Privacy Policy for Step
Effective Date: 10/28/25
Introduction
Step is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and safeguard your information when you use our AI chatbot app ("the App"). By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.
1. Information We Collect
1.1 Calendar Data (Optional):
With your explicit consent, we may request access to your device's calendar data. This data is used to enhance your interaction with the chatbot, allowing us to provide more tailored responses. You can choose not to grant access to your calendar, and the chatbot will still function without it.
1.2 Bank Transactions (Optional; via Plaid):
If you choose to connect a financial account, we use Plaid to facilitate a secure connection to your bank. We do not receive or store your bank credentials. When connected, we may receive transaction metadata (for example: date, merchant name, amount, category, and related account identifiers) from Plaid so we can provide budgeting and spending insights. You can disconnect accounts at any time in Settings, which revokes access and triggers deletion of related transaction records from our systems as described below.
1.3 Chatbot Conversations:
All conversations you have with the chatbot within the App are collected and shared with OpenAI, a third-party service, to generate appropriate responses and enhance your experience. This includes both the questions you ask and the responses generated by the chatbot.
1.4 Health Data (Optional; Apple Health on iOS and Health Connect on Android):
With your explicit consent, we may collect certain health and fitness data from Apple Health (HealthKit) and/or Android Health Connect. You choose which data types to share and can change this at any time in the respective Health settings. Examples include: steps, distance walked/running, floors climbed, active (non‑resting) calories burned, exercise sessions and/or exercise minutes, heart rate (including resting heart rate), and sleep. On iOS we may also receive stand time and time in daylight (iOS 17+). On Android, you may be asked to grant optional permissions for Background access (to allow periodic reads while the app is not open) and Access past data (to read more than the default 30 days of history).
2. How We Use Your Information
2.1 Calendar Data:
If you choose to provide access to your calendar data, this information may be used in API requests to OpenAI to provide you with more relevant and contextual responses in your interactions with the chatbot. It is also used for scheduling follow ups.
2.2 Bank Transactions:
If you connect a financial account, we use transaction metadata received from Plaid to power budgeting features (for example, summaries, trends, and personalized insights). We do not use this information for advertising.
2.3 Conversations:
The conversations you have with the chatbot are shared with OpenAI solely for the purpose of generating responses and improving the overall chatbot experience. We do not use your conversation data for any other purpose.
2.4 Health Data:
We use the health data you choose to share to provide wellness coaching features (for example, trends, summaries, and personalized nudges). We do not use health data for advertising. We may process this data with our service providers solely to deliver the features of the App. The App is for general wellness purposes and does not provide medical advice, diagnosis, or treatment.
3. Data Sharing
3.1 Sharing with OpenAI:
We share the data you provide, including calendar data (if you consent), health data (if you consent), and conversation content, with OpenAI to generate responses within the chatbot and related wellness insights. OpenAI acts as our processor/service provider. (For clarity, we do not permit OpenAI to use your API data for its own model training.)
3.2 Sharing with Plaid:
If you choose to connect a financial account, we use Plaid to access transaction metadata from your bank. Plaid is a service provider that enables secure bank connections. Your bank login credentials are not shared with us; they are provided directly to Plaid. For more information about Plaid’s privacy practices, please visit https://plaid.com/legal/.
3.3 No Sale of Data:
We do not sell your personal or sensitive data to third parties for monetary consideration.
4. Data Security
We take the security of your data seriously and implement modern encryption methods, such as HTTPS, to transmit data securely and encryption at rest where appropriate. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. We do not store HealthKit data in iCloud.
5. Your Rights and Choices
5.1 Consent and Permissions:
Before accessing your calendar or health data, the App will request your explicit consent using the system dialogs (Apple Health or Android Health Connect). On Android, you may also be asked to grant Background access (to allow periodic reads while the app is not open) and Access past data (to read more than the default 30 days of history); both are optional. You can grant or deny any of these permissions. Your chatbot conversations are automatically shared with OpenAI to generate responses; by using the App, you consent to this data sharing.
5.2 Enabling/Disabling Bank Connections:
You can enable or disable bank connections at any time in Settings. Disabling a connection revokes access and prompts the deletion of associated transaction records from our databases within a reasonable period of time, subject to any legal or operational requirements.
5.3 Withdrawal of Consent:
If you have granted access to your calendar or health data and wish to withdraw your consent, you can do so by adjusting the app's permissions through your device settings. On iOS, manage health permissions in the Health app. On Android, manage health permissions in Health Connect (including Background access and Access past data). Please note that this may affect the App’s ability to provide certain features.
5.4 Health Data Controls:
You can enable or disable health data sharing at any time:
• iOS: Health app → Apps → Step Habits → manage data types.
• Android: Health Connect → App permissions → Step Habits → manage data types, Background access, and Access past data.
When you revoke permissions, we will stop collecting new health data. You may request deletion of previously stored health data as described below.
5.5 Deletion of Health Data Stored by Us:
You may request deletion of health data we store by using the in‑app delete‑account flow or by contacting us. We will delete associated health records from our systems within a reasonable period of time, subject to legal or operational requirements.
6. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will revise the "Effective Date" at the top of this Policy. Your continued use of the App after any changes signifies your acceptance of the updated Privacy Policy.
7. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at info@StepHabits.com
