Privacy Policy

I. Who we are

Step Mobile, Inc. (“Step,” “we”, “our”, or “us”) is a financial services company. Our platform provides improved transparency about how our customers use and manage their money, as well as the necessary tools to help improve one’s financial well-being. When you use these services, you’ll share some information with us that could be used to identify you or that is associated with information that identifies you (“Personal Information”). So we want to be clear about the information we collect, how we use it, and whom we share it with. This Privacy Policy applies to Personal Information that we gather or collect via our website (the “Site”) or our mobile app (the “App”) (our Site and App collectively, our “Services”). It does not apply to any Personal Information collected by third party websites not operated by Step.

This Privacy Policy applies to information collected from users of our Services who are under the age of 18 (“U18 Users”), adult sponsors of U18 Users (“Sponsors”), and users who are under the age of 13 (“U13 Users”). Additional information about our privacy practices specific to U13 Users and their Sponsors is available here. Additional privacy information for Sponsors is available here.

This Privacy Policy is incorporated into our Terms of Service.

If after reading this Privacy Policy you still have questions about anything in it, please contact us at privacy@step.com.

II. The information we collect

The categories of Personal Information we collect include:

  • Identification information you provide to us

  • Communication information you share when you voluntarily reach out to us

  • Technical information we automatically collect

  • Third party Personal Information

Identification Information you provide to us

When you interact with our Services, we collect identification information that you choose to share with us. When you set up an account with us, we need to collect a few important details about you.  For Sponsors we collect your name, address, Social Security number, a unique username you would like to use for our Services, your phone number, your email address, your date of birth, a photograph of your face, a copy of your government-issued identification, and your hand-written signature. 

For U18 Users, we collect the information set forth in the “Use of the Services By Children” section below. 

Communication Information

When you contact customer support or communicate with us in any other way, including by voluntarily responding to questionnaires, surveys or requests for market research seeking your opinion and feedback, we’ll collect whatever information you volunteer, in addition to your name and email address.

Technical Information

When you  use our Services, we collect information about which of the Services you’ve used and how you’ve used them. Examples of this information include:

  1. Usage information on our Site or App (e.g., pages you visit on the Site, webpage from which you linked to our Site);

  2. Time and date of your activities;

  3. Your IP address;

  4. Location Information:

    1. When you browse the Site, we collect an estimate of your location through your IP address

    2. When you use the App, we collect your Location Information through your device IP address, WiFi, Bluetooth, and, when you have enabled geolocation tracking, GPS coordinates (e.g. latitude/longitude) of your mobile device in order to detect and prevent fraud. If you have given the App permission to access your location, we will collect your device’s location as permitted by the settings you choose, and store your location history. If you want to opt out of the collection of your location information, please adjust your settings in your mobile device.

  5. Device ID;

  6. The kind of browser and computer you use;

  7. Name of your internet service provider; and 

  8. Operating system version. 

Third-Party Personal Information

We may collect Personal Information about you from other users, our affiliates, and third parties, as permitted by law, as follows:

  1. Identity Verification Information. We may collect Personal Information from third party verification services, including biometric identity verification service providers, credit bureaus, financial institutions, mailing list providers, and publicly available sources to verify your identity. We may also collect information about you from third parties in connection with any identity or account verification process, fraud detection process, or collection procedure, or as may otherwise be required by applicable law.

  2. Social Media Information. We have pages on social media sites like Instagram, Facebook, Twitter, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we will collect Personal Information that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.

  3. Financial Information. When you link a deposit account, Step uses Plaid Inc. (“Plaid”) to gather your data from financial institutions. By using the Services, you grant Step and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid End User Privacy Policy. If you choose to activate Step’s securities investment services or Step’s crypto services, Step may send your information to or receive your information from Step’s securities investment service provider, Drivewealth, and its crypto service provider, Zero Hash. You agree to your personal and financial information being transferred, stored, and processed by Zero Hash and Drivewealth in accordance with the Zero Hash Privacy Policy and the Drivewealth Privacy Policy.

