Privacy Policy
I. Who we are
Step Mobile, Inc. (“Step,” “we”, “our”, or “us”) is a financial services company. Our platform provides improved transparency about how our customers use and manage their money, as well as the necessary tools to help improve one’s financial well-being. When you use these services, you’ll share some information with us that could be used to identify you or that is associated with information that identifies you (“Personal Information”). So we want to be clear about the information we collect, how we use it, and whom we share it with. This Privacy Policy applies to Personal Information that we gather or collect via our website (the “Site”) or our mobile app (the “App”) (our Site and App collectively, our “Services”). It does not apply to any Personal Information collected by third party websites not operated by Step.
This Privacy Policy applies to information collected from users of our Services who are under the age of 18 (“U18 Users”), adult sponsors of U18 Users (“Sponsors”), and users who are under the age of 13 (“U13 Users”). Additional information about our privacy practices specific to U13 Users and their Sponsors is available here. Additional privacy information for Sponsors is available here.
This Privacy Policy is incorporated into our Terms of Service.
If after reading this Privacy Policy you still have questions about anything in it, please contact us at privacy@step.com.
II. The information we collect
The categories of Personal Information we collect include:
Identification information you provide to us
Communication information you share when you voluntarily reach out to us
Technical information we automatically collect
Third party Personal Information
Identification Information you provide to us
When you interact with our Services, we collect identification information that you choose to share with us. When you set up an account with us, we need to collect a few important details about you. For Sponsors we collect your name, address, Social Security number, a unique username you would like to use for our Services, your phone number, your email address, your date of birth, a photograph of your face, a copy of your government-issued identification, and your hand-written signature.
For U18 Users, we collect the information set forth in the “Use of the Services By Children” section below.
Communication Information
When you contact customer support or communicate with us in any other way, including by voluntarily responding to questionnaires, surveys or requests for market research seeking your opinion and feedback, we’ll collect whatever information you volunteer, in addition to your name and email address.
Technical Information
When you use our Services, we collect information about which of the Services you’ve used and how you’ve used them. Examples of this information include:
Usage information on our Site or App (e.g., pages you visit on the Site, webpage from which you linked to our Site);
Time and date of your activities;
Your IP address;
Location Information:
When you browse the Site, we collect an estimate of your location through your IP address
When you use the App, we collect your Location Information through your device IP address, WiFi, Bluetooth, and, when you have enabled geolocation tracking, GPS coordinates (e.g. latitude/longitude) of your mobile device in order to detect and prevent fraud. If you have given the App permission to access your location, we will collect your device’s location as permitted by the settings you choose, and store your location history. If you want to opt out of the collection of your location information, please adjust your settings in your mobile device.
Device ID;
The kind of browser and computer you use;
Name of your internet service provider; and
Operating system version.
Third-Party Personal Information
We may collect Personal Information about you from other users, our affiliates, and third parties, as permitted by law, as follows:
Identity Verification Information. We may collect Personal Information from third party verification services, including biometric identity verification service providers, credit bureaus, financial institutions, mailing list providers, and publicly available sources to verify your identity. We may also collect information about you from third parties in connection with any identity or account verification process, fraud detection process, or collection procedure, or as may otherwise be required by applicable law.
Social Media Information. We have pages on social media sites like Instagram, Facebook, Twitter, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we will collect Personal Information that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
Financial Information. When you link a deposit account, Step uses Plaid Inc. (“Plaid”) to gather your data from financial institutions. By using the Services, you grant Step and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid End User Privacy Policy. If you choose to activate Step’s securities investment services or Step’s crypto services, Step may send your information to or receive your information from Step’s securities investment service provider, Drivewealth, and its crypto service provider, Zero Hash. You agree to your personal and financial information being transferred, stored, and processed by Zero Hash and Drivewealth in accordance with the Zero Hash Privacy Policy and the Drivewealth Privacy Policy.
Advertising Information. We partner with Rakuten Advertising, who may collect personal information when you interact with our site. The collection and use of this information is subject to the privacy policy located here: Rakuten’s privacy policy: https://rakutenmarketing.com/legal-notices/services-privacy-policy/ To submit an opt-out request: https://rakutenmarketing.com/legal-notices/subject-requests/
III. How we use your information
Personal Information
To provide the Services: Step may use your Personal Information to fulfill requests for products, Services, or information, including information about potential or future Services, including to:
Manage individual information and accounts;
Respond to questions, comments, and other requests;
Verify your identity;
Process payments;
Process applications and transactions;
Communicate with you, including via SMS messaging. For more information, see our Mobile Terms;
Perform transfers, trades, and purchases that you request;
Provide access to certain areas, functionalities, and features of our Services; and
Allow you to register for events.
