StepFlow
Sign in Get started free

Privacy Policy

Last updated: March 1, 2026

1. Who we are

StepFlow, Inc. ("StepFlow", "we", "our", or "us") operates the website stepflow.app and the StepFlow application at app.stepflow.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our service.

Questions? Contact us at privacy@stepflow.app.

2. Information we collect

Information you provide

  • Account information: name, email address, and password when you register.
  • Payment information: billing details processed by our payment processor (Stripe). We never store raw card numbers.
  • Content: videos you upload and manuals you create. This content is processed to generate your manuals and stored so you can access and share them.
  • Communications: messages you send to our support team.

Information collected automatically

  • Usage data: pages visited, features used, time spent, and actions taken within the application.
  • Device data: IP address, browser type, operating system, and referring URL.
  • Cookies: session cookies for authentication and preference cookies for your settings. We do not use third-party advertising cookies.

3. How we use your information

  • Provide, maintain, and improve the StepFlow service
  • Process your videos and generate manual content
  • Handle billing and prevent fraud
  • Respond to your support requests
  • Send you product updates and security notices (you can opt out of marketing emails at any time)
  • Understand how the product is used so we can make it better
  • Comply with legal obligations

We do not sell your personal information. We do not use your video content or manual content to train third-party AI models without your explicit consent.

4. How we share your information

We share information only in these limited circumstances:

  • Service providers: we use Stripe (payments), Cloudflare (infrastructure), and select AI API providers to process videos. These providers are contractually required to protect your data and may not use it for their own purposes.
  • Your team: content you share within a workspace is visible to other workspace members.
  • Public sharing: manuals you explicitly publish publicly are accessible to anyone with the link.
  • Legal requirements: we may disclose information if required by law, court order, or government authority.
  • Business transfers: if StepFlow is acquired, your information may transfer to the new owner under the same privacy protections.

5. Data retention

We retain your account data for as long as your account is active. When you delete your account, we delete your personal information within 30 days, except where we are required to retain it for legal or financial reasons (e.g., invoices are retained for 7 years). Video files and generated content are deleted within 90 days of account deletion.

6. Your rights

Depending on your location, you may have rights including:

  • Access to the personal information we hold about you
  • Correction of inaccurate information
  • Deletion of your information ("right to be forgotten")
  • Portability — export your data in a machine-readable format
  • Objection to certain types of processing

To exercise any of these rights, email privacy@stepflow.app. We will respond within 30 days.

7. Security

We use TLS encryption for all data in transit. Data at rest is encrypted using AES-256. We maintain SOC 2 Type II controls and conduct annual security audits. Despite these measures, no system is perfectly secure. If we become aware of a data breach affecting your information, we will notify you as required by law.

8. Children's privacy

StepFlow is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

9. International transfers

StepFlow operates globally. Your information may be transferred to and processed in the United States or other countries where our service providers operate. We use Standard Contractual Clauses approved by the European Commission for transfers from the EEA, UK, and Switzerland.

10. Changes to this policy

We may update this Privacy Policy from time to time. We'll notify you of material changes via email or a prominent notice in the application at least 14 days before they take effect. Your continued use of the service after the effective date constitutes acceptance of the updated policy.

11. Contact

StepFlow, Inc.
228 Park Ave S, PMB 87234
New York, NY 10003
privacy@stepflow.app