Privacy Policy
We at StepsApp respect your privacy. We are glad to tell you more about which data is accessed, how it is used, and which services we use to enhance your StepsApp experience.
Privacy Policy – StepsApp GmbH
Version: 1.1
Last updated: 2025-08-08
This Privacy Policy explains how StepsApp GmbH handles personal data in accordance with the General Data Protection Regulation (EU 2016/679) (GDPR) and applicable national data protection laws.
1. Who We Are
Company: StepsApp GmbH
Address: Schuberstraße 6a, 8010 Graz, Austria
Email: info@steps.app
Website: https://steps.app
Support: https://steps.app/en/support/pedometer/ios
We are the controller responsible for your personal data when you use our apps and services.
2. Why We Process Your Data
We collect and process your data to offer you the features of our app, improve your experience, and operate our services reliably and securely.
| Purpose | Description | Legal Basis | Is Data Provision Required? |
|---|---|---|---|
| App functionality | Enabling step tracking, activity goals, user profile features | Performance of a contract | Required to use the app. Without this data, the core features of the app cannot function properly. |
| User communication | Chats, messages, group participation | Legitimate interest | Optional. Not providing data means chat or group features won't work. |
| Analytics & error reporting | Understand usage patterns, detect crashes, improve app performance | Legitimate interest | Optional. You can disable this in the app. If not provided, our ability to fix bugs may be reduced. |
| Notifications | Sending reminders, motivational messages | Legitimate interest | Optional. You can disable notifications. Without this data, you won't receive updates or reminders. |
| Advertising | Serving personalized and non-personalized ads | Legitimate interest | Optional. You can disable personalized tracking. Ads may still be shown but will be less relevant. |
| Purchases | Processing in-app purchases and subscriptions | Performance of a contract | Required for purchases. Without this data, purchases and subscriptions cannot be processed. |
| Community features | Leaderboards and challenges | Performance of a contract | Optional. If you don't provide data, you can't take part in community rankings or challenges. |
| Newsletter | Sending you marketing emails if you opt in | Consent | Voluntary. You can use the app without subscribing to the newsletter. |
3. What Data We Process
Below is an overview of the categories of personal data we collect and process:
| Category | Examples |
|---|---|
| Health and activity | Steps, distance, weight, height, activity time, goals, age, sex |
| Device and app info | Device model, operating system, app version, locale, timezone, language |
| Identifiers | Apple Identifier for Vendors (IDFV), Installation ID, Apple Identifier for Advertisers (IDFA) |
| Profile info | Username, avatar (auto-generated or user-uploaded), social links |
| Communication | Messages, group details, media content |
| Purchase data | Anonymized receipts, subscription status |
| Usage data | Crash reports, screen views, button taps, interaction times |
| Notification content | Notification payloads, debug logs (encrypted) |
| Contact data | Email address (newsletter only) |
4. Where We Store and Share Data
We use services that may process your data outside the European Economic Area. All international transfers are encrypted and rely on legal safeguards like the European Commission's Standard Contractual Clauses (SCCs) or participation in the EU–U.S. Data Privacy Framework.
| Provider | Purpose | Transfer Mechanism | Country |
|---|---|---|---|
| Google Firebase / Cloud | Analytics, hosting, push delivery | SCC + Data Privacy Framework | USA |
| Google AdMob | Advertising | SCC + Data Privacy Framework | USA |
| Meta Ads | Advertising | SCC + Data Privacy Framework | USA |
| Amazon Web Services (AWS) | Infrastructure hosting | Standard Contractual Clauses | USA |
| Sentry | Crash reporting | Standard Contractual Clauses | USA |
| RevenueCat | In-app purchase handling | Standard Contractual Clauses | USA |
| Superwall | Paywall testing | No personal data transferred | USA |
| Gravite | Advertising attribution (EEA only) | Not applicable (no international transfer) | EEA |
| OpenAI | Nutritional feedback (CalApp only) | SCC + Data Privacy Framework | USA |
You may request copies of these safeguards by contacting info@steps.app.
5. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Core app data | 3 years after last step sync |
| Messaging, profile data | 3 years after last sync |
| Analytics and crash logs | Raw: 15 days; Aggregated: 3 years |
| Notification content | 15 days |
| In-app purchase records | 6 years after account closure |
| Leaderboard participation | Until opt-out or deletion |
| Newsletter subscriptions | Until you withdraw your consent |
| Apple HealthKit import | Until disabled or account deleted |
6. Cookies and Tracking
We clearly distinguish data collected via the app from data collected through tracking technologies.
In-App Tracking
These identifiers and SDKs are used inside the app for various functions:
| Purpose | Tools & Providers |
|---|---|
| Analytics | Google Firebase, Sentry, internal analytics |
| Advertising | Google AdMob, Meta Ads, Google Advertising ID (GAID) |
| Attribution | Gravite |
| Device IDs | Apple IDFV, Apple IDFA, Installation ID |
You may manage tracking preferences in-app under:
Settings → Privacy Policy → Crash Logs / Usage Statistics / Personalized Ads
or at the system level:
iOS → Settings → Privacy & Security → Tracking
Cookies (Web Only)
When visiting our website, we use cookies for:
| Purpose | Description |
|---|---|
| Essential cookies | Required for the website to function (e.g., language settings) |
| Analytics | Understand visitor interactions, optimize website performance |
| Marketing | Show relevant ads via partners like Google or Meta |
You can adjust cookie settings at any time via the cookie banner or browser settings.
7. Your Rights
You have the following rights under GDPR:
- Access to your personal data
- Correction of inaccurate or incomplete data
- Deletion of your data ("right to be forgotten")
- Restriction of processing under certain conditions
- Data portability in a structured, machine-readable format
- Objection to processing based on our legitimate interest
- Withdraw consent at any time for processing based on your consent
- Complain to your local authority or the Austrian Data Protection Authority: www.dsb.gv.at
To exercise your rights, contact us at info@steps.app or via in-app settings.
8. Profiling & User Customization
We may use your behavioral data to:
- Show your rank in leaderboards or challenges
- Send you motivational messages
These features are part of our service and rely on our legitimate interest to improve engagement. They do not involve automated decisions with legal or similar effects.
You may disable:
- Leaderboards and challenges: via Settings → My Profile
- Notifications: via Settings → My Profile → Notifications
9. Is Providing Personal Data Required?
- Some data (e.g., steps, goals, and purchases) is required by contract. Without it, we cannot offer our core services.
- Other data (e.g., chat features, analytics, advertising preferences) is voluntary, and you may disable or avoid providing it without any legal or contractual consequences. However, not providing it may limit certain features or result in less optimized performance.
If you have questions about what is required vs optional, contact us at info@steps.app.
10. Age Restrictions
You must be:
- At least 16 years old in the European Union
- At least 13 years old elsewhere
If you are under the applicable age, do not use our apps or services.
11. Specific Apps by StepsApp GmbH
Some apps may process additional types of data. Notably:
CalApp (nutrition feedback)
- Purpose: AI-powered analysis of meals and nutrition
- Data: User input (e.g., meals), age, gender, weight, language
- Legal basis: Performance of a contract and legitimate interest
- Retention:
- API inputs are temporarily logged by our processor for up to 30 days to monitor abuse and ensure service quality.
- We also retain user input data (e.g., meal images, meal texts) for up to 2 years in order to analyze trends and improve the accuracy, relevance, and user experience of our nutrition-related features. This processing is based on our legitimate interest in optimizing the product.
- Processor: OpenAI (USA – Standard Contractual Clauses + Data Privacy Framework)
We do not make automated decisions that produce legal or similarly significant effects.
You can request the deletion of your CalApp data at any time by contacting info@steps.app.
If you do not provide nutritional input data, the app's features will not function as intended.
12. Contact Information
We do not currently appoint a Data Protection Officer, as not legally required.
For any privacy concerns or questions, contact:
StepsApp GmbH
Email: info@steps.app
Website: https://steps.app
13. Changes to This Policy
- Version: 1.1
- Last Updated: 2025-08-08
- Significant changes will be communicated in the app and on our website.
- You can request previous versions at info@steps.app.
