Terms and Conditions

Here's the short version

• Striae is for eligible forensic professionals and users must be 18 or older.
• You are responsible for your account security and all activity under your account.
• You keep control of your uploaded Data, and you should maintain your own backups.
• Striae is a technical tool only and does not provide legal, investigative, or expert opinions or conclusions. All interpretive, evidentiary, and reporting decisions are solely Your responsibility.
• Do not upload unlawful, harmful, infringing, or abusive content.
• The Service is provided "AS IS," and liability is limited to the extent allowed by law.
• If any term conflicts with applicable open-source license terms for bundled components, those license terms (including Apache License 2.0) control for those components.

This summary is provided for convenience only. The full Terms below are the governing legal agreement.

Code of Responsible Use

Use With Integrity and Professionalism

• Use Striae solely for legitimate forensic purposes in casework, research, or training supported by your organization.
• Ensure annotations and findings reflect honest and unbiased evaluation, aligned with accepted professional standards and practices in forensic firearms examination.

Respect Confidentiality and Privacy

• Protect all uploaded images, case files, and reports as confidential casework materials; never share sensitive data outside authorized channels.
• Comply with all legal, regulatory, and institutional policies for data privacy and chain-of-custody when using Striae.

Maintain Data Security

• Log in only through secure, authorized methods and never share your access credentials.
• Promptly report any suspected security concerns or breaches using the in-app support features.

Accuracy in Annotation and Reporting

• Use the image annotation and comparison features carefully; double-check your work before saving data and finalizing reports.
• Ensure reports generated by Striae are accurate, clearly labeled, and only distributed to individuals authorized to access them.
• You are solely responsible for the accuracy, sufficiency, and legal adequacy of any reports or conclusions derived from Your use of the Service.

Accountability and Continuous Improvement

• Regularly review and update your use of Striae’s features as new improvements are released.
• Share constructive feedback and participate in community feature discussions to help improve Striae’s effectiveness for all users.

Fair and Lawful Use

• Do not use Striae for unauthorized surveillance, personal interest, or any unlawful activity.
• Never attempt to reverse-engineer or bypass security features protecting the application or user data.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of these Terms and Conditions:

• Application means the software program provided by the Company downloaded or accessed by You on any electronic device, named Striae

• Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

• Account means a unique account created for You to access Our Service or parts of Our Service.

• Agency Accounts means paid annual Service plans purchased by agencies, laboratories, or companies, which may include dedicated hosting, customization options, unlimited user seats, and priority support as described in these Terms.

• Country refers to: United States

• Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Striae, owned and operated by The Stephenson Jack Lu Living Trust, https://striae.org.

• Data refers to content such as text, images, or other information that can be posted, uploaded, linked to or otherwise made available by You, regardless of the form of that content.

• Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

• Feedback means feedback, innovations or suggestions sent by You regarding the attributes, performance or features of Our Service.

• Service refers to the Application.

• Terms and Conditions (also referred as "Terms") mean these Terms and Conditions that form the entire agreement between You and the Company regarding the use of the Service.

• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Acknowledgment

These are the Terms and Conditions governing the use of this Service and the agreement that operates between You and the Company. These Terms and Conditions set out the rights and obligations of all users regarding the use of the Service.

Your access to and use of the Service is conditioned on Your acceptance of and compliance with these Terms and Conditions. These Terms and Conditions apply to all visitors, users and others who access or use the Service.

By accessing or using the Service You agree to be bound by these Terms and Conditions. If You disagree with any part of these Terms and Conditions then You may not access the Service.

You represent that You are over the age of 18. The Company does not permit those under 18 to use the Service.

Your access to and use of the Service is also conditioned on Your acceptance of and compliance with the Privacy Policy of the Company. Our Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your personal information when You use the Application or the Website and tells You about Your privacy rights and how the law protects You. Please read Our Privacy Policy carefully before using Our Service.

Eligibility: Access to Striae is limited to individuals currently employed by a forensic laboratory, forensic-related company, or through a pre-arranged agreement. By creating an Account, You confirm that You meet this requirement and may be asked to verify Your employment.

