Privacy Policy
We at StepsApp respect your privacy. We are glad to tell you more about which data is accessed, how it is used, and which services we use to enhance your StepsApp experience.
Privacy Policy – StepsApp GmbH
Version: 1.3
Last updated: 2025-10-21
This Privacy Policy explains how StepsApp GmbH handles personal data in accordance with the General Data Protection Regulation (EU 2016/679) (GDPR) and applicable national data protection laws.
1. Who We Are
Company: StepsApp GmbH
Address: Schuberstraße 6a, 8010 Graz, Austria
Email: info@steps.app
Website: https://steps.app
Support: https://steps.app/en/support/pedometer/ios
We are the controller responsible for your personal data when you use our apps and services.
2. What Data We Process
Below is an overview of the Data Types we collect and process:
| Data Type | Examples |
|---|---|
| Step data | Steps, distance, goals, age, sex, height |
| Extended health data | Weight, activity time, heartrate, sleep, period data & symptoms |
| Workout data | Exercise details (type, duration, calories burned, intensity) |
| Nutrition data | Nutrition details (consumed kcal/food intake) |
| Device and app info | Device model, operating system, app version, locale, timezone, language |
| Identifiers | Apple Identifier for Vendors (IDFV), Installation ID, Apple Identifier for Advertisers (IDFA) |
| Profile info | Username, avatar (auto-generated or user-uploaded), social links |
| Communication | Messages, group details, media content |
| Purchase data | Anonymized receipts, subscription status |
| Usage data | Crash reports, screen views, button taps, interaction times |
| Notification content | Notification payloads, debug logs (encrypted) |
| Contact data | Email address (account identification, newsletter) |
3. Why We Process Your Data
We collect and process your data to offer you the features of our app, improve your experience, and operate our services reliably and securely.
| Purpose | Data Type | Description | Legal Basis | Legitimate Interest | Is Data Provision Required? |
|---|---|---|---|---|---|
| App functionality | Step data | Enabling step tracking, activity goals, user profile features | Performance of a contract | Required to use the app. Without this data, the core features of the app cannot function properly. | |
| App functionality | Extended health data | Using weight, activity time, heartrate to provide activity insights, sleep, period data & symptoms | Legitimate interest | Helps us provide better health insights by combining all health data | Optional. If provided, you receive more detailed insights about your overall health. |
| App functionality | Workout data | Show workouts and calculate fitness level | Legitimate interest | Helps us provide better fitness/health insights by combining all activity data | Optional. You can track workouts and receive more detailed insights about your overall fitness/health. |
| App functionality | Nutrition data | Track consumed kcal/food intake & provide health insights | Legitimate interest | Helps us provide better fitness/health insights via food intake data | Optional. You can track calories and receive more detailed insights about your overall fitness/health. |
| App functionality | Device and app info | Device model, operating system, app version, locale, timezone, language | Performance of a contract | Required for proper app functionality. Without this data, the app may not work correctly. | |
| User communication | Communication | Chats, messages, group participation | Legitimate interest | Enable social interactions | Optional. Not providing data means chat or group features won't work. |
| Analytics & error reporting | Usage data | Understand usage patterns, detect crashes, improve app performance | Legitimate interest | Improve app reliability | Optional. You can disable this in the app. If not provided, our ability to fix bugs may be reduced. |
| Notifications | Notification content | Sending reminders, motivational messages | Legitimate interest | Improve user engagement | Optional. You can disable notifications. Without this data, you won't receive updates or reminders. |
| Advertising | Identifiers | Serving personalized and non-personalized ads | Legitimate interest | Provide targeted advertising | Optional. You can disable personalized tracking. Ads may still be shown but will be less relevant. |
| Purchases | Purchase data | Processing in-app purchases and subscriptions | Performance of a contract | Required for purchases. Without this data, purchases and subscriptions cannot be processed. | |
| Community features | Step data | Leaderboards and challenges | Performance of a contract | Optional. If you don't provide data, you can't take part in community rankings or challenges. | |
| Community features | Profile info | Username and avatar used in rankings | Performance of a contract | Optional. | |
| Newsletter | Contact data | Sending you marketing emails if you opt in | Consent | Voluntary. You can use the app without subscribing to the newsletter. | |
| Account identification & support | Contact data | Identifying your account for login, support cases, and account management | Performance of a contract | Required if you create an account. Optional for account creation if using Apple Sign-In with Hide My Email. |
4. Where We Store and Share Data
We use services that may process your data outside the European Economic Area. All international transfers are encrypted and rely on legal safeguards like the European Commission's Standard Contractual Clauses (SCCs) or participation in the EU–U.S. Data Privacy Framework.