For internal business purposes: Step may use Personal Information for its internal business purposes, including to:
Measure interest in Step’s Services;
Develop new products and Services or improve existing products and Services;
Ensure internal quality control;
Communicate about individual accounts and activities on Step’s Services and systems, and, in Step’s discretion, changes to any Step policy;
Comply with regulatory requirements;
Prevent potentially prohibited or illegal activities;
Enforce our Terms of Service;
Protect the safety of any person, to address fraud, security or technical issues, or to protect the Company’s rights or property;
Comply with applicable laws, rules and regulations or court orders; and
For any other purpose for which you have given express permission or consent to Step.
For marketing purposes: Step may analyze and use Personal Information to provide you with materials about offers, products, and Services from Step that may be of interest to you. Step may provide you with these materials by phone, postal mail, email, or otherwise as permitted by applicable law. Such uses include:
To tailor content, advertisements, and offers;
To notify you about offers, products, and services that may be of interest to you;
To provide Services to you and our sponsors;
For other purposes disclosed at the time you provide Personal Information; and otherwise, with your consent.
Non-personal Information
We may also use information that does not personally identify you, including by aggregating and/or de-identifying Personal Information, in order to understand better how our visitors use the Services, research our visitors’ demographics, interests, and behavior, improve the Services, and for other similar purposes. We may share this information with others for information or promotional purposes, and may use non-personally identifiable information in any manner permitted by law. When any non-personally identifiable information is combined with other information that identifies you, it will be treated as Personal Information in accordance with this Privacy Policy.
VI. How long we keep your information
We will retain your information for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our products and Services, resolve disputes, establish legal defenses, conduct audits, enforce our agreements, and comply with applicable laws or regulations.
External Sites
Our Services may contain links to other websites and other websites may reference or link to our Services. These websites are operated by third parties not controlled by us, and by linking to them or being linked from them Step does not endorse, approve or make any representations about third party websites or domains. We encourage you to read the privacy policies of each and every website and domain that you interact with. We are not responsible for the privacy practices or content of such other websites or domains and you visit them at your own risk.
Social Media
Our Services may contain links and interactive features with various social media platforms. If you already use these platforms, their cookies may be set on your device when using our Services. You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible social media platform, blog, or chat room, or otherwise online, or that you share in an open forum, may be viewed and used by others without any restrictions. We have no control over such uses of your information when interacting with a social media platform, forums or otherwise online and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties.
Security
Step takes commercially-reasonable steps to protect the data you have given us from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. However, please be aware that no transmission of Personal Information over the Internet or the electronic storage of this information can be absolutely guaranteed to be free from unauthorized use or access. Before submitting any Personal Information via the Services, please keep in mind these risks and know that you do so at your own risk.
VII. Your choices
Communications Preferences
If you no longer want to receive marketing emails from us, you can use the “unsubscribe” link found at the bottom of the email to opt out of receiving future emails. You will continue to receive transaction-related emails regarding products or services you have requested.
Sharing Preferences
We may give you choices regarding the sharing of your information with affiliates and third parties. Choices you have about the sharing of your information will be described in the privacy policies or notices you receive in connection with specific Services you obtain from us.
Other Requests
If you wish to terminate your Step account or delete your data, you can contact us as set forth in this policy or initiate a request within our App.
VIII. Changes to this privacy policy
We may change this Privacy Policy from time to time. If we do, we will post the revised policy on this page with a new “Last Updated” date. All changes will become effective when posted unless indicated otherwise. If we make any material changes we will notify you in accordance with applicable law. We encourage you to periodically review this page for the latest information on our privacy practices.
IX. Use of the services by children
We take precautions to protect the privacy of children. Where we determine that an individual attempting to set up a Step account is a U13 User, we will ask for that U13 User’s parent or guardian’s contact information in order to obtain verifiable consent before allowing that U13 User to use our Services.
What Information Does Step Collect from Children and How Is It Used?
To participate in our Services, U18 Users and their Sponsors must create an account using the App. We ask all U18 Users to provide us with the phone number of their Sponsor, so we can notify the Sponsor of the U18 User’s interest in Step, request consent for the U18 User to use our Services and provide us with their personal information, and authorize the Sponsor to oversee the U18 User’s account.
We request personal information from U18 Users that is reasonably necessary for their use of the Services, including their name, date of birth, phone number, email address, and mailing address. We also collect technical information and utilize cookies and analytics technologies when U18 Users engage with our Site. When we collect Personal Information from U18 Users, we will retain that information only as long as reasonably necessary to fulfill the purpose for which it was provided, ensure the security of our users and our Services, or as required by law.
