1. Introduction
Welcome to StepMode. This Privacy Policy explains how Olawale Filani ("StepMode," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our mobile application and related services (collectively, the "Service").
We are committed to protecting your privacy and ensuring you understand how your data is handled. Please read this policy carefully. By using StepMode, you agree to the collection and use of information in accordance with this policy.
Age Requirement: StepMode is intended for users aged 13 and older. We do not knowingly collect personal information from anyone under the age of 13.
2. Quick Links
Click on the links below to jump to specific sections:
3. Information We Collect
We collect information in several ways: directly from you, automatically when you use the Service, and from third-party sources.
3.1 Information You Provide Directly
Account Information
When you create an account, we collect:
- Name
- Email address
- Date of birth
- Gender
- Password (encrypted)
Profile Information
To personalize your experience, you may provide:
- Profile photo
- Height and weight
- Fitness goals (e.g., lose weight, build muscle, stay active)
- Target body areas
- Workout frequency preferences
- Available equipment
Fitness and Health Data
When you use our fitness features, we collect:
- Workout completion records
- Exercise history and preferences
- Workout difficulty ratings and feedback
- Progress tracking data
User-Generated Content
When you use our social features, we collect:
- Posts and photos you share
- Comments and replies
- Likes and saved content
- Information about users you follow
Safety and Moderation Data
To maintain a safe community, we collect:
- Content reports you submit (including report type and description)
- Users you have blocked
- EULA acceptance records (version accepted and timestamp)
- Content moderation decisions and actions taken
Communications
When you contact us, we collect:
- Support inquiries and correspondence
- Feedback and suggestions
3.2 Information Collected Automatically
Device and Usage Information
When you use the Service, we automatically collect:
- Device type, model, and operating system
- Unique device identifiers
- App version
- Usage patterns (features accessed, time spent, interactions)
- Crash reports and performance data (via Sentry)
Log Data
Our servers automatically record:
- Access times and dates
- App features accessed
- Error logs and diagnostics
3.3 Information from Third-Party Sources
Apple Health Integration
With your explicit permission, we read the following data from Apple Health:
Important: We only read this data to display within the app. We do not store Apple Health data on our servers, sell it, use it for advertising, or share it with third parties. You can revoke this access at any time through your device's Settings > Health > Data Access & Devices.
Social Login Providers
If you choose to sign in using Google or Apple, we receive:
- Name
- Email address
- Profile photo (if available and permitted)
We do not receive your password from these providers. We only receive information you authorize during the sign-in process.
4. How We Use Your Information
We use your information for the following purposes:
4.1 Providing and Improving the Service
- Create and manage your account
- Generate personalized workout plans using AI
- Track your fitness progress and display statistics
- Display step count from Apple Health
- Enable social features (posts, follows, likes, comments)
- Provide customer support
4.2 Personalization
- Customize workout recommendations based on your goals and preferences
- Adapt the app experience to your fitness level
- Provide personalized motivation and coaching messages
4.3 Communication
- Send push notifications (workout reminders, motivation, social activity)
- Respond to your support requests
- Send important service announcements
4.4 Safety, Security, and Content Moderation
- Monitor for and prevent fraud, abuse, and security incidents
- Diagnose and fix technical issues
- Ensure compliance with our Terms of Service
- Automatically screen content using AI moderation to detect policy violations
- Process and investigate user reports of objectionable content
- Enforce blocking relationships between users
- Take action against users who violate community guidelines
4.5 Analytics and Improvement
- Understand how users interact with the app
- Identify and fix bugs and crashes
- Develop new features and improve existing ones
4.6 Legal Compliance
- Comply with applicable laws and regulations
- Respond to legal requests and prevent harm
- Protect our rights and the rights of others
5. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|
| Providing the Service, managing your account | Contract: Necessary to perform our contract with you |
| Reading Apple Health data | Consent: Based on your explicit opt-in permission |
| Processing health and fitness data | Consent: You provide this data voluntarily to use fitness features |
| Sending push notifications | Consent: Based on your device permission settings |
| Analytics and crash reporting | Legitimate Interest: To improve and secure our Service |
| Fraud prevention and security | Legitimate Interest: To protect users and the Service |
| Legal compliance | Legal Obligation: To comply with applicable laws |
Where we rely on consent, you have the right to withdraw it at any time. Where we rely on legitimate interests, you have the right to object (see "Your Privacy Rights" below).
6. How We Share Your Information
We do not sell your personal information. We share your information only in the following limited circumstances:
6.1 With Other Users
When you use social features, certain information is visible to other users:
- Your profile name and photo
- Posts, photos, and content you share publicly
- Your followers and following lists (based on your privacy settings)
- Likes and comments you make on public posts
You can control your profile visibility through your privacy settings in the app.
6.2 With Service Providers
We work with trusted third-party service providers who assist us in operating the Service:
- Hosting and Infrastructure: Cloud servers to store and process data
- Authentication: Google and Apple for social sign-in
- Error Monitoring: Sentry for crash reporting and diagnostics
These providers are contractually bound to protect your data and may only use it to provide services to us.
6.3 For Legal Reasons
We may disclose your information if required to do so by law or if we believe in good faith that such action is necessary to:
- Comply with legal obligations or valid legal processes
- Protect and defend our rights or property
- Prevent fraud or abuse of the Service
- Protect the personal safety of users or the public
6.4 Business Transfers
If StepMode is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice in the app before your information becomes subject to a different privacy policy.
