Privacy Policy

Last updated: January 2026

Introduction

At Microstep ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our personal tracking application ("the App").

By using the App, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

• Account Information: Email address and password when you create an account
• Profile Information: Display name and preferences you set
• Tracking Data: Goals, projects, custom metrics, and log entries you create
• Custom Fields: Any custom tracking fields you define (duration, mood, notes, etc.)
• Support Communications: Information you provide when contacting us for support

Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers, and app version
• Usage Data: Features used, session duration, interactions with the App
• Crash Reports: Technical data to help us identify and fix bugs
• Log Data: IP address, access times, and pages viewed (for our website)

Information We Do NOT Collect

• Location data
• Contacts or address book
• Photos or camera access (unless you explicitly upload images)
• Health data from Apple HealthKit or Google Fit

How We Use Your Information

We use your information to:

• Provide, maintain, and improve the App
• Process your transactions and manage your subscription
• Send important service updates and security alerts
• Respond to your support requests
• Analyze usage patterns to improve user experience
• Ensure security and prevent fraud
• Comply with legal obligations

We do NOT use your data for:

• Advertising or marketing to third parties
• Selling to data brokers

AI-Powered Features

The App uses third-party AI services (such as Google Gemini and OpenAI) to provide certain features like goal suggestions and insights. When you use these features:

• Your relevant tracking data may be sent to these AI providers to generate responses
• We only share the minimum data necessary for the feature to work
• These providers process data according to their own privacy policies

We do not use your data to train our own AI models. Third-party AI providers may have their own data retention and usage policies — please review their privacy policies for details.

Data Storage and Security

Local Storage

Your tracking data is primarily stored locally on your device. This means your data remains private and accessible even without an internet connection.

Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (TLS/SSL)
• Secure authentication protocols
• Regular security assessments
• Access controls limiting employee access to user data
• Secure development practices

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email and/or in-app notification within 72 hours of becoming aware of the breach, as required by applicable law.

Data Sharing

We do not sell your personal information.

We may share data only in these limited circumstances:

• Service Providers: Trusted partners who help us operate the App, including:

  • Cloud infrastructure providers
  • Analytics services (anonymized data only)
  • Payment processors (for subscription management via Apple)
  • Customer support tools

• Legal Requirements: When required by law, subpoena, or court order, or to protect our rights, property, or safety

• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change.

• With Your Consent: When you explicitly authorize sharing

Your Rights

All Users

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Delete your account and all associated data
• Export: Download your data in a portable format (JSON/CSV)
• Opt-out: Disable optional analytics and data collection

To exercise these rights, contact us at hello@microstepapp.com or use the in-app settings.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: You can request details about the categories and specific pieces of personal information we collect, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.

• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

• Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.

• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To make a CCPA request, email hello@microstepapp.com with "CCPA Request" in the subject line. We will verify your identity before processing your request.

European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation:

• Legal Basis for Processing: We process your data based on:

  • Contract performance (to provide the App service)
  • Legitimate interests (to improve and secure the App)
  • Consent (for optional features like analytics)

• Additional Rights: In addition to access, correction, and deletion, you have the right to:

  • Data portability
  • Restrict processing
  • Object to processing
  • Withdraw consent at any time

• Data Transfers: Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers.

• Complaints: You have the right to lodge a complaint with your local data protection authority.

• Contact: For GDPR-related inquiries, email hello@microstepapp.com.

Data Retention

• Active Accounts: We retain your data for as long as your account is active and as needed to provide services.

• Deleted Accounts: When you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal, tax, or audit purposes.

• Anonymized Data: We may retain anonymized, aggregated data that cannot identify you for analytics purposes.

• Backups: Deleted data may persist in backups for up to 90 days before being permanently removed.

Children's Privacy

Microstep is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@microstepapp.com. If we discover we have collected information from a child under 13, we will delete it promptly.

Third-Party Services

The App may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

Third-Party SDKs and Services

The App may use the following third-party services:

• Apple App Store: For app distribution and in-app purchases
• Google Gemini / OpenAI: For AI-powered features (goal suggestions, insights). Your tracking data may be processed by these services when you use AI features. See their privacy policies: Google Privacy Policy, OpenAI Privacy Policy
• Analytics: Privacy-focused analytics to understand usage (no personal data shared)

Analytics

We use privacy-focused analytics to understand how users interact with the App. This data is anonymized and aggregated, meaning it cannot be used to identify individual users. You can opt out of analytics in the App settings.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy in the App
• Sending an email notification
• Displaying an in-app notice

The "Last updated" date at the top indicates when the policy was last revised. Your continued use of the App after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@microstepapp.com

We aim to respond to all inquiries within 30 days.

By using Microstep, you acknowledge that you have read and understood this Privacy Policy.