Privacy Policy

Effective date: 2023-01-05
Last updated: 2025-11-19

At a glance

  • Who we are: Stepler AB (reg. no. 559199-9551), Drottninggatan 13, 652 25 Karlstad, Sweden (“Stepler”, “we”, “us”).
  • What we do: The Stepler mobile app and websites help you stay active, earn rewards, and (optionally) use Stepler Coach for structured wellness coaching.
  • What we collect & why: Account details, app activity, steps data (if you connect Apple Health/Google Health Connect/FitBit), purchase data (via app stores), support communications, analytics/ads data (if you consent).
  • Your choices: You can manage consent (analytics/ads), connect/disconnect Apple Health/Google Health Connect/FitBit, access/export/request deletion of data, and object to marketing—all in-app or by contacting us.
  • Contact: feedback@steplerapp.com (subject “Privacy”). Supervisory authority in Sweden: IMY (www.imy.se).

1. Who is responsible?

Stepler AB is the data controller for the processing described here (unless we say otherwise). Some services act as independent controllers (e.g., Apple/Google for in-app purchases; advertising networks when you leave our properties).

2. What this policy covers

This policy applies to the Stepler app, our websites (including steplerapp.com), and services available through them (the “Services”). You must be 13+ to use the Services.

3. Personal data we process

We collect data from you, from your use of the Services, and—only if you choose—from integrations such as Apple Health/Google Health Connect/FitBit.

3.1 Account & profile

  • Data: first and last name, email (optional), country, language, profile picture (optional), gender (optional), age (optional).
  • Why: create and manage your account; communicate with you; tailor the experience

3.2 App activity & device

  • Data: app events, session/usage logs, crash logs, IP address, device identifiers, OS/app version.
  • Why: deliver core functionality, performance, fraud/security.
  • Note: We do not collect precise GPS location.

3.3 Steps & fitness integrations (Health data)

  • Source: Apple Health / Google Heath Connect / FitBit (only if you connect and grant permission).
  • Data: step counts.
  • Why: deliver activity features (e.g., step verification, points, leaderboards) and Stepler Coach features you use.
  • Important: We do not use Apple Health/Google Health Connect/FitBit data for ads or marketing, and we do not share it with third parties for advertising.

3.4 Stepler Coach (optional)

  • Data: your program/package, goals, plan selections, progress (e.g., daily/weekly completions), check-ins/questionnaires, in-app coach interactions or prompts, and (if applicable) receipts or confirmations needed to support wellness allowance (friskvårdsbidrag) claims.
  • Why: perform the coaching contract; personalize your plan; measure progress; provide receipts/confirmations you request.
  • Sensitive data: When Coach data reflect or infer your health/fitness status, we process them only with your explicit consent and strictly for providing Coach features—not for marketing.

3.5 Purchases & rewards

  • Data: purchase confirmations (from Apple App Store/Google Play), product/offer selections, delivery details when needed for physical items (name, email, postal address), redemption history.
  • Why: fulfill purchases/redemptions, prevent abuse, comply with bookkeeping/tax laws.
  • Note: Payments are processed by Apple/Google (independent controllers). We do not receive your full card/payment details.

3.6 Friends & social (optional)

  • Data: your invited Stepler friends; limited data if you use social sign-in and approve yourself.
  • Why: enable friend invitation rewards and leaderboards features.

3.7 Support communications

  • Data: your messages to us, contact details, and related metadata.
  • Why: answer questions, fix issues, improve service quality.

3.8 Cookies, analytics & ads (consent-based)

  • Data: via cookies/SDKs—device identifiers, app/web interactions, ad interactions/impressions.
  • Why: understand usage, improve our Services, and (if you agree) personalize/measure ads.