  4. Advertising Information. We partner with Rakuten Advertising, who may collect personal information when you interact with our site. The collection and use of this information is subject to the privacy policy located here: Rakuten’s privacy policy: https://rakutenmarketing.com/legal-notices/services-privacy-policy/ To submit an opt-out request: https://rakutenmarketing.com/legal-notices/subject-requests/

III. How we use your information

Personal Information

To provide the Services: Step may use your Personal Information to fulfill requests for products, Services, or information, including information about potential or future Services, including to:

  • Manage individual information and accounts;

  • Respond to questions, comments, and other requests;

  • Verify your identity;

  • Process payments;

  • Process applications and transactions;

  • Communicate with you, including via SMS messaging. For more information, see our Mobile Terms;

  • Perform transfers, trades, and purchases that you request;

  • Provide access to certain areas, functionalities, and features of our Services; and

  • Allow you to register for events.

For internal business purposes: Step may use Personal Information for its internal business purposes, including to:

  • Measure interest in Step’s Services;

  • Develop new products and Services or improve existing products and Services;

  • Ensure internal quality control;

  • Communicate about individual accounts and activities on Step’s Services and systems, and, in Step’s discretion, changes to any Step policy;

  • Comply with regulatory requirements;

  • Prevent potentially prohibited or illegal activities;

  • Enforce our Terms of Service;

  • Protect the safety of any person, to address fraud, security or technical issues, or to protect the Company’s rights or property;

  • Comply with applicable laws, rules and regulations or court orders; and

  • For any other purpose for which you have given express permission or consent to Step.

For marketing purposes: Step may analyze and use Personal Information to provide you with materials about offers, products, and Services from Step that may be of interest to you. Step may provide you with these materials by phone, postal mail, email, or otherwise as permitted by applicable law. Such uses include:

  • To tailor content, advertisements, and offers;

  • To notify you about offers, products, and services that may be of interest to you;

  • To provide Services to you and our sponsors;

  • For other purposes disclosed at the time you provide Personal Information; and otherwise, with your consent. 

Non-personal Information

We may also use information that does not personally identify you, including by aggregating and/or de-identifying Personal Information, in order to understand better how our visitors use the Services, research our visitors’ demographics, interests, and behavior, improve the Services, and for other similar purposes. We may share this information with others for information or promotional purposes, and may use non-personally identifiable information in any manner permitted by law. When any non-personally identifiable information is combined with other information that identifies you, it will be treated as Personal Information in accordance with this Privacy Policy.

IV. How we share information

We may share Personal Information about you in the following ways:

  • To verify your identity. For example, we may share information about you with credit reporting agencies to verify your Social Security number. We may also share your information with vendors who help us verify your identity by performing biometric or other analyses to help us detect and prevent fraud. We use Persona to perform identity verification through facial geometry analysis.  Persona’s privacy policy is available at https://withpersona.com/legal/privacy-policy.

  • With vendors and service providers for: (i) provision of IT and related services; (ii) provision of information and Services you have requested; (iii) payment processing; and (iv) customer service activities; (v) know-your customer services and fraud and anti-money laundering prevention; (vi) analytics services; and (vii) in connection with the provision of the Services. These service providers have contracted with us to use the Personal Information only for the purpose(s) for which the data were originally collected or may otherwise be lawfully processed.

  • Business partners. We may share Personal Information with our business partners, affiliates, and for our affiliates’ internal business purposes or to provide you with a product or service that you have requested. For example, we partner with Evolve Bank & Trust (“Evolve”) to provide you with banking and credit card services. We may share your Personal Information with Evolve to enable Evolve to provide banking and credit card services to you in connection with our Services. Similarly, we partner with Zero Hash to provide you with crypto services and with Drivewealth to provide you with stock investment services.

We may also share Personal Information with business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you.

