Privacy - Updated: 30.01.2025

Privacy Policy

How we handle your data

Thank you for choosing Stepsailor UG (haftungsbeschränkt) ("Company," "we," "us," or "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Software as a Service ("SaaS") platform, websites, and related services (collectively, the "Services").

1. Scope

This Privacy Policy applies to all users ("you" or "your") of our Services. By accessing or using our Services, you agree to the collection and use of your personal data in accordance with this Privacy Policy. If you do not agree with the terms outlined here, please do not use our Services.

2. Information We Collect

We collect information that can be used to identify you directly or indirectly ("Personal Data"). This may include:

  1. Account and Contact Information

    • Name, email address, phone number, company name, job title.

  2. Billing and Payment Information

    • Payment card details or bank account details (processed through our third-party payment processor, Stripe).
    • Transaction and payment history related to the Services.

  3. Technical Information

    • IP address, browser type, operating system, device identifiers, and information about your usage of our Services.
    • Log data, diagnostic information, and cookies or similar tracking technologies.

  4. Content and Communication

    • Information you submit through TallyForm or other forms, including any personal data you choose to include in responses.
    • Support tickets, chat conversations, and other communications.

  5. Data You Provide Through Integrations

    • Certain features of our Services allow you to connect or integrate with third-party services, including Notion (notion.so), Vimeo (vimeo.com), and Synthesia (synthesia.io). When you enable these integrations, we may receive data from those third parties.

3. How We Use Your Information

We use the data we collect for purposes including:

  1. Service Provision

    • To provide, maintain, and improve the functionality of our SaaS platform.
    • To process payments and manage billing through Stripe.

  2. Account Management and Customer Support

    • To create and manage your account.
    • To respond to inquiries, troubleshoot issues, and provide technical support.

  3. Analytics and Product Improvement

    • To analyze usage trends and patterns to improve our Services.

  4. Communication

    • To send you updates about our Services, including important notices, security alerts, and administrative messages.
    • To send marketing communications if you have opted to receive them (you may opt out at any time).

  5. Legal and Compliance

    • To comply with legal obligations and respond to lawful requests (e.g., court orders, subpoenas).
    • To protect our rights, privacy, safety, property, or that of our users and others.

4. How We Share Your Information

We may share your Personal Data with:

  1. Service Providers and Vendors

    • Stripe for payment processing.
    • TallyForm for form collection and processing.
    • Neon Database, where we store and manage data.
    • Cloud Hosting (AWS, Azure) to store and process data on servers and services, with primary hosting in Ireland and additional worldwide content delivery networks (CDNs).

  2. AI Platform Providers

    • OpenAI and Claude (or other AI service providers) for advanced analytics, content generation, or chat/virtual assistant functionalities within our Services. We share only the data necessary to fulfill the required functionality and maintain contractual safeguards.

  3. Affiliates and Subsidiaries

    • We may disclose your data to our subsidiaries, joint ventures, or other companies under common control with us, for purposes consistent with this Privacy Policy.

  4. Business Transfers

    • In the event of a merger, acquisition, financing, or sale of assets, your data may be transferred to a successor or affiliated entity as part of that transaction.

  5. Legal Obligations

    • We may disclose your information to comply with applicable law, regulation, legal process, or governmental request.

5. International Data Transfers

We primarily host our Services and data in Ireland, but we use worldwide CDNs and third-party service providers whose servers may be located in multiple countries. When we transfer your Personal Data outside of the European Economic Area (EEA) or other regions with comprehensive data protection laws, we will ensure that appropriate safeguards are in place, such as standard contractual clauses or other legally recognized mechanisms, in compliance with applicable data protection laws.

6. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Once retention is no longer necessary, we will either delete or anonymize your data in a secure manner.

7. Your Rights and Choices

Depending on where you reside, you may have certain rights regarding your Personal Data, including:

  1. Access: Request a copy of the Personal Data we hold about you.
  2. Rectification: Request that we correct or update inaccurate or incomplete data.
  3. Deletion: Request that we delete your data, subject to certain legal exceptions.
  4. Objection: Object to our use of your data for direct marketing or certain other purposes.
  5. Restriction: Request that we limit the processing of your data under certain circumstances.
  6. Portability: Request that we provide you or a third party with certain Personal Data in a structured, commonly used, machine-readable format.