Parents or legal guardians of U18 Users who are not their child’s Sponsor can contact us at privacy@step.com to request the identity of their child’s Sponsor. Parents or legal guardians of U13 Users can contact us at privacy@step.com to access and review the Personal Information we have collected about their child, update their child’s information, request deletion of their child’s information, or restrict further collection or use of their child’s information. In the event we discover we have collected information from a U13 User in a manner inconsistent with applicable law, we will either delete the information or promptly seek consent from a parent or legal guardian. Please note that our deletion of your child’s information means that they will no longer be able to have a Step account or otherwise use our Services.
For more information, see our Children’s Privacy Statement.
X. California privacy rights disclosures
Under California Civil Code Section 1798 (California's “Shine the Light” law), California residents with an established business relationship with us can annually request that we provide them with information about the Personal Information we have shared with third parties for those third parties' own direct marketing purposes. Step does not share Personal Information with third parties for their own direct marketing purposes. If you would like to request more information under California’s “Shine the Light” law, you can contact us as detailed in the “Contact Us” section below.
The following disclosures are made pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). These disclosures apply to individuals who reside in the State of California and supplement any other privacy notice provided by Step. Any terms defined in the CCPA have the same meaning in this notice.
The below chart reflects the categories of personal information we have collected from California residents both online and offline during the past twelve months, the categories of sources from which the information was collected, the business or commercial purpose for which the information was collected, and the categories of third parties with whom we shared that information.
Categories of Personal Information Collected | Categories of Sources of Collection | Business/Commercial Purpose for Collection | Categories of Third Parties Receiving Personal Information |
Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, phone number, legal name, social security number, driver's license number, passport number, or other similar identifiers. | You; Your Sponsor; Third party sources, including credit and background check or credit check providers; Publicly available Information; Devices you use to access the Services. | Provide products and services to you; Respond to questions; Provide you with information about our services; Enhance customer experience; Detect security incidents and protect against fraud or illegal activity; Conduct hiring and/or other human resources activities; For research, analysis, and product development; To evaluate or process a commercial transaction; As required by applicable law or government regulation. | Your Sponsor; Advertising networks; Affiliates; Data analytics providers; Marketing platforms; Recruitment platforms; Social networks; Technology services; Background check or credit check providers. |
Personal information categories listed in Cal. Civ. Code § 1798.80 such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | You; Your Sponsor; Third party sources, including credit and background check or credit check providers; Publicly available information; Devices you use to access the Services. | Provide products and services to you; Respond to questions; Provide you with information about our services; Enhance customer experience; Detect security incidents and protect against fraud or illegal activity; Conduct hiring and/or other human resources activities; To evaluate or process a commercial transaction; As required by applicable law or government regulation. | Your Sponsor; Advertising networks; Affiliates; Data analytics providers; Marketing platforms; Recruitment platforms; Social networks; Technology services; Background check or credit check providers. |
Protected classification characteristics under California or federal law such as age, race, national origin, citizenship, marital status, sex, gender identity, sexual orientation, medical conditions (including pregnancy or childbirth, physical or mental disability or related medical conditions), parental status, veteran or military status. | You; Your Sponsor; background check or credit check providers. | To provide you with our products and services and respond to your questions; To understand the products and services considered by our customers and to make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services; To collect and process applications for accounts or for employment. | Your Sponsor; Background check or credit check providers; financial institutions. |
Commercial information such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | You; Your Sponsor. | To provide our services; To provide advertising/marketing services, analytic services, or similar services; For research, analysis, and product development; To evaluate or process commercial transactions; As required by applicable law or government regulation. | Your Sponsor; Users of our Services who you authorize to view this information. |
Biometric information | We do not directly collect biometric information, but our service provider collects it and provides us with the results of its analyses. | Fraud prevention. | N/A |
Internet or other similar network activity such as browsing history, search history, information on interactions with an internet website, application, or advertisement. | You; Devices you use to access the Services. | To provide you with our products and services and respond to your questions; To understand the products and services considered by our customers and to make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services; To identify and repair errors that impair existing or intended functionality; To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; To collect and process applications for employment. | Advertising networks. Affiliates; Data analytics providers; Marketing platforms; Recruitment platforms; Social networks; Technology services. |
Geolocation data such as physical location or movements | You; Devices you use to access the Services. | To provide you with our products and services and respond to your questions; To understand the products and services considered by our customers and to make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services on behalf of the Company | Your Sponsor; Advertising networks; Affiliates; Data analytics providers; Marketing platforms; Social networks; Technology services. |
Sensory data such as audio, electronic, visual, thermal, olfactory, or similar information. | You; Devices you use to access the Services. | To allow you to add a profile picture to your account. | Individuals or organizations with whom you share your profile. |
Professional or employment-related information such as current and prior employment, performance evaluations, and results of background checks | You; Background check providers; Publicly available information.