With third parties for legal reasons. We may share information about you if we reasonably believe that disclosing the information is needed to: (i) comply with any valid legal process, governmental request, or applicable law, rule, or regulation; (ii) investigate, remedy, or enforce potential Terms of Service violations; (iii) protect the rights, property, and safety of us, our users, or others; or (iv) detect and resolve any fraud or security concerns.  Upon verified request from a parent or guardian of a U18 User, we may at our discretion share the identity of that U18 User’s Sponsor with such parent or guardian. In the event of a transaction or proposed transaction involving the transfer of substantially all of the assets of Step or one or more of its businesses to another entity, whether an affiliate or a third party, or in connection with a bankruptcy, we may share your Personal Information in the diligence process or to otherwise facilitate the transaction, and with individuals assisting in the transaction or in connection with a bankruptcy. Your Personal Information may also be one of the transferred assets as part of the transaction or bankruptcy.

V. Cookies and analytics technologies

Advertising Cookies 

Advertising cookies are used to show you ads that are more relevant to you. We may share this information with advertisers or use it to better understand your interests. For example, advertising cookies may be used to share data with advertisers so that the ads you see are more relevant to you, or allow you to share certain pages with social networks. We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads (including ads served using non-cookie technologies) from members of the NAI on the NAI's website, available at: https://optout.networkadvertising.org/?c=1. You can also visit the Digital Advertising Alliance’s website, available at https://youradchoices.com/, to use its Consumer Choice Tools. 

  • Google Analytics collects personal data through the Services, including through the use of cookies. For information about how Google Analytics collects and processes data, please visit: https://policies.google.com/technologies/partner-sites. To opt out of having your information used by Google Analytics, please visit: https://tools.google.com/dlpage/gaoptout/. For more information, please visit Google’s privacy policy at: https://policies.google.com/privacy?hl=en&fg=1.

  • Third parties, such as vendors and ad networks, including, but not limited to, Google, may place and read cookies on your browser, or use web beacons to collect information in connection with ad serving on the Services, including device-specific information, location information, and other information stored on, accessed on, or collected from end users' devices in connection with the Services. Our partners will collect personal information for personalization of ads and use cookies for personalized and non-personalized advertising and measurement. Ad serving may be based on users’ visits to our Services or other websites on the Internet, and your activity may be tracked over time and across websites. For information about how Google collects, shares, and uses data, please visit: https://policies.google.com/technologies/partner-sites. You may opt out of personalized ads from Google by visiting the Google Ads Settings web page at: http://www.google.com/ads/preferences/. For more information, please visit Google’s privacy policy at: https://policies.google.com/privacy?hl=en&fg=1. You can also opt out of some third-party vendors’ uses of cookies for personalized advertising by visiting www.aboutads.info.

  • We use the Facebook Pixel to analyze user activity on our Services for remarketing and behavioral targeting. The Facebook Pixel is triggered when you perform certain activities on the Services, and aids us in displaying Facebook ads to Facebooks users who have visited our Services, or Facebook users who share certain characteristics with visitors to our Services. Facebook and other third parties may use cookies, web beacons, and other storage technologies to collect information from the Services and from other Internet websites, and use that information for the purposes of targeting ads and providing measurement services. Facebook may track your activity over time and across websites. For more information about the data Facebook collects, please visit Facebook’s data policy at: https://www.facebook.com/privacy/explanation. For specific information about Facebook Pixel, please visit: https://www.facebook.com/business/help/742478679120153?id=1205376682832142. For more information about ad targeting and exercising your choice to opt out of the collection and use of information for ad targeting, please visit: https://www.facebook.com/help/568137493302217, or http://optout.aboutads.info/?c=2&lang=EN.

  • Microsoft also collects or receives personal information from our users or us to provide Microsoft Advertising (including through individual end user tracking and data sharing with third parties for advertising and marketing purposes). For more information, please visit the Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement.

Clear GIFs (Web Beacons)

We may employ a software technology called clear gifs (a.k.a. Web Beacons) that help us better manage content on our Site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements and actions of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We may tie the information gathered by clear gifs to other Personal Information. We may use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.

Online Tracking and "Do Not Track" Signals

We and our third party service providers, including Facebook, may use cookies, pixels, or other tracking technologies to collect information about your browsing activities over time and across different websites following your use of the Site and use that information to send targeted advertisements. Our Site currently does not respond to “Do Not Track” (DNT) signals and operates as described in this Privacy Policy whether or not a DNT signal is received.

