StepGenie Privacy Policy

1. Quick Summary

We collect: account details (name, email), study activity, content you submit (questions, audio, notes), device and usage data, and limited payment metadata (via trusted processors).

We use data to: run StepGenie, personalize learning, improve quality, fight abuse, retarget you with relevant emails and social media ads, and (with consent) send product updates.

We share with: service providers (hosting, analytics, payment), advertising and retargeting platforms (e.g., Meta, Google Ads), affiliates, and when required by law. We don't sell your personal information.

Your choices: You can access, correct, download, or delete your data. You can opt out of marketing, retargeting, and certain analytics.

Sensitive stuff: No PHI, please. We're not a HIPAA-covered entity.

For EU/UK/India: We honor GDPR/DPDP rights and international transfer safeguards.

Minors: StepGenie is not for children under 13 (or under 16 in some regions).

Training AI: We do not use your identifiable content to train third-party foundation models without your consent.

2. Scope

This Policy explains how we handle personal data when you:

• Visit our websites, web apps, or mobile apps
• Create an account or use StepGenie features (e.g., voice, chat, QBank, study plans)
• Interact with us (support, feedback, surveys)
• Receive emails or notifications from us

This Policy doesn't cover third-party websites/services we link to.

3. What We Collect

A. Data you provide

• Account & Profile: name, email, password (hashed), avatar, role/status (e.g., IMG, MS2), timezone
• Study Content: prompts/questions, chat history, audio/voice inputs (if enabled), uploaded files/images, notes, bookmarks, feedback, and your responses within the product
• Preferences: topics, study goals, reminder/notification settings, beta/consent toggles
• Support & Surveys: messages, ratings, free-text responses

B. Data we get automatically

• Device & Log Data: IP address, device/browser type, OS, app version, language, referral URLs, pages viewed, clicks, session duration, crash reports, diagnostic logs
• Cookies/SDKs: identifiers to keep you signed in, remember settings, measure analytics
• Approximate Location: derived from IP for security, localization, and compliance (no precise GPS unless you enable it explicitly)

C. Data from others

• Payment Processors: limited billing metadata and payment status from Stripe/Razorpay/Paddle (we don't store full card numbers)
• Auth Providers: if you use Google/Apple sign-in, we receive your verified email and profile basics
• Vendors/Partners: anti-abuse signals, analytics/attribution data (aggregated or pseudonymous)
• Advertising Partners: we may receive conversion and engagement data from advertising platforms when you interact with our ads on third-party services

4. How We Use Data

• Provide the service: account creation, authentication, core features (chat, voice, QBank), progress tracking, mastery mapping, study plans, and customer support
• Personalize learning: adapt difficulty, surface weak areas, recommend topics, and tailor explanations
• Product quality & safety: debugging, monitoring, preventing fraud/abuse, service reliability, and enforcing our Terms
• Analytics & improvement: understanding feature usage, running A/B tests, improving accuracy/explanations
• Retargeting & remarketing: we may use your email address, device identifiers, and usage data to serve you targeted advertisements on third-party platforms (e.g., Meta, Google, Instagram) and to send you re-engagement emails based on your activity or inactivity on StepGenie. This may involve sharing hashed identifiers with advertising platforms to create custom or lookalike audiences. You can opt out of retargeting at any time (see Your Rights).
• Communications: transactional emails (receipts, security alerts), service announcements, and—with consent—product tips or promotions
• Legal compliance: tax, accounting, and responding to lawful requests
• AI features: We may process your interactions to generate responses, hints, and explanations. We may use de-identified/aggregated data to improve models and features. We will not use your identifiable content to train third-party foundation models without your explicit consent.

5. Legal Bases (EEA/UK)

We process personal data under:

• Contract (to provide StepGenie you requested)
• Legitimate interests (product improvement, security, anti-abuse, analytics, retargeting where permitted)
• Consent (marketing emails, retargeting ads, certain cookies, voice features, model training toggles)
• Legal obligations (tax, compliance)

You can withdraw consent anytime where applicable.

6. Cookies & Similar Tech

We use:

• Strictly Necessary (login, security)
• Functional (preferences)
• Analytics (usage metrics)
• Marketing & Retargeting (campaign performance, conversion tracking, audience building via pixels and tags from platforms such as Meta Pixel, Google Ads, and similar services)

Manage cookies via in-product settings and your browser. Region-specific banners may appear where required.

