PRIVACY POLICY - STEPPLY AI

Stepply AI ("We", "Us," or "Our") respects your Privacy Rights and information and provides this Privacy Policy ("Policy") to help you understand how We collect, use, process, share, store, and disclose information that We obtain from or about You when you use Our Services.

We take the privacy and security of Our customers seriously and encourage You to read this Policy carefully before using Our Services. By doing so, you understand that We will collect and use your personal information in the ways described in this Policy, under the data protection standards (LGPD, Brazil), consumer provisions of Federal Law 8078/1990, and other applicable norms of the Brazilian legal system.

This Policy is part of Our Terms of Use, and the processing of personal data is necessary to provide the Services.

1. INFORMATION WE MAY COLLECT FROM YOU

We may collect and process information about You, including, but not limited to:

  • Personal Information: Your name, email address, password (used for authentication, via an identity provider like, but not limited to, Clerk), date of birth, age, phone number, photograph, feedbacks, comments, and information about your use of the products and information collected by tracking technologies.
  • Sensitive Data: Data related to philosophical convictions and health. This includes personal objectives, level of physical activity, and check-in history, used to personalize the experience and content. We use your health and activity data solely for the purpose of providing and improving the application to You, such as personalizing the type of Content you receive, or providing analysis (not medical dianosis) about your well-being.
  • Authentication and Profile Data: If You choose to log in using third-party services (such as Facebook, supported by the identity provider), We may collect profile information such as your name, email address, ID and others.
  • Financial and Transaction Data (SDC): Information regarding Stepply Digital Coins (SDC) purchases. Payment card information may be collected by platforms (Apple and Google) for in-app purchases, and Our payment processor collects information for purchases made through the Websites. These processors generally provide Us with unique tokens, card type, expiration date, billing address, and the last four digits of the card. Every use of the Artificial Intelligence (AI) feature, which costs specific amounts of SDC, generates an immutable transaction record (LedgerEntry) detailing the Type, Operation (DEBIT), Currency (SDC), Value, and Metadata of the transaction.
  • AI Input Data (Prompts): Text ideas written by the user in free text (with reasonable limitations for the good of common use) used to generate challenges via the AI assistant.
  • Device and Usage Information: Information that your mobile device sends when You use Our services, such as a device identifier, User settings, device operating system, and information about the use of Our Services. This includes traffic data, location data, weblogs, and other communication data. We also collect device tokens required for sending push notifications.

2. CONFIDENTIALITY AND SECURITY

The security of your personal information is important to Us. We take all necessary security measures to protect Users' personal data and safeguard it against unauthorized loss, misuse, access, disclosure, alteration, or destruction. We follow accepted standards for the protection of personal information provided to Us. We manage the User session via Clerk, and credentials are stored locally with security.

If We become aware of any breach of Our own security or that of Our hosting companies, including any hacking or other data breach, We will notify the affected national authorities and Users of such breach, providing details on the nature and extent of the breach and the compromised data within a reasonable timeframe, in accordance with the provisions of Article 48, paragraph 1, of the LGPD.

We fully cooperate with any authorities or courts that may disclose the identity or location of any person who has posted any material on the platform that violates the clauses established in this Policy.

3. DATA STORAGE

All information You provide to Us is stored on Our servers (utilizing NeonDB and AWS S3). Payment transactions are handled in an extremely secure manner, and all payment information is stored together with Our payment processor. Highlighting that the mobile stores are the ones who process sensitive payment data, not Us. We won't keep payment data capable of allowing new transactions without your own action.

You are responsible for maintaining the confidentiality of any passwords, whether provided by Us or chosen by You, that allow You to access certain parts of the platform. We ask that you do not share your password with anyone and suggest you change it frequently, using unique numbers, letters, and special characters. If You lose control of your password, You should immediately access your profile in the application to change your password and notify Us immediately.

We will retain your personal information in Our systems only for as long as necessary to provide You with the requested Services or to fulfill the purpose for which the data was collected. Even in the event of a deletion request, the minimum storage period for internet application user information, determined by Brazilian law, will be respected.

4. USE MADE OF THE INFORMATION

We use the information We collect from You in the following ways:

  • Service Delivery: To ensure that the Content provided by the Services (challenges, check-ins, activities and others) is presented in the most appropriate and effective manner.
  • AI Functionality: To process user prompts using the OpenAI or similar services to generate structured challenge components (Title, Description, Activities, Tags, etc.). To validate check-ins, photos or video frames may be analyzed by artificial intelligence. The use of AI requires explicit consent from the User, requested upon the first use of each feature. Data sent for processing includes title, description, activities, user prompt, and check-in media. No personally identifiable data (such as name, email, or national ID) is sent for AI processing.
  • Personalization and Recommendations: To personalize the experience through the 5-step onboarding process (preferences, objectives, activity level). To provide personalized content and recommendations based on the User profile and historical participation.
  • Monetization and Transactions: To process SDC transactions, verifying sufficient balance and debiting the virtual currency after successful generation. Details of transactions performed through the platform are also used for compliance and fulfilling your requests.
  • Communication: To send promotional communications (e-mails), provided You have consented. To send User support communications and notifications (in-app and push notifications via Expo Push Notifications).
  • Legal and Contractual Obligations: To comply with Our obligations arising from any contracts entered into between You and Us.
  • Platform Interaction: To allow You to participate in the interactive functions of the platform/Services, including communication and interaction between Users and (potentially) a Virtual Guide.
  • Security and Fraud Prevention: To facilitate the technical functioning of the Services, including troubleshooting and resolution, protecting the services, and preventing fraud and abuse. We may exchange information with other companies for fraud protection and credit risk reduction.
  • Analytics and Improvement: To analyze trends and User traffic, track purchases and usage information. To analyze the quality of challenges generated by AI versus manual challenges.
  • Advertising: To serve Our advertisements through third-party platforms, such as Facebook or Google, on other websites, mobile applications, or on your different devices, provided You have given consent.
  • Account Management: To manage your account preferences, establish your profile, and registration information.