VI. How long we keep your information

We will retain your information for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our products and Services, resolve disputes, establish legal defenses, conduct audits, enforce our agreements, and comply with applicable laws or regulations.

External Sites

Our Services may contain links to other websites and other websites may reference or link to our Services. These websites are operated by third parties not controlled by us, and by linking to them or being linked from them Step does not endorse, approve or make any representations about third party websites or domains. We encourage you to read the privacy policies of each and every website and domain that you interact with. We are not responsible for the privacy practices or content of such other websites or domains and you visit them at your own risk.

Social Media

Our Services may contain links and interactive features with various social media platforms. If you already use these platforms, their cookies may be set on your device when using our Services. You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible social media platform, blog, or chat room, or otherwise online, or that you share in an open forum, may be viewed and used by others without any restrictions. We have no control over such uses of your information when interacting with a social media platform, forums or otherwise online and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties.

Security

Step takes commercially-reasonable steps to protect the data you have given us from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. However, please be aware that no transmission of Personal Information over the Internet or the electronic storage of this information can be absolutely guaranteed to be free from unauthorized use or access. Before submitting any Personal Information via the Services, please keep in mind these risks and know that you do so at your own risk.

VII. Your choices

Communications Preferences

If you no longer want to receive marketing emails from us, you can use the “unsubscribe” link found at the bottom of the email to opt out of receiving future emails. You will continue to receive transaction-related emails regarding products or services you have requested. 

Sharing Preferences

We may give you choices regarding the sharing of your information with affiliates and third parties. Choices you have about the sharing of your information will be described in the privacy policies or notices you receive in connection with specific Services you obtain from us.

Other Requests

If you wish to terminate your Step account or delete your data, you can contact us as set forth in this policy or initiate a request within our App.

VIII. Changes to this privacy policy

We may change this Privacy Policy from time to time. If we do, we will post the revised policy on this page with a new “Last Updated” date. All changes will become effective when posted unless indicated otherwise. If we make any material changes we will notify you in accordance with applicable law. We encourage you to periodically review this page for the latest information on our privacy practices.

IX. Use of the services by children

We take precautions to protect the privacy of children. Where we determine that an individual attempting to set up a Step account is a U13 User, we will ask for that U13 User’s parent or guardian’s contact information in order to obtain verifiable consent before allowing that U13 User to use our Services.

What Information Does Step Collect from Children and How Is It Used?

To participate in our Services, U18 Users and their Sponsors must create an account using the App. We ask all U18 Users to provide us with the phone number of their Sponsor, so we can notify the Sponsor of the U18 User’s interest in Step, request consent for the U18 User to use our Services and provide us with their personal information, and authorize the Sponsor to oversee the U18 User’s account. 

We request personal information from U18 Users that is reasonably necessary for their use of the Services, including their name, date of birth, phone number, email address, and mailing address. We also collect technical information and utilize cookies and analytics technologies when U18 Users engage with our Site. When we collect Personal Information from U18 Users, we will retain that information only as long as reasonably necessary to fulfill the purpose for which it was provided, ensure the security of our users and our Services, or as required by law. 

Parents or legal guardians of U18 Users who are not their child’s Sponsor can contact us at privacy@step.com to request the identity of their child’s Sponsor. Parents or legal guardians of U13 Users can contact us at privacy@step.com to access and review the Personal Information we have collected about their child, update their child’s information, request deletion of their child’s information, or restrict further collection or use of their child’s information. In the event we discover we have collected information from a U13 User in a manner inconsistent with applicable law, we will either delete the information or promptly seek consent from a parent or legal guardian. Please note that our deletion of your child’s information means that they will no longer be able to have a Step account or otherwise use our Services.

For more information, see our Children’s Privacy Statement.

X. California privacy rights disclosures

Under California Civil Code Section 1798 (California's “Shine the Light” law), California residents with an established business relationship with us can annually request that we provide them with information about the Personal Information we have shared with third parties for those third parties' own direct marketing purposes. Step does not share Personal Information with third parties for their own direct marketing purposes. If you would like to request more information under California’s “Shine the Light” law, you can contact us as detailed in the “Contact Us” section below.