7. How We Share Information

We do not sell personal information. We share:

• Service Providers/Processors: hosting (e.g., cloud infrastructure), storage, analytics, logging, email delivery, customer support, payments, voice processing (if enabled)
• Advertising & Retargeting Platforms: we may share hashed email addresses, device identifiers, and usage/engagement data with advertising platforms (e.g., Meta, Google Ads) to deliver targeted ads, measure campaign performance, and build custom or lookalike audiences. These platforms process data under their own privacy policies.
• Affiliates: controlled entities supporting StepGenie operations under this Policy
• Legal/Compliance: to comply with law, enforce terms, or protect rights/safety
• Business Transfers: merger, acquisition, financing, or sale; we'll notify you where required

Third parties must follow confidentiality and security obligations consistent with this Policy and applicable law.

8. International Data Transfers

We operate globally. If you're in the EEA/UK/Switzerland, we rely on appropriate safeguards (e.g., SCCs/IDTA) for transfers to countries like the U.S. We maintain additional technical and organizational measures to protect your data.

9. Data Retention

We keep personal data only as long as needed for the purposes above, then delete or de-identify it.

Typical periods (subject to change):

• Account profile & study history: active account + up to 24 months
• Session & device logs: 12–18 months
• Audio/voice recordings (if enabled): 30–180 days (configurable) or sooner if you delete
• Payment/billing records: 7 years (tax/audit)
• Retargeting audience data shared with ad platforms: retained per each platform's own data retention policies; we refresh or remove audience lists at least every 180 days
• Backups: rolling cycles per our disaster recovery policy

You can request deletion at any time (see Your Rights).

10. Security

We use industry-standard safeguards: encryption in transit and at rest, least-privilege access, monitoring, secure development practices, and vendor due diligence. No system is 100% secure; report concerns to manav@stepgenie.ai.

11. Your Rights & Choices

Global (applies broadly)

• Access, correct, download (portability), and delete your data
• Object to or restrict certain processing (where applicable)
• Opt out of marketing emails, retargeting ads, and (where offered) analytics/ads cookies
• Manage voice/recording features and data retention (if enabled)

Request via manav@stepgenie.ai or in-product settings. We may verify your identity.

EEA/UK (GDPR)

Rights above plus the right to lodge a complaint with your local Supervisory Authority. Where retargeting relies on consent, you may withdraw it at any time.

California (CPRA)

Right to know/access, correct, delete, and opt out of "sale" or "sharing." We do not sell personal information; however, our use of retargeting technologies (e.g., sharing hashed identifiers with advertising platforms) may constitute "sharing" under the CPRA. You have the right to opt out of such sharing.

Other U.S. States

We provide access, correction, deletion, and opt-out of targeted advertising and certain profiling where required. Use in-product controls or contact us.

India (DPDP)

Right to access, correction, erasure, grievance redressal.

12. Children's Privacy

StepGenie is not for children under 13 (or under 16 where consent laws apply). We don't knowingly collect data from them. If you believe a child provided data, contact us to delete it.

13. Automated Decision-Making

We use AI to generate explanations, hints, and study plans. These do not produce legal or similarly significant effects about you. You may request human review of significant decisions (if any arise) and can opt out of certain personalization where offered.

14. Third-Party Services & Links

Our product may link to or integrate with third-party sites (e.g., video hosting, sign-in, payments, advertising platforms). Their privacy practices are their own; review their policies.

Payments: We use processors like Stripe/Razorpay/Paddle. They handle your payment details under their policies. We receive limited billing metadata; we don't store full card numbers.

Advertising: We use platforms like Meta and Google for retargeting. When you interact with our ads or visit our site, these platforms may collect data under their own policies.

15. Do Not Track / Global Privacy Control

Some browsers send Do Not Track or GPC signals. We honor applicable opt-out signals where required by law (e.g., Colorado UOOM, CPRA opt-out of sharing for retargeting). Otherwise, behavior may vary by region and feature.

16. Changes to This Policy

We'll update this Policy as our services and laws evolve. If changes are material, we'll notify you (e.g., email or in-app). Continued use means you accept the updated Policy.

Version: v2 • Last updated: March 24, 2026

17. Contact Us