STEP.CO

Privacy Policy

Last Updated: May 02, 2025

1. Introduction

Step.co Technology Inc. ("Step.co," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and related services (collectively, the "Services").

2. Information We Collect

We collect information in the following categories:

  • Personal Information – name, email address, postal address, payment tokens (handled by our payment processors), and other contact details.
  • Fitness Data – workouts, goals, preferences, and progress you log within the Services.
  • Device Information – IP address, browser type, operating system, device identifiers.
  • Usage Data – pages or classes viewed, clicks, session time, preferences, error logs.
  • Aggregated/Anonymous Data – statistical insights that do not identify you.

4. How We Use Your Information

  • To create and manage your account and provide the Services.
  • To personalise content, class recommendations, and notifications through automated decision‑making.
  • To process payments and manage subscriptions.
  • To communicate with you about class updates, promotions, or policy changes.
  • To detect, investigate, and prevent fraud or security incidents.
  • To conduct analytics that help us understand usage trends and improve functionality.
  • To comply with our legal and contractual obligations.

5. Data Sharing & International Transfers

We do not sell your personal information. We may share data with:

  • Service Providers: cloud hosting (AWS), analytics (Mixpanel, Google Analytics), email, and payment processors (Stripe). Each provider is bound by contract to protect your data and process it only on our instructions.
  • Legal Authorities: where required to comply with law or protect rights, property, or safety.
  • Business Transfers: in connection with a merger, acquisition, or sale of assets.

Because some providers operate outside Canada, your information may be transferred and processed internationally. We rely on standard contractual clauses and comparable safeguards to protect your data in such cases.

6. Cookies & Tracking Technologies

We and our partners use cookies, SDKs, and similar technologies to recognise your device, remember preferences, and measure the effectiveness of campaigns. Where required by law, we will request your consent before setting non‑essential cookies. You can manage cookie preferences at any time in the "Cookie Settings" link in the site footer.

7. Your Rights & Choices

You may exercise the following rights, subject to legal limits:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Data portability – receive a machine‑readable copy of your data.
  • Withdraw consent at any time where processing is based on consent.
  • Request human review of automated decisions that significantly affect you.

To submit a request, email policy@step.co or use the in‑app privacy request form. We will respond within 30 days.

8. Third-Party AI Processing

We use third-party artificial intelligence (AI) services to provide certain fitness coaching features, including chat-based coaching, personalized recommendations, and workout plan generation. When you use these features, some of your information is shared with our AI service providers so they can generate the response or analysis you request.

What we share

Depending on the feature you use, we may share:

  • Content you provide, such as messages you send and up to the last 50 messages in your conversation for context.
  • Profile and fitness information used to personalize coaching, such as your name, age, gender, height, weight, goals, preferences, available equipment, workout location, and any information you choose to provide about health conditions or injuries.
  • Activity and progress data used for personalization, such as recent workout activity and progress toward goals.

We do not share internal identifiers (such as your in-app user ID or internal session IDs) with AI providers.

Storage and retention

Server-side: We store AI conversations and related session data for up to 90 days, after which they are automatically deleted.

On-device: AI conversation history may also be stored locally on your device until you delete it in the app or uninstall the app.

Your choices

You can:

  • Avoid sharing data with AI providers by choosing not to use AI-powered features.
  • Delete your account and all associated data, including AI conversation history, from your profile page in the app.
  • Request deletion of your data by contacting Info@Step.co.

Important note

AI-generated content may not always be accurate and is not medical advice.

9. Data Retention

We keep data only as long as necessary:

  • Fitness Data – stored while your account is active or until you delete it.
  • Subscription & Transaction Records – 7 years for tax and audit purposes.
  • Marketing Consent Logs – maintained until you unsubscribe plus 2 years.

10. Security

We employ administrative, technical, and physical safeguards including end‑to‑end encryption, role‑based access controls, and regular security audits. No system is impenetrable, so we encourage you to use strong, unique passwords and enable any offered multi‑factor authentication.

11. Children's Privacy

Our Services are not directed to children under 13 and we do not knowingly collect personal data from them. If you are a parent or guardian and believe your child has provided us data without consent, please contact us and we will delete it promptly. Users aged 13–17 may use the Services only with parent or guardian supervision.

12. Contact Us

Step.co Technology Inc.
240 1st Street E,
North Vancouver, BC V7L 1B3, Canada
Privacy Officer: info@step.co

© 2025 Step.co Technology Inc.