StepsApp Privacy Policy

1. Who We Are

Company: StepsApp GmbH

Address: Schuberstraße 6a, 8010 Graz, Austria

We are the controller responsible for your personal data when you use our apps and services.

2. What Data We Process

We process the categories of personal data set out below. What we process depends on which features you use and your settings.

Data Category	Examples
Step data	Steps, distance, goals, basic profile attributes used for step calculations (age, sex, height)
Extended health data	Weight, activity time, heartrate, sleep, menstrual cycle data & symptoms
Workout data	Exercise details (type, duration, calories burned, intensity)
Nutrition data	Nutrition details (consumed kcal/food intake)
Device and app info	Device model, operating system, app version, locale, time zone, language
Identifiers	Apple Identifier for Vendors (IDFV), Installation ID, Apple Identifier for Advertisers (IDFA) (where enabled)
Profile info	Username, avatar (auto-generated or user-uploaded), social links
Communications	Messages, group details, media content shared in community features
Purchase data	Anonymized receipts, subscription status, purchase history necessary to manage purchases
Usage data	Crash reports, screen views, user interactions, timestamps
Notification content	Notification payloads, debug logs (encrypted)
Contact data	Email address (account identification, newsletter)

3. Why We Process Your Data

We process your data for the purposes below. We thereby rely on the legal bases identified for each purpose.

Purpose	Data Categories	Description	Legal Basis	Is Data Provision Required?
Core app functionality	Step data; device and app info; profile info	Enabling step tracking, activity goals, user profile features	Performance of a contract	Required to use the app. Without this data, the core features of the app cannot function properly.
Optional health insights	Extended health data; workout data; nutrition data	Provide broader fitness/health insights by combining activity and health metrics	Performance of a contract; consent where legally required	Optional. If provided, you receive more detailed insights about your overall fitness/health.
User communications and social interaction	Profile info; communications	Enable user-to-user interactions and community moderation	Performance of a contract; legitimate interest (Enable social interactions)	Optional. Not providing data means chat or group features won't work.
Analytics & error reporting	Usage data; device and app info	Understand usage patterns, detect crashes, improve app performance	Legitimate interest (Improve app reliability)	Optional. You can disable this in the app. If not provided, our ability to fix bugs may be reduced.
Notifications	Notification content; contact data	Sending reminders, motivational messages	Legitimate interest (Improve user engagement)	Optional. You can disable notifications. Without this data, you won't receive updates or reminders.
Advertising	Identifiers	Serving personalized and non-personalized ads	Legitimate interest (Provide targeted advertising)	Optional. You can disable personalized advertising. Ads may still be shown but will be less relevant.
Purchases	Purchase data	Processing in-app purchases and subscriptions	Performance of a contract	Required for purchases. Without this data, purchases and subscriptions cannot be processed.
Community features	Step data; profile info	Providing leaderboards, challenges and rankings	Performance of a contract	Optional. If you don't provide data, you can't take part in community rankings or challenges.
Newsletter	Contact data	Sending you marketing emails if you opt in	Consent	Optional. You can use the app without subscribing to the newsletter.
Account identification & support	Contact data	Identifying your account for login, support cases, and account management	Performance of a contract	Required if you create an account. Optional for account creation if using Apple Sign-In with Hide My Email.

We share your date with the following categories of recipients. If your data is processed by our service providers (processors), we ensure that they only process your data within the scope of our instructions and for the respective purposes stated above.

Cloud and infrastructure providers (e.g., Google Cloud/Firebase, Amazon Web Services).
Analytics and crash reporting providers (e.g., Firebase, Sentry).
Advertising partners (e.g., Google AdMob, Meta Ads) for ad delivery and measurement.
Purchase and subscription infrastructure (e.g., RevenueCat).
AI-supported features providers (e.g., OpenAI, Replicate) to generate optional health and fitness insights.
Payment and app store system vendors, where applicable.
Competent authorities or legal advisors where required by law or to protect our rights.