If You access the Service on behalf of an employer or agency, You represent and warrant that You are authorized to bind that organization to these Terms, and "You" will refer to both You and that organization.

Account Creation: In order to use the Service, You must create an account. You agree to provide accurate, current and complete information during the registration process and to update such information to keep it accurate, current and complete.

No Social Media Connection: Striae does not connect to, integrate with, or otherwise interact with any external social media platforms.

User Accounts

When You create an account with Us, You must provide Us information that is accurate, complete, and current at all times. Failure to do so constitutes a breach of the Terms, which may result in immediate termination of Your account on Our Service.

You are responsible for safeguarding the password that You use to access the Service and for any activities or actions under Your password.

You agree not to disclose Your password to any third party. You must notify Us immediately upon becoming aware of any breach of security or unauthorized use of Your account.

You may not use as a username the name of another person or entity or that is not lawfully available for use, a name or trademark that is subject to any rights of another person or entity other than You without appropriate authorization, or a name that is otherwise offensive, vulgar or obscene.

Account Types

Free Base Access Forever

• Individuals may register for a free Striae account at no cost.
• Free accounts include core platform functionality, standard file storage limits, and basic customer support through email or in-app contact forms.
• Free accounts do not include, and have no entitlement to, any Agency Account features, customizations, or service levels, even if such features are visible or described in Striae documentation.
• Customizations, priority support, and administrative controls are not available on free accounts.

Agency/Company Plans

• Agencies, laboratories, or companies may purchase paid annual plans.
• Agency Accounts are intended for organizational use. Agencies are responsible for managing access and permissions for their personnel and for all activity under their Agency Account.
• Agency Accounts include dedicated hosting on a custom Striae subdomain (for example, https://agencyname.striae.org), deep customization options, unlimited user seats, and access to priority support.
• Customization options include report formatting, UI branding elements, file upload limit changes, or similar low-impact feature requests. Requests that significantly alter or disrupt platform functionality may be declined at Striae's sole discretion.

Fees and Payment

• All Agency plan fees are non-refundable unless otherwise required by law.
• Paid fees are non-cancellable and non-refundable, including in the event of early termination by You, except where a refund is required by applicable law.
• A 10% non-refundable deposit is required to initiate Agency setup and customization.
• The remaining balance is due upon completion of customization and must be paid in full before access is granted to the hosted instance.
• Invoices will be sent for both the deposit and final payment; payments must be received according to invoice terms before deployment.
• Access or services may be withheld if invoices remain unpaid.

Development and Customization Process

• Striae developers will schedule progress meetings with agency representatives to review interface previews, customization progress, and feedback.
• Agencies must provide timely feedback and approval to avoid delays.
• Delays caused by lack of communication or late payments may extend the delivery timeline.

Data and Content Ownership for Agency Accounts

• Agencies and users retain ownership of the data, files, and annotations uploaded to their respective Striae environments.
• Striae may process and store data solely for the purpose of operating and improving the Service.
• Striae will not disclose or share customer data with third parties except as required by law.

For general Data handling, prohibited content, and data restrictions, see the Data section below.

For account termination and suspension terms, see the Termination section below.

For warranty disclaimers and limitation of liability, see the "AS IS" and "AS AVAILABLE" Disclaimer and Limitation of Liability sections below.

For updates to these Terms, see the Changes to These Terms and Conditions section below.

Service Level and Maintenance

Striae will use commercially reasonable efforts to maintain availability of the Service, excluding periods of Scheduled Maintenance or Emergency Maintenance.

Scheduled Maintenance

Striae may perform routine maintenance from time to time. When Scheduled Maintenance is expected to materially impact access or functionality, Striae will post a prominent notice on the Striae front page and/or login screen indicating the maintenance window and the expected impact on availability. Striae will typically provide at least 24 hours' notice for Scheduled Maintenance that is expected to result in downtime, but may provide shorter notice where the impact is minimal.

