StratInvest is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our website, services, and investment programs. By accessing our website or using our services, you consent to the data practices described in this policy.
StratInvest operates as the data controller for all personal information collected through this website and our investment advisory services. We are registered as an investment advisory firm and comply with applicable financial services regulations and data protection laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy frameworks. Our legal entity name is StratInvest Wealth Management LLC, and we are headquartered at 350 Fifth Avenue, Suite 4820, New York, NY 10118, United States. For all privacy-related inquiries, you may contact our Data Protection Officer at [email protected] or by mail at the address above. We take our responsibility as a data controller seriously and have implemented comprehensive policies and technical safeguards to ensure the confidentiality, integrity, and security of your personal information.
We collect various categories of personal data depending on how you interact with our website and services. The types of data we collect include:
We collect personal data through multiple channels and methods:
Direct Interactions: You provide information directly when you complete contact forms, request consultations, open investment accounts, submit applications for our programs, sign service agreements, communicate with our advisors via email or phone, attend webinars or events, or subscribe to our newsletters and educational content. Account opening procedures require comprehensive information collection to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations mandated by financial regulators.
Automated Technologies: Our website uses cookies, web beacons, and similar tracking technologies to collect technical and usage data automatically. We deploy Google Analytics to understand visitor behavior and improve user experience. The analytics service collects data about page views, session duration, bounce rates, and traffic sources. We also use tracking pixels to measure email campaign effectiveness and website conversion rates. These automated collection methods help us optimize our website performance and tailor content to user interests.
Third-Party Sources: We may receive personal information from credit reporting agencies when conducting financial suitability checks, from data enrichment services that provide demographic and interest-based information to enhance our understanding of client needs, from publicly available sources such as business registries and professional directories, and from third-party platforms like LinkedIn when you connect your profile or engage with our social media content. We also receive information from our custodian partners and clearing firms regarding account activity and transaction confirmations.
Document Uploads: When you upload documents through our secure client portal including tax returns, bank statements, estate planning documents, or investment statements from other firms, we collect the information contained within those documents. All document uploads occur through encrypted connections and are stored on secure servers with restricted access controls.
Under the General Data Protection Regulation, we must have a lawful basis to process your personal data. We rely on the following legal grounds:
Consent (Article 6(1)(a)): For marketing communications, newsletter subscriptions, and non-essential cookies, we obtain your explicit consent before processing your data. You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal. Consent withdrawal can be completed through unsubscribe links in emails, cookie preference settings, or by contacting our privacy team directly.
Contract Performance (Article 6(1)(b)): Processing your data is necessary to perform our investment advisory services contract with you. This includes account opening, portfolio management, executing trades, providing performance reports, conducting suitability reviews, and delivering the financial planning services you have engaged us to provide. Without this data processing, we cannot fulfill our contractual obligations to you as your investment advisor.
Legal Obligation (Article 6(1)(c)): We are required by law to collect and retain certain personal information to comply with financial services regulations including SEC registration requirements, FINRA rules, anti-money laundering laws, tax reporting obligations, and customer identification program requirements under the USA PATRIOT Act. These legal obligations mandate specific data collection and retention practices that we must follow regardless of other processing grounds.
Legitimate Interests (Article 6(1)(f)): We process certain data based on our legitimate business interests including fraud prevention and security monitoring, website analytics and improvement, internal administration and record-keeping, client relationship management, and business development activities. We conduct balancing tests to ensure our legitimate interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests.
We use your personal information for the following specific purposes:
Service Delivery: To provide investment advisory services, manage your portfolio according to your investment objectives and risk tolerance, execute securities transactions, monitor account performance, conduct periodic suitability reviews, generate performance reports, process account withdrawals and contributions, coordinate with custodians and clearing firms, and provide ongoing client support through your dedicated advisor. These core services require comprehensive use of your financial and personal information to meet our fiduciary duty as your registered investment advisor.