Some recipients are located outside the European Economic Area (EEA), including in the United States. Where we transfer your data internationally, we use legally required safeguards such as the European Commission's Standard Contractual Clauses and, where applicable, participation in the EU-US Data Privacy Framework.

For more detailed information on this, or to obtain a copy of the standard contractual clauses agreed with the recipients, please contact us using the contact details in point 1 above.

5. How Long We Keep Your Data

Data Category	Retention Period
Step data	3 years after last step sync
Workout data	3 years after last sync
Nutrition data	3 years after last sync
Extended health data	3 years after last sync
Device and app info	[Please add]
Identifiers	Until disabled or account deleted
Profile info	3 years after last sync
Communications	3 years after last sync
Purchase data	7 years after account closure
Usage data	Raw: 15 days; Aggregated: 3 years
Notification content	15 days
Contact data (Newsletter email)	Until you withdraw your consent or account deletion
Contact data (Account email)	30 days after account deletion

6. Your Rights

You have the following rights under GDPR:

Access to your personal data.
Correction of inaccurate or incomplete data.
Deletion of your data ("right to be forgotten").
Restriction of processing under certain conditions.
Data portability in a structured, machine-readable format.
Objection to processing based on our legitimate interest.
Withdraw consent at any time for processing based on your consent (Withdrawal of consent does not affect the legality of the data processing carried out up to that point.)
Complain to your local authority or the Austrian Data Protection Authority (Datenschutzbehorde), Barichgasse 40-42, 1030 Vienna (www.dsb.gv.at).

To exercise your rights, contact us at [email protected] or via in-app settings.

7. Profiling & Automated processing

In accordance with Art. 22 GDPR, we do not use automated decision-making to make decisions about the establishment and implementation of a business relationship with you. No profiling is carried out when using our services.

We may use your data to:

Show your rank in leaderboards or challenges.
Send you motivational messages.

These features are part of our service and do not involve automated decisions with legal or similar effects.

You may disable:

Leaderboards and challenges: via Settings → My Profile.
Notifications: via Settings → My Profile → Notifications.

8. Is Providing Personal Data Required?

Some data (e.g., steps, goals, and purchases) is required by contract. Without it, we cannot offer our core services.

Other data (e.g., chat features, analytics, advertising preferences) is voluntary, and you may disable or avoid providing it without any legal or contractual consequences. However, not providing it may limit certain features or result in less optimized performance.

If you have questions about what is required vs optional, contact us at [email protected].

9. Contact Information

We do not currently appoint a Data Protection Officer, as not legally required.

For any privacy concerns or questions, contact:

StepsApp GmbH

Email: [email protected]

Website: https://steps.app

10. Website & Cookies

This section applies to visits to our websites (for example, steps.app and related pages).

10.1 Why we use cookies and similar technologies

Required cookies: to provide core website functions, security protections, and technical stability.
Preference cookies: to remember settings such as language and region.
Measurement cookies: to understand page usage and improve website content and performance.

Cookies are small text files stored by your browser. We may also use similar technologies such as local storage or SDK-based identifiers where relevant.

10.2 Analytics tools

For website analytics, we may use providers such as Google Analytics to evaluate site usage, compile aggregate reports, and improve our services. Where configured, IP anonymization is applied before further processing.

Google may process data outside the EEA. Where required, transfers are protected using appropriate safeguards such as the Standard Contractual Clauses.

More information: Google Analytics Terms and Google Privacy Policy.

10.3 How to manage cookies

You can block or delete cookies in your browser settings at any time.
You can disable Google Analytics using the browser add-on: tools.google.com/dlpage/gaoptout.
If you block required cookies, parts of the website may no longer work correctly.

Legal basis: required cookies are processed on the basis of our legitimate interests (Art. 6(1)(f) GDPR); non-essential measurement cookies are processed based on consent where legally required (Art. 6(1)(a) GDPR).

11. Changes to This Policy

Version: 1.5

Last Updated: 2026-03-02

Significant changes will be communicated in the app and on our website.

You can request previous versions at [email protected].