Emergency Maintenance

If Striae must perform Emergency Maintenance (for example, to address security, stability, or performance issues), Striae may do so immediately and without prior notice. In such cases, Striae will post a front-page notice as soon as reasonably practicable describing the nature of the disruption and an estimated timeline for restoration of service.

Duration and Communication

For both Scheduled and Emergency Maintenance, Striae will use commercially reasonable efforts to: (a) clearly indicate the anticipated start time and duration of the maintenance window in the front-page notice; and (b) update the notice if timelines change significantly or when the Service has been fully restored.

Nothing in this section guarantees uninterrupted or error-free operation, and any uptime or performance descriptions are targets only unless expressly stated otherwise in a separate written SLA signed by Striae.

Confidentiality

Confidential Information

"Confidential Information" means any non-public information disclosed by either party to the other that is identified as confidential or that should reasonably be understood to be confidential under the circumstances, including, for agencies and organizations, any case-related forensic data, investigative materials, annotations, internal reports, or workflow configurations stored or processed within Striae.

Obligations

Each party agrees to: (a) use the other party's Confidential Information solely for purposes of performing these Terms and using or providing the Service; and (b) protect the Confidential Information using at least the same degree of care it uses to protect its own similar information, but no less than a reasonable degree of care.

You acknowledge that Striae may use third-party hosting and service providers (such as cloud infrastructure and authentication providers) to process Confidential Information and Data solely as necessary to provide and support the Service, subject to appropriate contractual and technical safeguards.

Exceptions

Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was lawfully known to the receiving party before disclosure; (c) is independently developed by the receiving party without use of or reference to the disclosing party's Confidential Information; or (d) is rightfully received from a third party without confidentiality obligations.

Required Disclosure

A party may disclose Confidential Information to the extent required by law, regulation, or valid court order, provided it (where legally permitted) gives reasonable prior notice to the other party and cooperates, at the other party's expense, in any effort to limit or challenge such disclosure.

Data

Data Restrictions

The Company is not responsible for the content of the Service's users. You expressly understand and agree that You are solely responsible for the Data and for all activity that occurs under Your account, whether done so by You or any third person using Your account.

You may not transmit any Data that is unlawful, offensive, upsetting, intended to disgust, threatening, libelous, defamatory, obscene or otherwise objectionable. Examples of such objectionable Data include, but are not limited to, the following:

• Unlawful or promoting unlawful activity.
• Defamatory, discriminatory, or mean-spirited content, including references or commentary about religion, race, sexual orientation, gender, national/ethnic origin, or other targeted groups.
• Spam, machine – or randomly – generated, constituting unauthorized or unsolicited advertising, chain letters, any other form of unauthorized solicitation, or any form of lottery or gambling.
• Containing or installing any viruses, worms, malware, trojan horses, or other content that is designed or intended to disrupt, damage, or limit the functioning of any software, hardware or telecommunications equipment or to damage or obtain unauthorized access to any Data or other information of a third person.
• Infringing on any proprietary rights of any party, including patent, trademark, trade secret, copyright, right of publicity or other rights.
• Impersonating any person or entity including the Company and its employees or representatives.
• Violating the privacy of any third person.
• False information and features.

The Company reserves the right, but not the obligation, to, in its sole discretion, determine whether or not any Data is appropriate and complies with these Terms, refuse or remove this Data. The Company can also limit or revoke the use of the Service if You submit such objectionable Data.

You are solely responsible for ensuring that Your use of the Service, including any storage or processing of case-related materials, complies with all applicable laws, rules of evidence, court orders, protective orders, and accreditation or institutional requirements.

Data Integrity

Except for automated processing that is technically necessary for storage, transmission, resizing, compression, or display, the Company will not edit the substantive contents of Your Data. The role of Striae is to store, display, and make Your Data accessible to You, and You remain in control of its substantive content.

Data Backups

The Company does not perform local or customer-specific backup services for Your Data. Data and images are stored through cloud infrastructure providers (including Cloudflare R2, KV, and Images), and the Company does not guarantee that any backup, replication, or recovery copy will be available, correct, or complete.

Corrupt or invalid Data uploads may be caused by, without limitation, Data that is corrupted prior to being uploaded or that changes during the time an upload is performed.