4. Why we use your data (purposes & legal bases)

Purpose: Provide the Services

Examples: account, core features, security

Legal basis: Contract (Art. 6(1)(b)) + Legitimate interests for security (Art. 6(1)(f))

Purpose: Stepler Coach

Examples: step goals, progress, coach prompts

Legal basis: Contract (b). For health-related Coach data: Explicit consent (Art. 9(2)(a))

Purpose: Apple Health / Google Health Connect / FitBit

Examples: steps

Legal basis: Explicit consent (Art. 9(2)(a)), Consent (Art. 6(1)(a))

Purpose: Communications

Examples: service messages, product updates

Legal basis: Legitimate interests (f)

Purpose: Purchases / rewards & bookkeeping

Examples: reward claims, statutory records

Legal basis: Contract (b) + Legal obligation (c)

Purpose: Support

Examples: handle tickets, quality

Legal basis: Legitimate interests (f)

Purpose: Analytics (app/web)

Examples: usage insights, product improvement

Legal basis: Consent (a) (ePrivacy applies)

Purpose: Ads personalization / measurement

Examples: show relevant ads, measure effectiveness

Legal basis: Consent (a) (ePrivacy + GDPR)

5. Your choices & controls

  • Consent controls: Manage analytics/ads consent in the app (Settings) and on the web via the Cookie settings.
  • Health permissions: Connect/disconnect Apple Health/Google Health Connect/FitBit at any time through the app/provider settings.
  • Marketing: You can opt out of marketing emails and push at any time (phone settings and link in email footer).
  • Account & data: Request access/export, correction, deletion, or restriction (see Section 9).

6. How we share data

We share data only as needed to run the Services or when you ask us to.

  • Processors (service providers): e.g., cloud hosting, analytics, crash/error reporting, customer support, communication. We bind them with data-processing agreements and security requirements.
  • App stores / payment platforms: Apple and Google act as independent controllers for IAP.
  • Reward partners: We only share your data with a partner if you explicitly consent or when needed to fulfill a reward claim you initiate. Once shared, the partner is an independent controller of that data.
  • Legal/security: We may share where required by law or to protect users, our Services, or our rights.

International transfers. When we transfer data outside the EEA/UK, we use EU Standard Contractual Clauses (SCCs) and, where required, UK IDTA/Addendum and supplementary measures.

7. Retention — how long we keep data

We keep data only as long as needed for the stated purposes or to meet legal obligations. Typical periods:

Category: Account & profile

Retention: For your account lifetime; deleted within 30 days after account deletion.

Category: Apple Health / Google Health Connect / FitBit & Coach data

Retention: For your account lifetime or until you withdraw consent.

Some derived, non-identifiable aggregates may be retained (e.g., leaderboard placement).

Category: Purchases & tax records

Retention: 7 years (or the locally required statutory period).

Category: Support tickets

Retention: 12–24 months after the ticket is resolved.

Category: Security / fraud logs

Retention: 12 months unless needed for longer.

Category: Consent records

Retention: For as long as we need to demonstrate compliance.

Where a longer period is required to establish, exercise, or defend legal claims, we may retain strictly necessary data for that purpose.

8. Security

We apply industry-standard technical and organizational measures: encryption at rest/in transit, access controls/least privilege, audit logging, secure software development practices, vendor due diligence, and routine backups. We perform DPIAs for higher-risk processing (e.g., Coach + health data). If legally required, we’ll notify you and authorities of a personal data breach.

9. Your rights

Under GDPR, you can access, rectify, erase, restrict, object (including to marketing/profiling), and port your data, and withdraw consent at any time (without affecting prior processing).

  • Use in-app controls where available or email feedback@steplerapp.com (subject “Privacy”).
  • You can complain to your supervisory authority. In Sweden: IMY (Integritetsskyddsmyndigheten), www.imy.se.

10. Children

The Services are for users aged 13+. Do not use the Services or provide data if you are under 13. If you believe a child has provided data, contact us and we will take appropriate steps.

11. Changes to this Policy

We’ll post updates here and in-app. For material changes, we’ll provide an in-app notice or email. The “Last updated” date shows the latest revision.

12. Contact

Questions or requests: feedback@steplerapp.com (subject “Privacy”).

Postal: Stepler AB, Drottninggatan 13, 652 25 Karlstad, Sweden.

Millions of Steplers walk with us across 12 countries.

Have a nice walk!

We’ll count the steps and make sure there’s always fresh rewards to grab. You just enjoy moving your body.

Give Stepler a try
Product
Stepler AppCoachOur MissionBrand PartnersApp Features
Company
ContactBlogPress
Support
HelpTerms & ConditionsPrivacy Policy
Follow Us
InstagramFacebookTikTokSpotify
English
Svenska
Proudly made in Sweden
© 2025 Stepler AB, All Rights Reserved