Struxen Docs

Privacy & Data Controls

How Struxen handles your project data, and how you can export or delete it.

Privacy & Data Controls

This page is a practical guide to the data controls available in the Struxen product. For the full legal terms, see the Privacy Policy, the Terms of Service, and the Data Processing Addendum.

What data Struxen holds

Struxen stores three categories of data on your behalf:

  1. Project documents — drawings, specifications, schedules, RFIs, submittals, and any other files you upload or sync via Forma.
  2. Derived data — extracted text, embeddings, classifications, and STRUX/VANTAGE outputs generated from your documents.
  3. Account metadata — user profiles, organization membership, project metadata, audit log entries, and billing records.

All three are scoped to your organization. Other organizations cannot see your data, and Struxen staff access is logged and limited to support cases you have opened.

Exporting your data

You can export at three levels.

Document export

In any project, open Documents, select rows (or use Select all), and click Export → Originals. Struxen packages the original files (plus their version history) into a zip and emails you a download link when ready.

Findings & STRUX history export

In the project, open Reports → Export findings. Choose the run(s) or STRUX conversation(s) to include and the format (PDF or CSV).

Full organization export

Owners can request a full org-level export at Account → Privacy → Export all data. This produces a single archive containing every project's documents, findings, and metadata. The archive is encrypted and the download link is single-use, valid for 7 days.

Deleting your data

Delete a single document

On the Documents row, click the kebab menu → Delete. Versions are deleted with the document. Owner/Admin only.

Delete a project

Open Settings → Danger zone → Delete project. Confirm with the project name. Documents, findings, and history are removed immediately and purged from backups within 30 days.

Delete your user account

Open Account → Profile → Delete account. If you are the Owner of an org with other members, you must first transfer ownership or delete the org. Account deletion removes your profile, login, and personal preferences. Project data you authored remains in the org under an "Anonymized User" attribution — your name and email are scrubbed.

Delete the entire organization

See Account & Billing → Deleting an organization.

Struxen uses a small number of cookies for authentication and product analytics. You can review and change your preferences anytime by clicking Cookie Preferences in the footer of any marketing page, or open Account → Privacy → Cookies once signed in.

The categories are:

  • Strictly necessary — required for sign-in and security. Cannot be disabled.
  • Product analytics — anonymized usage telemetry that helps us improve features. Off by default in EU/UK regions, opt-in elsewhere.
  • Marketing — only active on marketing site pages; never on the authenticated app.

Sub-processors and AI providers

Struxen uses third-party services for hosting, AI inference, and billing. The current sub-processor list is at the Trust Center. We notify customers in advance of material changes to the sub-processor list.

For AI inference, prompts and document excerpts are sent to the configured model provider only at the moment a query runs. We do not permit providers to use your data to train their models.

Regional data residency

Struxen's primary region is us-east-1 (United States). EU residency is available on Business and Enterprise plans — contact support@struxen.io to enable.

Audit log

Owners and Admins can view the org's audit log at Account → Organization → Audit log. The log records sign-ins, member changes, project creation/deletion, document uploads/deletions, and billing events. Logs are retained for 12 months on standard plans and 7 years on Enterprise.

Subject access requests

If you are a project participant who is not a Struxen account holder (e.g. your name appears in an uploaded RFI) and you want to know what data Struxen holds about you, email support@struxen.io. We respond within 30 days, per the Privacy Policy.

Reporting a vulnerability

Email security reports to support@struxen.io with the subject line beginning Vulnerability:. Do not include exploit details in the initial message — we will respond with a secure channel. We do not pursue legal action against good-faith research.