Launching Soon · 15% Off Waitlist
STRYKSTRYK

Legal

Privacy Policy

Last updated: May 2026

This Privacy Policy explains how STRYK Nutrition (“STRYK,” “we,” “us”) collects, uses, and protects personal data when you visit strykclub.com or interact with our services. STRYK is operated by Roberts Gutmanis, based in Latvia, European Union.

We comply with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and applicable Latvian data protection law.

1. What data we collect

We only collect data you give us voluntarily, plus minimal technical data needed to run the site:

  • Email address — when you join the waitlist or submit the contact form.
  • Name, subject, and message — when you submit the contact form.
  • IP address (temporary) — used solely to rate-limit our chat assistant and prevent abuse. Not stored beyond 24 hours.
  • Chat messages — when you interact with the STRYK Assistant chatbot. Messages are processed in real-time and are not stored on our servers; they are sent to Anthropic for AI processing only.
  • Browser local storage — used to remember if you have already seen our welcome popup. This is strictly necessary for the site to function and does not track you.

We do not use Google Analytics, Facebook Pixel, advertising cookies, or any cross-site tracking.

2. Why we collect it (purpose & legal basis)

  • Waitlist emails — to notify you of our product launch and send your one-time discount. Legal basis: your consent (GDPR Art. 6(1)(a)).
  • Contact form submissions — to reply to your inquiry. Legal basis: consent and legitimate interest (GDPR Art. 6(1)(a) and (f)).
  • Chatbot rate limiting — to prevent abuse, fraud, and runaway costs. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).

3. Third-party processors

Some data is processed by trusted third-party providers under data processing agreements:

  • Formspree (USA) — receives and stores email and contact form submissions. Transfers are covered under EU-US Data Privacy Framework / Standard Contractual Clauses.
  • Anthropic (USA) — processes chatbot messages in real-time. Anthropic does not train models on API submissions by default.
  • Vercel (USA / EU) — hosts the website. Standard server logs (IP, user agent, timestamp) are retained briefly for security and debugging.
  • GitHub (USA) — version control for the website code. Does not receive personal user data.

4. How long we keep it

  • Waitlist emails: until you unsubscribe or request deletion. Deleted within 30 days of request.
  • Contact form messages: up to 24 months after our last interaction, then deleted.
  • IP addresses (chatbot): deleted automatically within 24 hours.
  • Chat messages: not stored on our servers. Anthropic retains transient logs per their policy.

5. Cookies

We do not use marketing or analytics cookies. We use only strictly necessary browser storage (localStorage) to remember if you have dismissed the welcome popup. No consent banner is required for strictly necessary storage under the ePrivacy Directive.

6. Your rights under GDPR

As a data subject in the EU, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure— request deletion of your data (“right to be forgotten”).
  • Restriction — request that we limit how we use your data.
  • Portability — request your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — at any time, without affecting prior processing.
  • Lodge a complaint — with the Latvian Data State Inspectorate (Datu valsts inspekcija) or your local supervisory authority.

To exercise any of these rights, contact us using the methods below. We respond within 30 days.

7. Security

We use HTTPS encryption across the entire site. API keys and credentials are stored in encrypted environment variables. Personal data is transmitted only over encrypted channels to our processors. We follow industry standard security practices but cannot guarantee absolute security of data transmitted online.

8. Children

Our products and services are not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have collected data from a minor, contact us and we will delete it immediately.

9. Changes to this policy

We may update this Privacy Policy as our service evolves. The latest version will always be available on this page with an updated “Last updated” date. Material changes will be communicated where appropriate.

10. Contact us

For any privacy-related question, data request, or complaint, contact us via:

Data Controller: STRYK Nutrition by Roberts Gutmanis, Latvia, European Union.

See also: Terms of Service