The Company will provide support and attempt to troubleshoot any known or discovered issues that may affect Data. But You acknowledge that the Company has no liability related to the integrity of Data or the failure to successfully restore Data to a usable state.

You agree to maintain a complete and accurate copy of any Data in a location independent of the Service.

Copyright Policy

Intellectual Property Infringement

We respect the intellectual property rights of others. It is Our policy to respond to any claim that Data posted on the Service infringes a copyright or other intellectual property infringement of any person.

If You are a copyright owner, or authorized on behalf of one, and You believe that the copyrighted work has been copied in a way that constitutes copyright infringement that is taking place through the Service, You must submit Your notice in writing to the attention of Our copyright agent via email at info@striae.org and include in Your notice a detailed description of the alleged infringement.

You may be held accountable for damages (including costs and attorneys' fees) for misrepresenting that any Data is infringing Your copyright.

DMCA Notice and DMCA Procedure for Copyright Infringement Claims

You may submit a notification pursuant to the Digital Millennium Copyright Act (DMCA) by providing Our Copyright Agent with the following information in writing (see 17 U.S.C 512(c)(3) for further detail):

• An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright's interest.
• A description of the copyrighted work that You claim has been infringed, including the URL (i.e., web page address) of the location where the copyrighted work exists or a copy of the copyrighted work.
• Identification of the URL or other specific location on the Service where the material that You claim is infringing is located.
• Your address, telephone number, and email address.
• A statement by You that You have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law.
• A statement by You, made under penalty of perjury, that the above information in Your notice is accurate and that You are the copyright owner or authorized to act on the copyright owner's behalf.

You can contact Our copyright agent via email at info@striae.org. Upon receipt of a notification, the Company will take whatever action, in its sole discretion, it deems appropriate, including removal of the challenged content from the Service.

Intellectual Property

The Service and its original content (excluding Data provided by You or other users), features and functionality are and will remain the exclusive property of the Company and its licensors.

The Service is protected by copyright, trademark, patent, and other laws of both the Country and foreign countries.

Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of the Company.

Open-Source License Precedence

Certain software components distributed with or as part of the Service are licensed under the Apache License, Version 2.0 (and, where applicable, other open-source licenses).

In the event of any conflict between these Terms and such applicable open-source license terms for those components, the applicable open-source license terms (including Apache License 2.0) will control solely with respect to those components.

Your Feedback to Us

You assign all rights, title and interest in any Feedback You provide the Company. If for any reason such assignment is ineffective, You agree to grant the Company a non-exclusive, perpetual, irrevocable, royalty free, worldwide right and license to use, reproduce, disclose, sub-license, distribute, modify and exploit such Feedback without restriction.

Termination

We may terminate or suspend Your Account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if You breach these Terms and Conditions.

Upon termination, Your right to use the Service will cease immediately. If You wish to terminate Your Account, You may simply discontinue using the Service.

Limitation of Liability

In no event will the aggregate liability of the Company and its suppliers arising out of or related to these Terms or the Service exceed the greater of (i) the total amounts paid by You to the Company for the Service in the twelve (12) months preceding the event giving rise to the claim, or (ii) 100 USD, if You have not purchased anything through the Service.

To the maximum extent permitted by applicable law, in no event shall the Company or its suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever (including, but not limited to, damages for loss of profits, loss of Data or other information, for business interruption, for personal injury, loss of privacy arising out of or in any way related to the use of or inability to use the Service, third-party software and/or third-party hardware used with the Service, or otherwise in connection with any provision of this Terms), even if the Company or any supplier has been advised of the possibility of such damages and even if the remedy fails of its essential purpose.

Some states do not allow the exclusion of implied warranties or limitation of liability for incidental or consequential damages, which means that some of the above limitations may not apply. In these states, each party's liability will be limited to the greatest extent permitted by law.

