Privacy & Data Controls
How Struxen handles your project data, and how you can export or delete it.
Privacy & Data Controls
This page is a practical guide to the data controls available in the Struxen product. For the full legal terms, see the Privacy Policy, the Terms of Service, and the Data Processing Addendum.
What data Struxen holds
Struxen stores three categories of data on your behalf:
- Project documents — drawings, specifications, schedules, RFIs, submittals, and any other files you upload or sync via Forma.
- Derived data — extracted text, embeddings, classifications, and STRUX/VANTAGE outputs generated from your documents.
- Account metadata — user profiles, organization membership, project metadata, audit log entries, and billing records.
All three are scoped to your organization. Other organizations cannot see your data, and Struxen staff access is logged and limited to support cases you have opened.
Exporting your data
You can export at three levels.
Document export
In any project, open Documents, select rows (or use Select all), and click Export → Originals. Struxen packages the original files (plus their version history) into a zip and emails you a download link when ready.
Findings & STRUX history export
In the project, open Reports → Export findings. Choose the run(s) or STRUX conversation(s) to include and the format (PDF or CSV).
Full organization export
Owners can request a full org-level export at Account → Privacy → Export all data. This produces a single archive containing every
project's documents, findings, and metadata. The archive is encrypted
and the download link is single-use, valid for 7 days.
Deleting your data
Delete a single document
On the Documents row, click the kebab menu → Delete. Versions are deleted with the document. Owner/Admin only.
Delete a project
Open Settings → Danger zone → Delete project. Confirm with the project name. Documents, findings, and history are removed immediately and purged from backups within 30 days.
Delete your user account
Open Account → Profile → Delete account. If you are the Owner of an
org with other members, you must first transfer ownership or delete
the org. Account deletion removes your profile, login, and personal
preferences. Project data you authored remains in the org under an
"Anonymized User" attribution — your name and email are scrubbed.
Delete the entire organization
See Account & Billing → Deleting an organization.
Cookie preferences
Struxen uses a small number of cookies for authentication and product
analytics. You can review and change your preferences anytime by
clicking Cookie Preferences in the footer of any marketing page,
or open Account → Privacy → Cookies once signed in.
The categories are:
- Strictly necessary — required for sign-in and security. Cannot be disabled.
- Product analytics — anonymized usage telemetry that helps us improve features. Off by default in EU/UK regions, opt-in elsewhere.
- Marketing — only active on marketing site pages; never on the authenticated app.
Sub-processors and AI providers
Struxen uses third-party services for hosting, AI inference, and billing. The current sub-processor list is at the Trust Center. We notify customers in advance of material changes to the sub-processor list.
For AI inference, prompts and document excerpts are sent to the configured model provider only at the moment a query runs. We do not permit providers to use your data to train their models.
Regional data residency
Struxen's primary region is us-east-1 (United States). EU residency is available on Business and Enterprise plans — contact support@struxen.io to enable.
Audit log
Owners and Admins can view the org's audit log at Account → Organization → Audit log. The log records sign-ins, member changes,
project creation/deletion, document uploads/deletions, and billing
events. Logs are retained for 12 months on standard plans and 7 years
on Enterprise.
Subject access requests
If you are a project participant who is not a Struxen account holder (e.g. your name appears in an uploaded RFI) and you want to know what data Struxen holds about you, email support@struxen.io. We respond within 30 days, per the Privacy Policy.
Reporting a vulnerability
Email security reports to
support@struxen.io with the subject line
beginning Vulnerability:. Do not include exploit details in the
initial message — we will respond with a secure channel. We do not
pursue legal action against good-faith research.