StepGenie Privacy Policy

1) Quick Summary

We collect: account details (name, email), study activity, content you submit (questions, audio, notes), device and usage data, and limited payment metadata (via trusted processors).

We use data to: run StepGenie, personalize learning, improve quality, fight abuse, and (with consent) send product updates.

We share with: service providers (hosting, analytics, payment), affiliates, and when required by law. We don't sell your personal information.

Your choices: You can access, correct, download, or delete your data. You can opt out of marketing and certain analytics.

Sensitive stuff: No PHI, please. We're not a HIPAA-covered entity.

For EU/UK/India: We honor GDPR/DPDP rights and international transfer safeguards.

Minors: StepGenie is not for children under 13 (or under 16 in some regions).

Training AI: We do not use your identifiable content to train third-party foundation models without your consent.

2) Scope

This Policy explains how we handle personal data when you:

• Visit our websites, web apps, or mobile apps
• Create an account or use StepGenie features (e.g., voice, chat, QBank, study plans)
• Interact with us (support, feedback, surveys)
• Receive emails or notifications from us

This Policy doesn't cover third-party websites/services we link to.

3) What We Collect

A. Data you provide

• Account & Profile: name, email, password (hashed), avatar, role/status (e.g., IMG, MS2), timezone
• Study Content: prompts/questions, chat history, audio/voice inputs (if enabled), uploaded files/images, notes, bookmarks, feedback, and your responses within the product
• Preferences: topics, study goals, reminder/notification settings, beta/consent toggles
• Support & Surveys: messages, ratings, free-text responses

B. Data we get automatically

• Device & Log Data: IP address, device/browser type, OS, app version, language, referral URLs, pages viewed, clicks, session duration, crash reports, diagnostic logs
• Cookies/SDKs: identifiers to keep you signed in, remember settings, measure analytics
• Approximate Location: derived from IP for security, localization, and compliance (no precise GPS unless you enable it explicitly)

C. Data from others

• Payment Processors: limited billing metadata and payment status from Stripe/Razorpay/Paddle (we don't store full card numbers)
• Auth Providers: if you use Google/Apple sign-in, we receive your verified email and profile basics
• Vendors/Partners: anti-abuse signals, analytics/attribution data (aggregated or pseudonymous)

4) How We Use Data

• Provide the service: account creation, authentication, core features (chat, voice, QBank), progress tracking, mastery mapping, study plans, and customer support
• Personalize learning: adapt difficulty, surface weak areas, recommend topics, and tailor explanations
• Product quality & safety: debugging, monitoring, preventing fraud/abuse, service reliability, and enforcing our Terms
• Analytics & improvement: understanding feature usage, running A/B tests, improving accuracy/explanations
• Communications: transactional emails (receipts, security alerts), service announcements, and—with consent—product tips or promotions
• Legal compliance: tax, accounting, and responding to lawful requests
• AI features: We may process your interactions to generate responses, hints, and explanations. We may use de-identified/aggregated data to improve models and features. We will not use your identifiable content to train third-party foundation models without your explicit consent.

5) Legal Bases (EEA/UK)

We process personal data under:

• Contract (to provide StepGenie you requested)
• Legitimate interests (product improvement, security, anti-abuse, analytics)
• Consent (marketing emails, certain cookies, voice features, model training toggles)
• Legal obligations (tax, compliance)

You can withdraw consent anytime where applicable.

6) Cookies & Similar Tech

We use:

• Strictly Necessary (login, security)
• Functional (preferences)
• Analytics (usage metrics)
• (Optional) Marketing (campaign performance)

Manage cookies via in-product settings and your browser. Region-specific banners may appear where required.

7) How We Share Information

We do not sell personal information. We share:

• Service Providers/Processors: hosting (e.g., cloud infrastructure), storage, analytics, logging, email delivery, customer support, payments, voice processing (if enabled)
• Affiliates: controlled entities supporting StepGenie operations under this Policy
• Legal/Compliance: to comply with law, enforce terms, or protect rights/safety
• Business Transfers: merger, acquisition, financing, or sale; we'll notify you where required

Third parties must follow confidentiality and security obligations consistent with this Policy and applicable law.

8) International Data Transfers

We operate globally. If you're in the EEA/UK/Switzerland, we rely on appropriate safeguards (e.g., SCCs/IDTA) for transfers to countries like the U.S. We maintain additional technical and organizational measures to protect your data.

9) Data Retention

We keep personal data only as long as needed for the purposes above, then delete or de-identify it.

Typical periods (subject to change):

• Account profile & study history: active account + up to 24 months
• Session & device logs: 12–18 months
• Audio/voice recordings (if enabled): 30–180 days (configurable) or sooner if you delete
• Payment/billing records: 7 years (tax/audit)
• Backups: rolling cycles per our disaster recovery policy

You can request deletion at any time (see Your Rights).

10) Security

We use industry-standard safeguards: encryption in transit and at rest, least-privilege access, monitoring, secure development practices, and vendor due diligence. No system is 100% secure; report concerns to manav@stepgenie.ai.

11) Your Rights & Choices

Global (applies broadly)

• Access, correct, download (portability), and delete your data
• Object to or restrict certain processing (where applicable)
• Opt out of marketing emails and (where offered) analytics/ads cookies
• Manage voice/recording features and data retention (if enabled)

Request via manav@stepgenie.ai or in-product settings. We may verify your identity.

EEA/UK (GDPR)

Rights above plus the right to lodge a complaint with your local Supervisory Authority.

California (CPRA)

Right to know/access, correct, delete, and opt out of "sale" or "sharing" (we do not sell; limited "sharing" may occur for analytics/ads if enabled).

Other U.S. States

We provide access, correction, deletion, and opt-out of targeted advertising and certain profiling where required. Use in-product controls or contact us.

India (DPDP)

Right to access, correction, erasure, grievance redressal.

12) Children's Privacy

StepGenie is not for children under 13 (or under 16 where consent laws apply). We don't knowingly collect data from them. If you believe a child provided data, contact us to delete it.

13) Automated Decision-Making

We use AI to generate explanations, hints, and study plans. These do not produce legal or similarly significant effects about you. You may request human review of significant decisions (if any arise) and can opt out of certain personalization where offered.

14) Third-Party Services & Links

Our product may link to or integrate with third-party sites (e.g., video hosting, sign-in, payments). Their privacy practices are their own; review their policies.

Payments: We use processors like Stripe/Razorpay/Paddle. They handle your payment details under their policies. We receive limited billing metadata; we don't store full card numbers.

15) Do Not Track / Global Privacy Control

Some browsers send Do Not Track or GPC signals. We honor applicable opt-out signals where required by law (e.g., Colorado UOOM). Otherwise, behavior may vary by region and feature.

16) Changes to This Policy

We'll update this Policy as our services and laws evolve. If changes are material, we'll notify you (e.g., email or in-app). Continued use means you accept the updated Policy.

Version: v1.0 • Last updated: August 15, 2025

17) Contact Us