"AS IS" and "AS AVAILABLE" Disclaimer

The Service is provided to You "AS IS" and "AS AVAILABLE" and with all faults and defects without warranty of any kind. To the maximum extent permitted under applicable law, the Company, on its own behalf and on behalf of its Affiliates and its and their respective licensors and service providers, expressly disclaims all warranties, whether express, implied, statutory or otherwise, with respect to the Service, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement, and warranties that may arise out of course of dealing, course of performance, usage or trade practice. Without limitation to the foregoing, the Company provides no warranty or undertaking, and makes no representation of any kind that the Service will meet Your requirements, achieve any intended results, be compatible or work with any other software, applications, systems or services, operate without interruption, meet any performance or reliability standards or be error free or that any errors or defects can or will be corrected.

Without limiting the foregoing, neither the Company nor any of the company's provider makes any representation or warranty of any kind, express or implied: (i) as to the operation or availability of the Service, or the information, content, and materials or products included thereon; (ii) that the Service will be uninterrupted or error-free; (iii) as to the accuracy, reliability, or currency of any information or content provided through the Service; or (iv) that the Service, its servers, the content, or e-mails sent from or on behalf of the Company are free of viruses, scripts, trojan horses, worms, malware, timebombs or other harmful components.

Some jurisdictions do not allow the exclusion of certain types of warranties or limitations on applicable statutory rights of a consumer, so some or all of the above exclusions and limitations may not apply to You. But in such a case the exclusions and limitations set forth in this section shall be applied to the greatest extent enforceable under applicable law.

Governing Law and Jurisdiction

These Terms, and any dispute arising out of or relating to them or the Service, are governed by and construed in accordance with the laws of the State of Arizona, without regard to its conflict of laws principles.

Because all disputes are subject to the Dispute Resolution and Arbitration provisions below, the parties agree that any court proceedings permitted under those provisions shall be brought exclusively in the state or federal courts located in Arizona, and each party consents to the personal jurisdiction of those courts for such purposes.

Dispute Resolution and Arbitration

Informal Resolution First

Before initiating arbitration, You agree to first contact Striae at the contact address provided on the Striae website and attempt to resolve the dispute informally in good faith. Striae will likewise attempt to resolve disputes informally. If a dispute is not resolved within 30 days of the initial notice, either party may proceed to arbitration as described below.

You must send Your notice in writing to the contact email or postal address listed in the Contact Us section and include a brief description of the dispute and the relief sought.

Binding Arbitration Only

To the fullest extent permitted by law, any dispute, claim, or controversy arising out of or relating to these Terms or the use of the Service that cannot be resolved informally shall be finally resolved by binding arbitration, not in court, and not by a jury.

The arbitration shall be administered by a recognized arbitration provider (such as the American Arbitration Association) under its applicable rules for commercial disputes, and the arbitration will take place in Arizona, unless the parties mutually agree to a different location or to remote proceedings.

The arbitrator shall have the authority to award all remedies available under applicable law, subject to the limitations of liability set out in these Terms.

Judgment on the arbitration award may be entered in any court having jurisdiction.

No Class Actions

To the maximum extent permitted by law, You and Striae agree that each may bring claims against the other only in Your or its individual capacity, and not as a plaintiff or class member in any purported class, collective, or representative proceeding. The arbitrator may not consolidate more than one person's claims or otherwise preside over any form of a representative or class proceeding.

Equitable Relief

Notwithstanding the foregoing, either party may seek temporary or preliminary injunctive or other equitable relief in a court of competent jurisdiction in Arizona to protect its Confidential Information or intellectual property rights, without waiving the obligation to arbitrate all other disputes.

For European Union (EU) Users

If You are a European Union consumer, You will benefit from any mandatory provisions of the law of the country in which You are resident.

United States Federal Government End Use Provisions

If You are a U.S. federal government end user, Our Service is a "Commercial Item" as that term is defined at 48 C.F.R. §2.101.

United States Legal Compliance

You represent and warrant that (i) You are not located in a country that is subject to the United States government embargo, or that has been designated by the United States government as a "terrorist supporting" country, and (ii) You are not listed on any United States government list of prohibited or restricted parties.