| Provider | Purpose | Data Type | Transfer Mechanism | Country |
|---|---|---|---|---|
| Google Firebase / Cloud | Analytics, hosting, push delivery | All data types (see section 2) | SCC + Data Privacy Framework | USA |
| Google AdMob | Advertising | Identifiers | SCC + Data Privacy Framework | USA |
| Meta Ads | Advertising | Identifiers | SCC + Data Privacy Framework | USA |
| Amazon Web Services (AWS) | Infrastructure hosting | Device and app info | Standard Contractual Clauses | USA |
| Sentry | Crash reporting | Usage data | Standard Contractual Clauses | USA |
| RevenueCat | In-app purchase handling | Purchase data | Standard Contractual Clauses | USA |
| Superwall | Paywall testing | Purchase data | No personal data transferred | USA |
| OpenAI | Health insights | Steps data | SCC + Data Privacy Framework | USA |
| OpenAI | Health insights | Extended health data | SCC + Data Privacy Framework | USA |
| OpenAI | Workout feedback & health insights | Workout data | SCC + Data Privacy Framework | USA |
| OpenAI | Nutritional feedback & health insights | Nutrition data | SCC + Data Privacy Framework | USA |
| Replicate | Infrastructure hosting | Steps data | Data Processing Agreement (contractual safeguards) | USA |
| Replicate | Infrastructure hosting | Extended health data | Data Processing Agreement (contractual safeguards) | USA |
| Replicate | Infrastructure hosting | Workout data | Data Processing Agreement (contractual safeguards) | USA |
| Replicate | Infrastructure hosting | Nutrition data | Data Processing Agreement (contractual safeguards) | USA |
You may request copies of these safeguards by contacting info@steps.app.
5. How Long We Keep Your Data
| Data Type | Item / Example | Retention Period |
|---|---|---|
| Step data | Steps | 3 years after last step sync |
| Step data | Distance | 3 years after last step sync |
| Step data | Goals | 3 years after last step sync |
| Step data | Age | 3 years after last step sync |
| Step data | Sex | 3 years after last step sync |
| Step data | Height | 3 years after last step sync |
| Workout data | Exercise details | 3 years after last sync |
| Nutrition data | Consumed kcal/food intake | 3 years after last sync |
| Extended health data | Weight | 3 years after last sync |
| Extended health data | Activity time | 3 years after last sync |
| Extended health data | Heartrate | 3 years after last sync |
| Extended health data | Sleep | 3 years after last sync |
| Extended health data | Period data & symptoms | 3 years after last sync |
| Profile info | Username | 3 years after last sync |
| Profile info | Avatar | 3 years after last sync |
| Profile info | Social links | 3 years after last sync |
| Communication | Messages, group data | 3 years after last sync |
| Purchase data | Receipts | 7 years after account closure |
| Purchase data | Subscription status | 7 years after account closure |
| Usage data | Crash reports, screen views, interactions | Raw: 15 days; Aggregated: 3 years |
| Notification content | Notification payloads, debug logs | 15 days |
| Contact data | Newsletter email | Until you withdraw your consent or account deletion |
| Contact data | Account email | 30 days after account deletion |
| Apple HealthKit import | HealthKit data | Until disabled or account deleted |
| Leaderboard participation | Step and profile data | Until opt-out or account deletion |
6. Cookies and Tracking
We clearly distinguish data collected via the app from data collected through tracking technologies.
