Privacy Policy
Effective date: May 17, 2026
Striggo helps teams turn changing knowledge into practical training. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website, use our platform, communicate with us, or take part in training delivered through Striggo.
1. Who we are
Striggo is provided by Go Huge AB, company registration number 5590416243, with registered address at Karin Boyes Gata 7, 411 11 Gothenburg, Sweden.
For privacy questions, contact us at [email protected].
2. When this policy applies
This policy applies to personal data processed by Striggo when:
- you visit our website;
- you create or use a Striggo account;
- you communicate with us;
- you receive training through Striggo;
- you use Striggo to create, publish, manage, or follow up on training.
Where a customer uses Striggo to train its team, the customer normally decides why and how learner data is processed. In that case, the customer is the data controller and Striggo acts as a processor. Striggo processes that data on the customer’s instructions and under a Data Processing Agreement.
For data we process for our own purposes, such as account administration, billing, website analytics, security, support, and product improvement, Striggo acts as controller.
3. Personal data we collect
We collect different categories of personal data depending on how Striggo is used.
Website visitors
- IP address
- device and browser information
- pages visited
- referral source
- cookie and analytics data, where permitted
Customer contacts and account users
- name
- work email address
- company name
- role or title
- login details
- account settings
- subscription and billing information
- support communications
Learners
Learners can access training without creating a Striggo account. When a learner receives or completes training through Striggo, we may process:
- work email address
- course assignments
- completion status
- quiz answers and scores
- time spent
- learning activity and progress
- feedback or responses submitted through the platform
- email delivery and interaction data related to training invitations and reminders
Customer Content
Customers may upload or create training material, including internal documents, prompts, course drafts, quiz content, learner responses, and related business information.
Customer Content may contain personal data if the customer chooses to include it. Customers are responsible for ensuring that they have the right to upload and use that content in Striggo.
4. How we use personal data
We use personal data to:
- provide and operate Striggo;
- create, edit, publish, and deliver training;
- send training invitations, reminders, and service messages;
- track course completion, quiz results, time spent, and other training activity;
- manage accounts, subscriptions, billing, and customer relationships;
- provide support and respond to requests;
- maintain security, prevent abuse, and troubleshoot issues;
- improve Striggo and understand how the service is used;
- send relevant product and service communications;
- comply with legal obligations.
5. Legal bases
Where Striggo acts as controller, we rely on one or more of the following legal bases:
| Purpose | Legal basis |
|---|---|
| Providing Striggo to customers | Contract |
| Account administration and support | Contract or legitimate interest |
| Billing and accounting | Contract and legal obligation |
| Security, abuse prevention, and service monitoring | Legitimate interest |
| Product improvement and analytics | Legitimate interest or consent, depending on context |
| Marketing communications | Legitimate interest or consent, where required |
| Legal compliance | Legal obligation |
Where Striggo acts as processor, the customer is responsible for identifying the applicable legal basis.
6. AI processing
Striggo uses AI to create editable training drafts from customer prompts, uploaded documents, or a combination of both.
Striggo uses Google / Gemini API as an AI service provider. Prompts, uploaded content, and related Customer Content may be sent to Google / Gemini API to generate course material, summaries, questions, explanations, and related outputs.
AI is part of the Striggo service. Customers cannot opt out of AI processing and Striggo cannot be used without AI.
AI-generated content should be reviewed before it is published. Striggo helps create drafts. The customer decides what is correct, suitable, and ready to publish.
Striggo does not use Customer Content to train AI models. Striggo does not permit third-party AI providers to use Customer Content to train foundation models unless the customer has expressly agreed to it.
AI outputs are stored as part of Customer Content where needed for the product to function.
7. Cookies and analytics
We use necessary cookies to operate our website and service.
We may also use analytics or marketing cookies to understand website use and improve our communication. Where required, we ask for consent before placing non-essential cookies. You can change or withdraw your cookie choices through our cookie banner where available, or by adjusting your browser settings.
A separate Cookie Policy may provide more detail about the cookies we use, their purpose, duration, and provider.
8. Sharing personal data
We share personal data only where needed to provide, secure, support, or improve Striggo, or where required by law.
Recipients may include:
- hosting and infrastructure providers;
- AI service providers;
- email and notification providers;
- payment and billing providers;
- website and product analytics providers, where used;
- customer support tools, where used;
- professional advisers;
- public authorities, where legally required.
We do not sell personal data.
A current list of subprocessors and relevant service providers is available at Subprocessors.
9. International transfers
We aim to process personal data within the EU/EEA where possible. Striggo hosts its platform and database with netcup GmbH in Germany / EU.
Some providers, including Google / Gemini API, Postmark, Stripe, and Pexels, may process data outside the EU/EEA depending on how their services are provided.
Where personal data is transferred outside the EU/EEA, we use appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses, data processing agreements, and additional safeguards where required.
10. How long we keep personal data
We keep personal data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required by law.
Typical retention periods:
| Data type | Retention |
|---|---|
| Account and customer contact data | During the customer relationship and up to 24 months after the account is closed, unless longer retention is required for legal, accounting, security, or dispute purposes |
| Billing and accounting records | Seven years after the end of the calendar year in which the financial year ended, or longer if required by law |
| Support communications | Up to 24 months after the matter is closed, unless longer retention is needed for legal, security, or dispute purposes |
| Customer Content | During the subscription. After termination, Customer Content is deleted from active systems within 90 days unless export, retention, or legal preservation is required. Backups are overwritten or deleted according to Striggo’s backup cycle, normally within 180 days |
| Learner activity data | During the subscription and then according to the customer’s instructions, the Terms, and the DPA |
| Security logs | Normally up to 12 months, unless longer retention is needed for security, abuse prevention, or legal reasons |
| Website analytics | Normally up to 14 months, where analytics are used |
| Marketing contacts | Until you opt out, or up to 24 months after the last meaningful interaction with us |
Customers may request deletion or export of Customer Content according to the Terms and DPA.
11. Security
We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, and disclosure.
These measures may include access controls, encryption in transit, secure hosting, backups, logging, vendor review, internal access restrictions, and confidentiality routines.
No system is completely secure. If we become aware of a personal data breach, we will handle it according to applicable law and our contractual obligations.
12. Your rights
Depending on the situation and applicable law, you may have the right to:
- access your personal data;
- correct inaccurate personal data;
- request deletion;
- restrict or object to processing;
- receive a copy of your data;
- withdraw consent where processing is based on consent;
- lodge a complaint with a data protection authority.
The Swedish supervisory authority is Integritetsskyddsmyndigheten (IMY).
If your employer or another organisation provided you access to Striggo, that organisation may be the controller of your learner data. In that case, we may refer your request to that organisation.
13. Marketing
We may send product updates, service information, or relevant communications to business contacts. You can opt out of marketing communications at any time. Service-related messages may still be sent where needed to provide Striggo.
14. Children and high-risk use
Striggo is intended for business use and is not directed at children or individuals under 18.
Customers must not use Striggo to process children’s data, special category data, criminal offence data, protected health information, payment card data, government identifiers, or other sensitive or regulated data unless expressly agreed with Striggo in writing.
Striggo is not designed for healthcare, legal, financial, safety-critical, or other regulated decision-making.
15. Changes to this policy
We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify customers.