6.5 What We Don't Share
- We do not sell your personal information to third parties
- We do not share data with advertising networks
- We do not share Apple Health data with any third parties
- We do not share your data with data brokers or marketing partners
7. Third-Party Services
7.1 Apple Health
StepMode integrates with Apple Health to read your step count data. This integration is governed by Apple's terms and privacy policy. Key points:
- We only access data you explicitly authorize
- Data is read locally on your device for display purposes
- We do not store Apple Health data on our servers
- We never share Apple Health data with third parties
- You can revoke access anytime via iOS Settings > Health
7.2 Google Sign-In
If you sign in with Google, Google's Privacy Policy applies to information collected by Google. We only receive the basic profile information you authorize.
7.3 Apple Sign-In
If you sign in with Apple, Apple's Privacy Policy applies to information collected by Apple. Apple allows you to hide your email address, in which case we receive a relay email address.
7.4 Sentry (Error Monitoring)
We use Sentry to monitor app crashes and errors. Sentry may collect:
- Device information and operating system
- App state at the time of a crash
- Error stack traces
This data is used solely for debugging and improving app stability. Sentry's privacy policy governs their handling of this data.
7.5 OpenAI (Content Moderation)
We use OpenAI's Moderation API to automatically screen user-generated content for policy violations:
- What is sent: Text content from posts, comments, usernames, and profile bios
- Purpose: To detect hate speech, harassment, self-harm content, sexual content, violence, and other objectionable material
- Data retention: OpenAI does not retain content sent to the Moderation API
- No training: Your content is not used to train OpenAI's models
This processing is necessary to maintain a safe community and comply with App Store guidelines. OpenAI's privacy policy and usage policies govern their handling of this data.
8. Data Retention
We retain your information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.
| Data Type | While Account Active | After Account Deletion |
|---|
| Account information (name, email, DOB, gender) | Retained | Deleted within 30 days |
| Profile photo | Retained | Deleted within 30 days |
| Body measurements (height, weight) | Retained | Deleted within 30 days |
| Workout history and completions | Retained | Deleted within 30 days |
| Posts and shared content | Retained | Deleted or anonymized within 30 days |
| Apple Health data (steps) | Not stored on our servers | N/A |
| Error logs (Sentry) | 90 days | 90 days |
| Support communications | 2 years | 2 years |
| Content reports submitted | 2 years | 2 years (for legal compliance) |
| Block relationships | Retained | Deleted within 30 days |
| EULA acceptance records | Retained | Deleted within 30 days |
| Backup systems | N/A | Purged within 90 days |
Exceptions: We may retain certain information longer if required for legal compliance, dispute resolution, fraud prevention, or to enforce our agreements.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
- Encryption at Rest: Sensitive data is encrypted when stored on our servers
- Secure Authentication: Passwords are hashed using industry-standard algorithms; we support secure social login
- Access Controls: Employee access to personal data is restricted and logged
- Regular Security Reviews: We regularly review and update our security practices
While we strive to protect your information, no method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately.
10. International Data Transfers
StepMode is operated globally. Your information may be transferred to and processed in countries other than your country of residence, including countries that may not provide the same level of data protection as your home country.
If you are located in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for international transfers, including:
- Standard Contractual Clauses approved by the European Commission
- Transfers to countries with adequacy decisions
- Other legally approved transfer mechanisms
By using StepMode, you consent to the transfer of your information to countries outside your country of residence.
11. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
11.1 Rights for All Users
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your account and personal data
- Data Portability: Request your data in a portable format
- Withdraw Consent: Withdraw consent for processing based on consent
- Opt-Out: Opt out of push notifications via device settings
To exercise these rights, you can use the account settings in the app or contact us at info@stepmode.app.
11.2 Additional Rights for EEA, UK, and Swiss Users (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, you also have the right to:
- Restrict Processing: Request restriction of processing in certain circumstances
- Object to Processing: Object to processing based on legitimate interests
- Lodge a Complaint: File a complaint with your local data protection authority
We will respond to your request within 30 days. We may ask for verification of your identity before processing your request.
11.3 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know: Request information about the categories and specific pieces of personal information we collect
- Delete: Request deletion of your personal information
- Opt-Out of Sale: We do not sell personal information, so this right does not apply
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights
To submit a request, email us at info@stepmode.app with "California Privacy Request" in the subject line.
11.4 Additional Rights for Brazilian Users (LGPD)
If you are in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including:
- Confirmation of the existence of processing
- Access to your data
- Correction of incomplete or inaccurate data
- Anonymization, blocking, or deletion of unnecessary data
- Data portability
- Information about third parties with whom we share data
- Revocation of consent
11.5 Additional Rights for Canadian Users
If you are in Canada, you have rights under PIPEDA and provincial privacy laws, including:
- Access to your personal information
- Correction of inaccurate information
- Withdrawal of consent for certain processing
12. Children's Privacy
StepMode is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@stepmode.app.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make changes:
- We will update the "Effective Date" at the top of this policy
- For significant changes, we will notify you via email or in-app notification
- We encourage you to review this policy periodically
Your continued use of StepMode after any changes indicates your acceptance of the updated policy.