Severability and Waiver

Severability

If any provision of these Terms is held to be unenforceable or invalid, such provision will be changed and interpreted to accomplish the objectives of such provision to the greatest extent possible under applicable law and the remaining provisions will continue in full force and effect.

Waiver

Except as provided herein, the failure to exercise a right or to require performance of an obligation under these Terms shall not affect a party's ability to exercise such right or require such performance at any time thereafter nor shall the waiver of a breach constitute a waiver of any subsequent breach.

Translation Interpretation

These Terms and Conditions may have been translated if We have made them available to You on Our Service. You agree that the original English text shall prevail in the case of a dispute.

Changes to These Terms and Conditions

We reserve the right, at Our sole discretion, to modify or replace these Terms at any time. If a revision is material We will make reasonable efforts to provide at least 30 days' notice prior to any new terms taking effect. What constitutes a material change will be determined at Our sole discretion.

By continuing to access or use Our Service after those revisions become effective, You agree to be bound by the revised terms. If You do not agree to the new terms, in whole or in part, please stop using the website and the Service.

Data Storage Addendum

At Striae, We take Your privacy and Data security seriously. We understand the sensitive nature of the Data that You may store with Us. This Data Storage Addendum outlines how We handle and store Your Data within the app.

• Authentication and Password Security

  Striae relies on Firebase Authentication, a highly secure and trusted platform, developed by Google, to handle user authentication. Key features of Firebase Authentication include:

  • Hashed Authentication Data

    Firebase secures passwords and authentication details using industry-standard hashing algorithms. This ensures that Your credentials are stored in a secure, unreadable format.

  • Advanced Threat Detection

    Firebase employs machine learning models to detect and mitigate suspicious activity, such as brute-force attacks or unauthorized login attempts.

  • Multi-Factor Authentication

    Firebase supports multi-factor authentication (MFA), providing an additional layer of security for Your account.

• Data Storage: Secure and Private

  Your Data is secured in off-site storage, using industry-standard security protocols to ensure it is protected from unauthorized access and physical theft. We prioritize Your privacy and make sure Your information is kept private and confidential. A few of the measures in place include:

  • No Exposed Plain Text

    User profile information and all Data stored by Striae are encrypted and never stored in exposed plain text. Instead, all sensitive information is stored securely behind undecipherable unique identifiers, further isolating Your Data from potential breaches.

  • Data Segregation/Isolation

    Striae utilizes separate and distinct systems to store Your Data. This segregation enhances security by limiting access points and isolating sensitive information from unrelated systems.

  • AES-256 Encryption

    Striae uses AES-256 encryption with GCM (Galois/Counter Mode) to safeguard Your Data at rest through Cloudflare's R2 and KV storage systems¹. This encryption standard is one of the most secure methods available, ensuring that even if Data storage is breached, the information remains unreadable and protected.

  • What is AES-256?

    • Advanced Encryption Standard (AES) is a symmetric encryption algorithm that has been extensively tested and proven to provide a high level of security.

    • 256-bit Encryption refers to the length of the encryption key. The longer the key, the more secure the encryption, as it increases the complexity of potential decryption attempts exponentially.

    • Used by the U.S. Government: AES-256 has been adopted as the encryption standard by the U.S. government for securing classified information. Specifically, it is approved by the National Institute of Standards and Technology (NIST) and used to protect sensitive information².

  • Why AES-256 is Secure

    • Key Size: A 256-bit key length means there are 2^256 possible key combinations³, making it virtually impossible to break using current computing capabilities.

    • Resistance to Brute Force: Even with advanced computational power, it would take billions of years to attempt all possible key combinations⁴.

    • Global Trust: AES-256 is trusted worldwide by governments, financial institutions, and security-focused organizations for its unparalleled ability to secure data⁵.

  • Transport Layer Security

    All Data transfers are encrypted using TLS, ensuring protection from interception or tampering while in transit.

  • Signed URLs

    Using HMAC-SHA-256, temporary signed URLs provide authenticated, tamper-evident, time-limited access to Your images and files.