In-App Tracking
These identifiers and SDKs are used inside the app for various functions:
| Purpose | Tools & Providers |
|---|---|
| Analytics | Google Firebase, Sentry, internal analytics |
| Advertising | Google AdMob, Meta Ads, Google Advertising ID (GAID) |
| Device IDs | Apple IDFV, Apple IDFA, Installation ID |
You may manage tracking preferences in-app under:
Settings → Privacy Policy → Crash Logs / Usage Statistics / Personalized Ads
or at the system level:
iOS → Settings → Privacy & Security → Tracking
Cookies (Web Only)
When visiting our website, we use cookies for:
| Purpose | Description |
|---|---|
| Essential cookies | Required for the website to function (e.g., language preferences, settings) |
| Analytics | Understand visitor interactions, optimize website performance; the StepsApp website uses Google Analytics, a web analysis service by Google Inc. ("Google"). Google Analytics uses cookies to collect information about your visit, including your IP address. If IP anonymization is enabled, Google abbreviates the IP address within the EU or EEA before transfer. Only in exceptional cases is the full IP address sent to a Google server in the USA. The data is used to evaluate site usage and compile reports, but Google will not associate it with other Google data. |
| Marketing | Show relevant ads via partners like Google or Meta |
Google Analytics Details
- Prevent Tracking: You can prevent Google Analytics from recording data about your use of the StepsApp website, including your IP address, by installing the browser plugin available here: tools.google.com/dlpage/gaoptout.
- Data Handling: The StepsApp website uses the "anonymizeIP" code to anonymize user IP addresses.
- Privacy & Terms: Further information regarding Google Analytics' privacy provisions and terms of use can be found at google.com/analytics/terms.
You can adjust cookie settings at any time via the cookie banner or browser settings.
7. Your Rights
You have the following rights under GDPR:
- Access to your personal data
- Correction of inaccurate or incomplete data
- Deletion of your data ("right to be forgotten")
- Restriction of processing under certain conditions
- Data portability in a structured, machine-readable format
- Objection to processing based on our legitimate interest
- Withdraw consent at any time for processing based on your consent
- Complain to your local authority or the Austrian Data Protection Authority: www.dsb.gv.at
To exercise your rights, contact us at info@steps.app or via in-app settings.
8. Profiling & User Customization
We may use your behavioral data to:
- Show your rank in leaderboards or challenges
- Send you motivational messages
These features are part of our service and rely on our legitimate interest to improve engagement. They do not involve automated decisions with legal or similar effects.
You may disable:
- Leaderboards and challenges: via Settings → My Profile
- Notifications: via Settings → My Profile → Notifications
9. Is Providing Personal Data Required?
- Some data (e.g., steps, goals, and purchases) is required by contract. Without it, we cannot offer our core services.
- Other data (e.g., chat features, analytics, advertising preferences) is voluntary, and you may disable or avoid providing it without any legal or contractual consequences. However, not providing it may limit certain features or result in less optimized performance.
If you have questions about what is required vs optional, contact us at info@steps.app.
10. Age Restrictions
You must be:
- At least 16 years old in the European Union
- At least 13 years old elsewhere
If you are under the applicable age, do not use our apps or services.
11. Contact Information
We do not currently appoint a Data Protection Officer, as not legally required.
For any privacy concerns or questions, contact:
StepsApp GmbH
Email: info@steps.app
Website: https://steps.app
12. Changes to This Policy
- Version: 1.3
- Last Updated: 2025-10-21
- Significant changes will be communicated in the app and on our website.
- You can request previous versions at info@steps.app.