To exercise any of these rights, please contact us using the contact information below. We will respond to legitimate requests in compliance with applicable law.

8. Security Measures

We implement reasonable and appropriate administrative, technical, and physical safeguards to protect your Personal Data. These measures include:

  • Secure servers on AWS (and potentially Azure) with encryption at rest and in transit where possible.
  • Access controls and authentication mechanisms.
  • Regular security assessments and penetration testing.
  • Monitoring and alerting for suspicious activity.

Despite our efforts, no security measures are 100% foolproof, and we cannot guarantee the absolute security of your data.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information about your browsing activities for analytics, security, and to improve and personalize our Services. You can control the use of cookies at the individual browser level. However, if you disable cookies, some features of our Services may be limited or not function properly.

10. Third-Party Links and Services

Our Services may link to third-party websites or incorporate third-party services. We do not control these third parties and are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use or visit.

11. Vendors and Services We Use

We rely on trusted third-party vendors to support our Services, ensuring reliability, security, and seamless integration. These include:

  • Stripe (stripe.com) – Secure payment processing.
  • TallyForm (tally.so) – Collection and processing of user-submitted forms.
  • Notion (notion.so) – Internal documentation and customer knowledge management.
  • Vimeo (vimeo.com) – Secure video hosting, high-quality streaming, and integration.
  • Synthesia (synthesia.io) – AI-powered video content generation.
  • OpenAI (openai.com) – AI services for natural language processing and automation.
  • Claude (anthropic.com) – AI services for natural language processing and automation.
  • Azure (azure.microsoft.com) – Hosting infrastructure and AI services.
  • AWS (aws.amazon.com) – Cloud infrastructure and hosting services.
  • Neon (neon.tech) – Serverless Postgres database.
  • Google Analytics (analytics.google.com) – Website analytics and user behavior tracking for www.stepsailor.com only (excluding our product at app.stepsailor.com).
  • Google Tag Manager (tagmanager.google.com) – Tag management system for analytics and marketing tags on www.stepsailor.com only (excluding our product at app.stepsailor.com).
  • Vercel (vercel.com) – Hosting infrastructure and AI-powered features and services.
  • Vercel Analytics (vercel.com) – Website analytics and user behavior tracking only for www.stepsailor.com (excluding our product at app.stepsailor.com).
  • Cal.com (cal.com) – Meeting scheduling and organization.

To ensure service stability and availability, we employ multiple AI providers, facilitating automatic failover mechanisms when necessary.

We take measures to ensure these vendors adhere to strict security and privacy standards.

12. Information About Vercel Analytics Usage

Vercel Analytics allows us to analyze website usage in a privacy-oriented manner. (Learn more here)

13. Data Collected by Our Assistant

Our AI assistant operates within your product to enhance user engagement and provide personalized support. To deliver this service effectively and improve user experience, we collect and process the following data:

  • User Interactions – We monitor product usage patterns including clicks, navigation flows, and engagement metrics. This includes analyzing indicators of user experience such as repeated interactions or rapid interface changes that may suggest areas where users need additional support.

  • Conversations with AI – We store and analyze messages exchanged with our AI assistant, including contextual information and sentiment analysis, to better understand user needs and improve responses.

  • Support Communications – When users engage in conversations with human support agents through our platform, these communications are securely stored in our database to maintain conversation history and improve service quality.

  • Usage Patterns – We collect metadata and behavioral patterns to identify optimal moments for providing assistance and to better understand how users interact with different features.

  • Learning Analytics – We analyze which types of guidance and educational content are most effective in different scenarios to continuously improve our support capabilities.

This information enables us to optimize the assistant's performance, provide timely and relevant support, and enhance the overall user experience while maintaining strict compliance with privacy regulations. Our goal is to identify precisely when users might benefit from additional guidance and deliver appropriate assistance at those key moments.

14. Children's Privacy

Our Services are not directed to individuals under the age of 16 (or other applicable age of consent). We do not knowingly collect Personal Data from children. If you believe that we have inadvertently collected such data, please contact us so we can promptly delete it.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will revise the "Effective Date" at the top of this page and, in some cases, notify you via email or by prominently posting a notice within our Services. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

16. Contact Us

If you have any questions or concerns regarding this Privacy Policy or our data practices, or if you wish to exercise any of your data protection rights, please contact us at:

We will do our best to respond to your inquiry in a timely manner.

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.