  • Logging and Monitoring

    Access requests and Data transfers are logged in detail, allowing Us to audit activities and identify any unauthorized access attempts. Audit trail records are retained indefinitely for security, forensic integrity, and compliance purposes.

  • Cross-Origin Resource Sharing (CORS) Support

    To prevent unauthorized access, Striae restricts Data requests to its domain exclusively.

  • Security Policy

    The open security policy encourages users and researchers to safely and responsibly report vulnerabilities. This collaborative approach ensures the security measures remain robust and up-to-date. Please refer to Our Security Policy for more information.

• Access to Data

  Your Data is accessible to You, to Striae as necessary, and to Striae's vetted third-party hosting and authentication providers solely as required to operate and support the Service. Striae may access Your Data only for troubleshooting, maintenance, or support purposes, and only to the extent required to resolve issues or provide assistance. No unauthorized third party has access to Your Data.

• No Sharing of Sensitive Information

  Striae does not collect or share sensitive information, such as images, case numbers, item numbers, or any other personally identifiable information with third parties. Additionally, Your Data is not subject to analysis, scraping, or processing by third-party analytics tools, AI systems, or any other automated processes outside the scope of the app’s intended use. The integrity and confidentiality of Your Data are paramount to Us.

• Data Control

  Striae will never edit or modify the contents of Your Data without Your explicit input. The only edits made to Your Data will be for the purpose of resizing and compression for optimal display, storage, and performance. When You delete Data, it is removed from active systems and will not be accessible through the Service. Residual copies may remain for a limited period in system logs, temporary caches, or provider-level replicated storage until they are overwritten or deleted in the ordinary course of business.

• Account Deletion

  If You choose to delete Your account, associated Data and information will be removed from active systems and will no longer be accessible through the Service. Certain residual records may persist for a limited period in logs, temporary caches, or provider-level replicated storage, and may be retained where required for security, legal, or compliance purposes. Audit trail records are retained indefinitely and are not deleted as part of account deletion. Subject to those limitations, deleted Data is not recoverable by You through the Service.

Striae’s security measures are designed to keep Your Data secure, private, and under Your control. Should You have any questions, concerns, or feedback about these security protocols, We encourage You to reach out to Us.

Contact Us

If You have any questions about these Terms and Conditions, You can contact Us:

• By email: info@striae.org

• By mail: Contact Us for a physical address

• Contact page: https://stephenjlu.com/contact

• Legal entity: The Stephenson Jack Lu Living Trust

References

¹ Cloudflare automatically encrypts all data at rest using AES-256 with GCM mode across their R2 and KV storage platforms.

² NIST has approved AES-256 for protecting classified information and is widely adopted by the U.S. government.

³ The mathematical calculation: 2^256 = approximately 1.16 × 10^77 possible key combinations, making brute force attacks computationally infeasible.

⁴ Based on cryptographic analysis, even with advanced quantum computing developments, AES-256 would require astronomical amounts of time to break through brute force.

⁵ AES-256 is the encryption standard of choice for major banks, healthcare systems, government agencies, and technology companies worldwide.

• Cloudflare Security Documentation:

  • Cloudflare R2 Data Security - Details on AES-256 encryption with GCM mode for object storage
  • Cloudflare KV Data Security - Details on AES-256 encryption with GCM mode for key-value storage

• Government and Standards Documentation:

  • NIST Advanced Encryption Standard (AES) - Official NIST specification for AES encryption
  • NIST FIPS 197 - Federal approval and technical specifications for AES
  • NSA Commercial Solutions for Classified - Government approval of AES-256 for classified information

• Cryptographic Analysis and Security Research:

  • Cryptographic Analysis of AES-256 - Academic research on AES-256 security properties
  • Schneier on Cryptography - Expert analysis of AES security and brute force resistance
  • NIST FIPS 140-2 - Cryptographic module validation standards

• Industry Adoption and Trust:

  • Cloudflare Trust Hub - Comprehensive security and compliance information
  • Cloudflare Compliance Resources - Industry certifications and compliance documentation
  • Cloudflare Learning: What is Encryption? - Educational resource on encryption fundamentals