| Conduct hiring and/or other human resources activities. | Affiliates; Recruitment platforms; Technology services. |
Non-public education information as defined in 20 U.S.C. Section 1232g, 34 C.F.R. Part 99 such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | We do not collect. | N/A | N/A |
Inferences drawn from other Personal Information to create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitude, intelligence, ability, aptitude, and any other inferences drawn from your personal information. | You; Devices you use to access the Services; Credit and background check providers.
| To understand the products and services considered by our customers and to make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services. | Advertising networks; Affiliates; Marketing platforms; Data analytics providers; Social networks; Technology services; Video hosting, sharing, and streaming platforms. |
In the past twelve months we have disclosed personal information to third parties for business purposes. The categories of personal information we have disclosed to third parties for business purposes are identified in the “Categories of Personal Information Collected” column above. We have disclosed those categories of personal information to the categories of third parties identified in the “Categories of Third Parties Receiving Personal Information” column above.
In the past twelve months, we have not sold personal information, and we have no actual knowledge of selling the personal information of minors under 16 years of age. California residents have the right to opt out of the sale of their personal information, but because we do not sell personal information, we do not offer an opt out.
Right to Know
California residents have the right to request that we disclose the categories and specific pieces of personal information we collected, used, and disclosed during the past twelve months, the categories of sources from which their personal information was collected, our business or commercial purposes for collecting their personal information, and the categories of third parties with whom we shared their personal information.
Right to Delete
California residents have the right to request deletion of the personal information we have collected from them.
Request Submission
California residents or their authorized agent can submit a request by emailing us at privacy@step.com or by calling us at 1-888-378-6023. You will need to provide us with your name, phone number, and mailing address for us to match with information we have on file in order to verify your identity and residency. The personal information that we use to verify your identity and residency will not be used for any other purpose.
Right to Non-Discrimination
California residents have the right to not receive discriminatory treatment for exercising their CCPA privacy rights. We do not discriminate against California residents who exercise their CCPA privacy rights.
Contact Us
If you have questions or comments about this Privacy Policy, please contact us at privacy@step.com.
XI. Consumer privacy notice for Step customers
FACTS | WHAT DOES Step Mobile, Inc (“Step”) DO WITH YOUR PERSONAL INFORMATION? |
Why?
| Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. |
What?
| The types of personal information we collect and share depends on the product or service you have with us. This information can include: Social Security number and transaction history account balance and purchase history When you are no longer our customer, we continue to share your information as described in this notice. |
How? | All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Step chooses to share; and whether you can limit this sharing. |
Reasons we can share your personal information | Does Step share? | Can you limit this sharing? |
|---|---|---|
For our everyday business purposes - such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus | Yes | No |
For our marketing purposes - to offer our products and services to you | Yes | No |
For joint marketing with other financial companies | No | We don't share |
For our affiliates' everyday business purposes - information about your transactions and experiences | No | We don’t share |
For our affiliates' everyday business purposes - information about your creditworthiness | No | We don't share |
For non-affiliates to market to you | No | We don't share |
Questions? | Please email privacy@step.com. |
WHO WE ARE Who is providing this notice? Step Mobile, Inc.
WHAT WE DO
How does Step protect my personal information? | To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings. |
How does Step collect my personal information? | We collect your personal information, for example, when you: open an account or make deposits provide us with your photo ID give us your contact information We may also collect your personal information from others. |
Why can't I limit all sharing? | Federal law gives you the right to limit only: sharing for affiliates' everyday business purposes - information about your creditworthiness affiliates from using your information to market to you sharing for nonaffiliates to market to you State laws and individual companies may give you additional rights to limit sharing. |
DEFINITIONS
Affiliates | Companies related by common ownership or control. They can be financial and nonfinancial companies. We do not have any affiliates with which we share personal information |
Nonaffiliates | Companies not related by common ownership or control. They can be financial and nonfinancial companies. We do not share with nonaffiliates so they can market to you. |
Joint marketing | A formal agreement between non-affiliated financial companies that together market financial products or services to you. We do not jointly market |
XII. Other important information
California Residents: We will not share information we collect about you with nonaffiliates, except as permitted by law, including, for example, with your consent or to provide financial services you have requested.
Vermont residents: We will not share nonpublic personal financial information about you with our affiliates or any nonaffiliated third party, other than as permitted by law, or with your consent