Client Communication: To respond to your inquiries and consultation requests, schedule and conduct meetings with wealth advisors, send account statements and confirmations, provide market updates and portfolio commentary, deliver educational content and research reports, notify you of important account changes or required actions, and facilitate communication between you and your advisory team. We maintain records of all client communications for compliance and quality assurance purposes.
Marketing and Business Development: With your consent, we use your data to send newsletters featuring market insights and investment strategies, inform you about new investment programs and services, invite you to educational webinars and client events, share case studies and success stories, conduct satisfaction surveys to improve our services, and provide personalized content recommendations based on your stated interests. You can opt out of marketing communications at any time while continuing to receive essential service-related messages.
Analytics and Website Improvement: To understand how visitors use our website, identify popular content and resources, optimize user experience and navigation, test new features and design elements, analyze traffic sources and conversion paths, measure the effectiveness of our marketing campaigns, and identify technical issues or performance bottlenecks. This analysis helps us create more valuable resources and improve the overall quality of our digital presence.
Compliance and Risk Management: To verify your identity during account opening, conduct anti-money laundering screenings, file required regulatory reports including Form ADV updates and suspicious activity reports, maintain books and records as required by SEC regulations, respond to regulatory examinations and inquiries, detect and prevent fraud or unauthorized account access, enforce our terms of service, and protect the security and integrity of our systems and data. Financial services firms face stringent compliance obligations that necessitate comprehensive data processing and retention.
Legal Proceedings: To establish, exercise, or defend legal claims, comply with court orders and subpoenas, cooperate with law enforcement investigations, and protect our legal rights and those of our clients. We only use personal data for legal purposes when required by law or necessary to protect legitimate legal interests.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and business requirements. Our retention schedule includes:
After the applicable retention period expires, we securely delete or anonymize personal data using industry-standard data destruction methods. In certain cases, we may retain data longer if required by law, to resolve disputes, or to protect legal rights. When retention is based on legitimate interests, we periodically review the necessity and proportionality of continued storage.
We share your personal information with specific categories of third-party service providers and partners to deliver our services effectively. We do not sell your personal data to any third party for their marketing purposes.
Custodians and Clearing Firms: We share client account information with qualified custodians such as Fidelity Investments, Charles Schwab, and Pershing LLC who hold client assets and execute trades on our instructions. These custodians require personal and financial information to open accounts, process transactions, and provide safekeeping of securities. Custodians are highly regulated financial institutions subject to strict data protection and security requirements.
Technology Service Providers: We engage specialized vendors for customer relationship management systems, portfolio accounting and reporting software, cybersecurity and data backup services, website hosting and content delivery networks, email service platforms, and video conferencing tools. These providers access personal data only to the extent necessary to perform their functions and are contractually bound to protect data confidentiality and security.
Analytics and Marketing Services: We share limited data with Google Analytics for website usage analysis, email marketing platforms for newsletter distribution and campaign management, social media advertising platforms for targeted marketing campaigns when you consent, and conversion tracking services to measure marketing effectiveness. These services process data according to their own privacy policies, which we review for compliance with privacy standards.
Professional Advisors: We may share information with lawyers, accountants, auditors, and consultants who provide professional services to our firm. These advisors are bound by professional confidentiality obligations and process data only as necessary to provide their services to us.
Regulatory Authorities: We disclose personal information to the Securities and Exchange Commission, Financial Industry Regulatory Authority, state securities regulators, and other government agencies when required by law or to comply with regulatory examinations, investigations, and enforcement actions. We also respond to valid subpoenas, court orders, and legal process.
Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of all or part of our assets, personal data may be transferred to the acquiring entity. We will notify affected clients of any such transfer and provide information about the new data controller and any changes to privacy practices. You will have the opportunity to exercise your rights under applicable privacy laws in such circumstances.