The following disclosures are made pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). These disclosures apply to individuals who reside in the State of California and supplement any other privacy notice provided by Step. Any terms defined in the CCPA have the same meaning in this notice.

The below chart reflects the categories of personal information we have collected from California residents both online and offline during the past twelve months, the categories of sources from which the information was collected, the business or commercial purpose for which the information was collected, and the categories of third parties with whom we shared that information.

Categories of Personal Information Collected

Categories of Sources of Collection

Business/Commercial Purpose for Collection

Categories of Third Parties Receiving Personal Information

Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, phone number, legal name, social security number, driver's license number, passport number, or other similar identifiers.

You;

Your Sponsor;

Third party sources, including credit and background check or credit check providers;

Publicly available Information;

Devices you use to access the Services.

Provide products and services to you;

Respond to questions; Provide you with information about our services;

Enhance customer experience;

Detect security incidents and protect against fraud or illegal activity;

Conduct hiring and/or other human resources activities;

For research, analysis, and product development;

To evaluate or process a commercial transaction;

As required by applicable law or government regulation.

Your Sponsor;

Advertising networks;

Affiliates; Data analytics providers; Marketing platforms; Recruitment platforms;

Social networks;

Technology services; 

Background check or credit check providers.

Personal information categories listed in Cal. Civ. Code § 1798.80 such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

You; Your Sponsor;

Third party sources, including credit and background check or credit check providers; Publicly available information; Devices you use to access the Services.

Provide products and services to you;

Respond to questions;

Provide you with information about our services;

Enhance customer experience;

Detect security incidents and protect against fraud or illegal activity;

Conduct hiring and/or other human resources activities;

To evaluate or process a commercial transaction;

As required by applicable law or government regulation.

Your Sponsor;

Advertising networks;

Affiliates;

Data analytics providers;

Marketing platforms;

Recruitment platforms;

Social networks;

Technology services;

Background check or credit check providers.

Protected classification characteristics under California or federal law such as age, race, national origin, citizenship, marital status, sex, gender identity, sexual orientation, medical conditions (including pregnancy or childbirth, physical or mental disability or related medical conditions), parental status, veteran or military status.

You; Your Sponsor; background check or credit check providers.

To provide you with our products and services and respond to your questions; To understand the products and services considered by our customers and to make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services; To collect and process applications for accounts or for employment.

Your Sponsor; Background check or credit check providers; financial institutions.

Commercial information such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

You; Your Sponsor.

To provide our services; To provide advertising/marketing services, analytic services, or similar services;

For research, analysis, and product development;

To evaluate or process commercial transactions;

As required by applicable law or government regulation.

Your Sponsor; Users of our Services who you authorize to view this information.

Biometric information

We do not directly collect biometric information, but our service provider collects it and provides us with the results of its analyses.

Fraud prevention.

N/A

Internet or other similar network activity such as browsing history, search history, information on interactions with an internet website, application, or advertisement.

You; Devices you use to access the Services.

To provide you with our products and services and respond to your questions; To understand the products and services considered by our customers and to make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services; To identify and repair errors that impair existing or intended functionality; To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; To collect and process applications for employment.

Advertising networks. Affiliates; Data analytics providers; Marketing platforms; Recruitment platforms; Social networks; Technology services.

Geolocation data such as physical location or movements

You; Devices you use to access the Services.

To provide you with our products and services and respond to your questions; To understand the products and services considered by our customers and to make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services on behalf of the Company

Your Sponsor; Advertising networks; Affiliates; Data analytics providers; Marketing platforms; Social networks; Technology services.

Sensory data such as audio, electronic, visual, thermal, olfactory, or similar information.

You; Devices you use to access the Services.

To allow you to add a profile picture to your account.

Individuals or organizations with whom you share your profile.

Professional or employment-related information such as current and prior employment, performance evaluations, and results of background checks

You;

Background check providers;

Publicly available information.

Conduct hiring and/or other human resources activities.

Affiliates; Recruitment platforms; Technology services.

Non-public education information as defined in 20 U.S.C. Section 1232g, 34 C.F.R. Part 99 such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

We do not collect.