We may combine your information with information We collect from other sources to improve Our Services and for commercial purposes. We do not sell or rent your personally identifiable information to third parties, in the traditional sense of the word "sale," for marketing purposes, without your prior consent.

5. COOKIES AND DATA COLLECTION TOOLS

Like many websites and application providers, Stepply AI (and/or service providers acting on Our behalf) may use server log files and automated data collection tools, such as cookies, tags, scripts, browser fingerprints (collectively, "Data Collection Tools") when you access and use Our Services. In some cases, We link the information collected by these means to the other information You provide and that We collect.

We use these tools to track and automatically collect certain technical and usage data. We use cookies for several purposes, including analyzing the use of Our Services, allowing You to log in more easily (facilitating session management via identity provider), and providing a personalized and more efficient experience.

Stepply AI may use the following types of cookies:

  • Preference Cookies: Used to remember information about your browser and how You prefer to use Our Services, such as preferred language settings.
  • Security Cookies: Used to allow You to log in and access Our Service, protect your account against fraudulent logins, and help detect and combat misuse.
  • Functional Cookies: Used to enhance the experience of using Our Services.
  • Session Cookies: Used to collect information about how You interact with Our Services, improve Our platform and navigation experience, remember login details, and process purchases. They are considered strictly necessary for the functioning of the Services.

You may configure your OS to warn You about cookies, limit the types of cookies You allow, or refuse cookies; however, You may not be able to use some or all functionalities of the Services, or your experience may be different or less functional if you refuse/disable cookies.

By using Our Services, You agree to Our use of cookies, web beacons, and other Data Collection Tools, as described in this Policy.

6. DISCLOSURE OF YOUR INFORMATION

We may disclose your personal information to third parties in the following ways:

  • Service Providers: If Stepply AI's service providers (such as the identity provider, OpenAI for AI processing, NeonDB, Render.com, AWS services, Firebase for Analytics) need this information to provide services to Stepply AI, We require that they maintain the confidentiality and security of your personal information.
  • Specific Requests: Based on your specific requests, We may disclose your personal information to third parties so they can provide a service You requested.
  • Partners and Advertisers: We may disclose personal information to Advertisers or third parties offering goods or services complementary to Ours to improve the User experience, offering integrated features or special packages. Data may also be shared with partner companies for the purpose of redeeming Redeemable Points for gifts or prizes.
  • Business Transactions: In the event We sell or purchase any business or assets, We may disclose your personal information to the prospective seller or buyer. If Stepply AI or a substantial part of Our assets are acquired by a third party, the personal information We hold about Our Users will be one of the transferred assets.
  • Legal Compliance: If We have a duty to disclose or share your personal information to comply with any legal obligation, such as a subpoena, bankruptcy process, or similar legal process, or to execute or enforce Our contracts. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
  • Third-Party Platforms: With third parties, to display Stepply AI advertisements on those Third-Party Platforms.

7. ACCESS TO OR DELETION/CORRECTION OF PERSONAL INFORMATION

In compliance with applicable regulations regarding the processing of personal data, We respect and guarantee the User the possibility of submitting requests based on the following rights:

  • Confirmation of the existence of processing.
  • Access to data.
  • Correction of incomplete, inaccurate, or outdated data.
  • Anonymization, blocking, or elimination of unnecessary, excessive data, or data processed in non-compliance.
  • Portability of your data to another service or product provider, upon express request by the User.
  • Elimination of data processed with consent.
  • Obtaining information about the public or private entities with whom We share your data.
  • Information about the possibility of not providing your consent, as well as being informed about the consequences in case of refusal.
  • Revocation of consent.

You can access your personal information to change or update it at any time, through an online account or by sending a message to the designated email.

To request the deletion of your personal data We have archived, please send a message to the designated email. We will anonymize your data permanently and irrevocably. We will respond to your request in a timely manner, as required by applicable law.

You may withdraw your consent to the provisions of this Policy at any time by notifying Stepply AI via the electronic address.

The User is aware that the deletion of information essential for managing their account with Stepply AI will imply the termination of their registration and the consequent cancellation of the Services provided.

8. NOTIFICATION OF CHANGES TO THE PRIVACY POLICY

We may change the Platform's Privacy Policy at any time. If Stepply AI makes changes to how You use personal information, We will notify Our Users by sending an email.

Minor changes to this Policy may occur without significantly affecting how Stepply AI handles the collected information, so they may not need to be reported.

If You continue to access or use the Services after the effective date related to any change, such access or use will be interpreted as acceptance and agreement to comply with and be bound by this revised Policy. The revised Policy replaces all previous Privacy Policies. For this reason, We encourage you to review this Policy whenever you use the Services.

9. DATA PROTECTION OFFICER (“DPO”)

Stepply AI has designated the following Data Protection Officer (“DPO”) to protect Your privacy, answer your questions, receive comments, and/or resolve disputes related to Our Privacy Policy (following the organizational structure provided by the reference policy):

Department: Data Protection E-mail: [email protected]