Our primary data processing activities occur within the United States where our servers and business operations are located. However, some of our service providers operate in other countries, which may result in your personal data being transferred to, stored in, or processed in jurisdictions outside your country of residence. These jurisdictions may have data protection laws that differ from those in your home country.
When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection by the European Commission, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission, Binding Corporate Rules for intra-group transfers, and reliance on derogations for specific situations such as obtaining your explicit consent or necessity for contract performance.
We conduct data protection impact assessments for high-risk transfers and ensure that recipients implement appropriate technical and organizational measures to protect personal data. You have the right to request information about the safeguards we use for international transfers and to obtain copies of relevant transfer mechanisms by contacting our Data Protection Officer at [email protected].
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have comprehensive rights regarding your personal data under the General Data Protection Regulation:
Right of Access (Article 15): You can request confirmation of whether we process your personal data and obtain a copy of that data along with information about how we use it, who we share it with, how long we retain it, and your other rights. We will provide the first copy free of charge, though we may charge a reasonable fee for additional copies.
Right to Rectification (Article 16): You can request correction of inaccurate personal data and completion of incomplete information. We will make corrections promptly and notify third parties who received the inaccurate data unless this is impossible or involves disproportionate effort.
Right to Erasure (Article 17): You can request deletion of your personal data when it is no longer necessary for the purposes collected, you withdraw consent, you object to processing and no overriding legitimate grounds exist, we processed data unlawfully, or erasure is required for legal compliance. This right does not apply when we must retain data to comply with legal obligations, establish or defend legal claims, or fulfill our regulatory recordkeeping requirements.
Right to Restriction of Processing (Article 18): You can request that we limit processing of your personal data when you contest accuracy (during verification), processing is unlawful but you oppose erasure, we no longer need the data but you require it for legal claims, or you have objected to processing (pending verification of our legitimate grounds). When processing is restricted, we will only store your data and process it with your consent or for legal claims, public interest, or protection of rights.
Right to Data Portability (Article 20): You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller when processing is based on consent or contract and carried out by automated means. We will provide data in CSV, JSON, or PDF format as appropriate.
Right to Object (Article 21): You can object at any time to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or we need the data to establish, exercise, or defend legal claims. For direct marketing objections, we will cease processing immediately.
Right to Withdraw Consent: When processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. You can withdraw consent through unsubscribe links, account settings, or by emailing [email protected].
Right to Lodge a Complaint: You have the right to file a complaint with your national data protection authority if you believe we have violated your privacy rights. In the United States, you may also file complaints with the Federal Trade Commission. Contact information for supervisory authorities is available on their respective websites. We encourage you to contact us first so we can attempt to resolve concerns directly.
To exercise any of these rights, please submit a written request to [email protected] or mail us at 350 Fifth Avenue, Suite 4820, New York, NY 10118. We will respond within 30 days and may request identity verification to protect against fraudulent requests. There is no fee to exercise your rights unless requests are manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or refuse to respond.
Our website uses cookies, web beacons, pixels, and similar tracking technologies to enhance user experience, analyze site usage, and deliver personalized content. A cookie is a small text file stored on your device that allows us to recognize your browser and remember certain information.
Essential Cookies: These cookies are strictly necessary for website operation and security. They enable core functionality such as user authentication, session management, load balancing, and security features. Essential cookies cannot be disabled without severely affecting site functionality. Examples include cookies that maintain your login session, remember your cookie preferences, and detect malicious activity. Duration: Session-based or up to 24 hours.
Analytics Cookies: We use Google Analytics to collect aggregated data about website traffic, user behavior, and performance metrics. These cookies track pages visited, time on site, bounce rates, traffic sources, and user flow through the website. The information helps us understand how visitors use our site and identify opportunities for improvement. Google Analytics cookies are subject to Google's privacy policy. We have enabled IP anonymization to protect visitor privacy. Duration: Up to 26 months.