N/A

N/A

Inferences drawn from other Personal Information to create a profile reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitude, intelligence, ability, aptitude, and any other inferences drawn from your personal information.

You;

Devices you use to access the Services;

Credit and background check providers.

To understand the products and services considered by our customers and to make improvements to our offerings; To provide advertising/marketing services, analytic services, or similar services.

Advertising networks;

Affiliates;

Marketing platforms;

Data analytics providers;

Social networks; Technology services;

Video hosting, sharing, and streaming platforms.

In the past twelve months we have disclosed personal information to third parties for business purposes. The categories of personal information we have disclosed to third parties for business purposes are identified in the “Categories of Personal Information Collected” column above. We have disclosed those categories of personal information to the categories of third parties identified in the “Categories of Third Parties Receiving Personal Information” column above.

In the past twelve months, we have not sold personal information, and we have no actual knowledge of selling the personal information of minors under 16 years of age. California residents have the right to opt out of the sale of their personal information, but because we do not sell personal information, we do not offer an opt out.

Right to Know

California residents have the right to request that we disclose the categories and specific pieces of personal information we collected, used, and disclosed during the past twelve months, the categories of sources from which their personal information was collected, our business or commercial purposes for collecting their personal information, and the categories of third parties with whom we shared their personal information.

Right to Delete

California residents have the right to request deletion of the personal information we have collected from them.

Request Submission

California residents or their authorized agent can submit a request by emailing us at privacy@step.com or by calling us at 1-888-378-6023. You will need to provide us with your name, phone number, and mailing address for us to match with information we have on file in order to verify your identity and residency. The personal information that we use to verify your identity and residency will not be used for any other purpose.

Right to Non-Discrimination

California residents have the right to not receive discriminatory treatment for exercising their CCPA privacy rights. We do not discriminate against California residents who exercise their CCPA privacy rights.

Contact Us

If you have questions or comments about this Privacy Policy, please contact us at privacy@step.com.

XI. Consumer privacy notice for Step customers

FACTS

WHAT DOES Step Mobile, Inc (“Step”) DO WITH YOUR PERSONAL INFORMATION?

Why?

 

 

Financial companies choose how they share your personal information.

Federal law gives consumers the right to limit some but not all sharing.

Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

 

 

 

The types of personal information we collect and share depends on the product or service you have with us. This information can include:

Social Security number and transaction history account balance and purchase history

When you are no longer our customer, we continue to share your information as described in this notice.

How?

All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Step chooses to share; and whether you can limit this sharing.

Reasons we can share your personal information

Does Step share?

Can you limit this sharing?

For our everyday business purposes - such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus

Yes

No

For our marketing purposes - to offer our products and services to you

Yes

No

For joint marketing with other financial companies

No

We don't share

For our affiliates' everyday business purposes - information about your transactions and experiences

No

We don’t share

For our affiliates' everyday business purposes - information about your creditworthiness

No

We don't share

For non-affiliates to market to you

No

We don't share

Questions?

Please email privacy@step.com.

WHO WE ARE Who is providing this notice? Step Mobile, Inc.

WHAT WE DO

How does Step protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

How does Step collect my personal information?

We collect your personal information, for example, when you:

open an account or make deposits

provide us with your photo ID

give us your contact information

We may also collect your personal information from others.

Why can't I limit all sharing?

Federal law gives you the right to limit only:

sharing for affiliates' everyday business purposes - information about your creditworthiness

affiliates from using your information to market to you

sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing.

DEFINITIONS

Affiliates

Companies related by common ownership or control. They can be financial and nonfinancial companies.

We do not have any affiliates with which we share personal information

Nonaffiliates

Companies not related by common ownership or control. They can be financial and nonfinancial companies.

We do not share with nonaffiliates so they can market to you.

Joint marketing

A formal agreement between non-affiliated financial companies that together market financial products or services to you.

We do not jointly market

XII. Other important information

California Residents: We will not share information we collect about you with nonaffiliates, except as permitted by law, including, for example, with your consent or to provide financial services you have requested.

Vermont residents: We will not share nonpublic personal financial information about you with our affiliates or any nonaffiliated third party, other than as permitted by law, or with your consent