Last Updated: January 23, 2025
1. Introduction
Welcome to Stepster. This Privacy Policy explains how Mobixo AI ("we," "us," or "our") collects, uses, protects, and shares your personal information when you use the Stepster mobile application ("App").
We are committed to protecting your privacy and complying with applicable data protection regulations, including GDPR (General Data Protection Regulation) and KVKK (Turkish Personal Data Protection Law).
Key Privacy Principles
- Your health data is stored securely and never sold to third parties
- You control what data you share and can delete it at any time
- We use industry-standard encryption to protect your information
- We comply with GDPR, KVKK, and health data protection regulations
2. Information We Collect
Health and Fitness Data
With your explicit permission, we collect and process the following health-related information:
- Step Count: Daily step data from Apple Health (HealthKit)
- Calorie Data: Food intake and exercise calorie information you manually enter or upload
- Food Photos: Images of food you upload for AI calorie analysis
- Exercise Data: Workout information and activity logs
- Body Metrics: Weight, height, and other health metrics you optionally provide
Account Information
- Email Address: For account creation and communication
- Name: Optional, for personalization
- Profile Photo: Optional user avatar
Usage Data
- App Activity: Features used, session duration, interaction patterns
- Device Information: iOS version, device model, app version
- Analytics: Crash reports, performance metrics, feature usage statistics
Payment Information
- Subscription Data: Purchase records, subscription status (processed by Apple)
- Note: We do not store your payment card details. All payments are securely processed through Apple's App Store.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Step Tracking | Step count from HealthKit | Your explicit consent |
| Calorie Analysis | Food photos, manual entries | Performance of service |
| AI Features | Food images, text input | Performance of service |
| Subscription Management | Purchase records, email | Contractual necessity |
| Customer Support | Email, usage data | Legitimate interest |
| App Improvement | Analytics, crash reports | Legitimate interest |
4. Third-Party Services
Services We Use
Apple Health (HealthKit): We integrate with Apple Health to read step count data. Your health data is stored locally on your device and synced with our servers only with your permission.
Firebase (Google): We use Firebase for authentication, analytics, and cloud storage. Firebase complies with GDPR and provides data processing agreements.
OpenAI API: Food photos are securely transmitted to OpenAI's API for calorie analysis. Images are not stored permanently by OpenAI.
Apple App Store: Subscription payments are processed through Apple's secure payment system. We receive only purchase confirmation data, not your payment details.
Data Sharing
We do NOT sell, rent, or share your personal information with third parties for marketing purposes. We only share data with:
- Service Providers: Companies that help us operate the App (Firebase, OpenAI) under strict data protection agreements
- Legal Requirements: When required by law or to protect our legal rights
- Business Transfers: In the event of a merger or acquisition (you will be notified)
5. Data Security
Security Measures
- Encryption: All data transmission uses TLS/SSL encryption
- Secure Storage: Data is stored on Google Cloud Platform with industry-standard security
- Access Control: Strict access controls limit who can view your data
- Regular Audits: We conduct regular security assessments
- Data Minimization: We collect only necessary information
Important: While we implement robust security measures, no internet transmission is 100% secure. Please use a strong password and keep your device secure.
6. Your Rights (GDPR & KVKK)
You Have the Right To:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Data Portability: Receive your data in a machine-readable format
- Objection: Object to data processing for specific purposes
- Withdraw Consent: Revoke consent for data processing at any time
How to Exercise Your Rights
To exercise any of these rights, please contact us at stepster.feedback@gmail.com
We will respond to your request within 30 days as required by GDPR and KVKK.
Account Deletion
You can delete your account and all associated data at any time:
- Open Stepster app
- Go to Settings → Account
- Tap "Delete Account"
- Confirm deletion
Note: This action is permanent and cannot be undone. All your health data, progress, and subscription information will be permanently deleted.
7. Data Retention
- Active Accounts: We retain your data as long as your account is active
- Deleted Accounts: Data is permanently deleted within 30 days of account deletion
- Legal Requirements: Some data may be retained longer if required by law (e.g., payment records for tax purposes)
- Analytics: Anonymized usage data may be retained for statistical purposes
8. Children's Privacy
Stepster is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.
9. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States (where Firebase and OpenAI servers are located). We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Data Processing Agreements with all service providers
- Compliance with GDPR requirements for international transfers
10. Cookies and Tracking
The App does not use traditional web cookies. However, we use similar technologies for:
- Firebase Analytics: To understand app usage and improve features
- Crash Reporting: To identify and fix technical issues
- Session Management: To keep you logged in
You can disable analytics in Settings → Privacy → Analytics, though this may limit some functionality.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the new policy in the App
- Updating the "Last Updated" date
- Sending an email notification for significant changes
Your continued use of the App after changes become effective constitutes acceptance of the revised policy.
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information we collect
- Right to delete your personal information
- Right to opt-out of sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your rights
13. Contact Us & Data Controller
Data Controller: Mobixo AI
Address: Istanbul, Turkey
For privacy questions or to exercise your rights:
stepster.feedback@gmail.comWe respond to all privacy requests within 30 days