Marketing Cookies: With your consent, we deploy cookies for targeted advertising, campaign tracking, and conversion measurement. These cookies may be set by third-party advertising networks including Google Ads, LinkedIn Campaign Manager, and Facebook Pixel. They track your browsing activity across websites to deliver relevant advertisements and measure campaign effectiveness. You can opt out of personalized advertising through cookie preferences or industry opt-out tools. Duration: Up to 13 months.
Preference Cookies: These cookies remember your choices and settings such as language preferences, font size, region settings, and interface customizations to provide a personalized experience on subsequent visits. Duration: Up to 12 months.
Managing Cookies: You can control cookie settings through our cookie consent banner displayed on your first visit. Most web browsers allow you to refuse cookies or delete existing cookies through browser settings. However, disabling cookies may limit your ability to use certain website features. You can also use browser extensions like Ghostery or Privacy Badger to manage tracking technologies. For more information about cookies and how to manage them, visit www.aboutcookies.org or www.allaboutcookies.org.
We implement comprehensive technical, administrative, and physical security controls to protect personal data against unauthorized access, disclosure, alteration, and destruction. Our security program includes multiple layers of protection:
Technical Safeguards: All data transmission between your browser and our servers occurs over encrypted HTTPS connections using Transport Layer Security (TLS) protocols. Personal data stored in databases is encrypted at rest using AES-256 encryption standards. We deploy firewalls, intrusion detection systems, and malware protection on all servers and endpoints. Multi-factor authentication is required for employee access to systems containing personal data. We conduct regular vulnerability scanning and penetration testing to identify and remediate security weaknesses.
Administrative Controls: Access to personal data is restricted on a need-to-know basis and subject to role-based access controls. Employees receive mandatory data protection and security awareness training annually. We maintain written information security policies covering data handling, incident response, vendor management, and acceptable use. Background checks are conducted on all employees with access to sensitive systems. Confidentiality agreements bind all staff members and contractors.
Physical Security: Our data centers employ 24/7 surveillance, access control systems requiring biometric authentication, redundant power and cooling systems, and fire suppression equipment. Office premises have restricted entry, visitor logs, and security personnel. Physical documents containing personal data are stored in locked cabinets with limited key access.
Incident Response: We maintain a data breach response plan outlining procedures for detecting, containing, investigating, and reporting security incidents. In the event of a personal data breach likely to result in high risk to your rights and freedoms, we will notify affected individuals without undue delay and within 72 hours of breach discovery where feasible. Notifications will include the nature of the breach, likely consequences, and measures taken to address it. We also report breaches to relevant supervisory authorities as required by law.
Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal information from children. Investment advisory services require clients to be legal adults (18 or older in most jurisdictions). If you are a parent or guardian and believe your child has provided personal information to us, please contact [email protected] immediately. Upon verification, we will delete such information from our systems promptly. Some services may be provided to minors through custodial accounts managed by parents or legal guardians, in which case the parent or guardian is responsible for providing necessary consents and managing the minor's data rights.
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. The "Last Updated" date at the top of this policy indicates when the most recent changes were made. Material changes that significantly affect how we process your personal data or your privacy rights will be communicated through prominent notice on our website, email notification to registered users, or other appropriate means at least 30 days before the changes take effect. We encourage you to review this policy regularly to stay informed about how we protect your information. Continued use of our website or services after policy updates constitutes acceptance of the revised terms. If you disagree with changes, you may close your account or stop using our services, though some data retention obligations may continue as described in this policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the following channels:
Data Protection Officer
StratInvest Wealth Management LLC
350 Fifth Avenue, Suite 4820
New York, NY 10118
United States
Email: [email protected]
Phone: +1 (212) 847-3920
We will acknowledge receipt of your inquiry within 2 business days and provide a substantive response within 30 days. For complex requests requiring additional time, we will notify you of the extension and expected completion date. All privacy inquiries are handled confidentially and in accordance with applicable data protection regulations.
Additional Resources
For more information about our business practices and legal agreements, please review: