Privacy Policy

Step Mobile, Inc. (“Step,” “we”, “our”, or “us”) is a financial services company. Our platform helps our customers use and manage their money, and provides tools to help improve financial well-being. When you use these services, you’ll share some information with us that could be used to identify you or that is associated with information that identifies you (“Personal Information”). We want to be clear about the information we collect, how we use it, and whom we share it with. This Privacy Policy applies to Personal Information that we gather or collect via our website (the “Website”) or our mobile app (the “App”) (our Website and App collectively, our “Services”). It does not apply to any Personal Information collected by third-party websites not operated by Step.

This Privacy Policy applies to information collected from users of our Services who are under the age of 18 (“U18 Users” or “Sponsees”), adult sponsors of U18 Users (“Sponsors”), and users of our App who are under the age of 13 (“U13 Users”). Additional information about our privacy practices specific to U13 Users and their Sponsors is available here. Additional privacy information for Sponsors is available here.

This Privacy Policy is incorporated into our Terms of Service.

If after reading this Privacy Policy you still have questions about anything in it, please contact us at privacy@step.com.

The Personal Information we collect includes:

• Identification information you provide to us

• Communication information you share when you reach out to us and use our Services

• Technical information we automatically collect

• Personal Information provided to us through third parties

Identification Information you provide to us

When you use our Services, we collect identification information that you choose to share with us. When you set up an account with us, we need to collect a few important details about you. For Sponsors we collect your name, address, Social Security number, a unique username you would like to use for our Services, your phone number, your email address, your date of birth, a photograph of your face, a copy of your government-issued identification, and your hand-written signature. App users can also elect to share their contacts to help them easily identify other Step users. Certain components of our Services, such as our securities investing and direct deposit features, may require you to provide us with additional information about your income and employment.

For U18 Users, we collect the information set forth in the “Use of the Services By Children” section below.

Communication Information

When you contact customer support or communicate with us in any other way, including by voluntarily responding to questionnaires, contests, surveys or requests for market research seeking your opinion and feedback, we’ll collect whatever information you volunteer, in addition to your name and email address.

Technical Information

We collect information about which Services you’ve used and how you’ve used them. Examples of this information include:

• Usage information on our Website or App (e.g., pages you visit on the Website, webpage from which you linked to our Website, duration of Website visit, App logins, features used, actions performed, and transactions conducted);

• Time and date of your activities;

• Your IP address;

• Location Information:

  • When you browse the Site, we collect an estimate of your location through your IP address

  • When you use the App, we collect your Location Information through your device IP address, WiFi, Bluetooth, and, when you have enabled geolocation tracking, GPS coordinates (e.g. latitude/longitude) of your mobile device in order to help you locate in-network ATMs, enhance safety, and to detect and prevent fraud. If you have given the App permission to access your location, we will collect your device’s location as permitted by the settings you choose. If you want to opt out of the collection of your location information, please adjust your settings in your mobile device.

• Device ID;

• The kind of browser and computer you use;

• Name of your internet service provider; and 

• Operating system version.

Personal Information Provided to Us Through Third Parties

We may collect Personal Information about you from other users, our affiliates, and third parties, as permitted by law, as follows:

1. Identity Verification Information. We may collect Personal Information from third party verification services, including biometric identity verification service providers, credit bureaus, financial institutions, mailing list providers, and publicly available sources to verify your identity. We may also collect information about you from third parties in connection with fraud detection process, or collection procedure, or as may otherwise be required by applicable law.

2. Social Media Information. We have pages and accounts on social media sites like Instagram, Facebook, Twitter, Discord, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we will collect Personal Information that you elect to provide to us through those channels, such as your username and contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.

3. Financial Information. When you link a deposit account, Step uses Plaid Inc. (“Plaid”) to gather your data from financial institutions. By using the Services, you grant Step and Plaid the right, power, and authority to act on your behalf to access and transmit your personal and financial information from your relevant financial institution. You agree to your personal and financial information being transferred, stored, and processed by Plaid in accordance with the Plaid End User Privacy Policy. If you choose to use our stock investing or our crypto trading services, we partner with Drivewealth to provide you with stock investment services and with Zero Hash to provide you with crypto trading services after you independently agree to their terms of service and privacy policies.

Advertising Information. We partner with Impact Tech, Inc., who may collect personal information when you interact with third-party sites from which you are linked to our Website. The collection and use of this information is subject to Impact's privacy policy: https://impact.com/privacy-policy/

Personal Information

• To provide the Services: Step may use your Personal Information to fulfill requests for products, Services, or information, including information about potential or future Services, including to:

  • Manage individual information and accounts;

  • Respond to questions, comments, and other requests;

  • Verify your identity;

  • Process payments and other financial transactions;

  • Process applications;

  • Communicate with you, including via SMS messaging. For more information, see our Mobile Terms;

  • Perform transfers, trades, and purchases that you request;

  • Provide access to certain benefits, functionalities, and features of our Services; and

  • Allow you to register for events.

• For internal business purposes: Step may use Personal Information for its internal business purposes, including to:

  • Measure interest in Step’s Services;

  • Develop new products and Services or improve existing products and Services;

  • Ensure internal quality control;

  • Communicate about individual accounts and activities on Step’s Services and systems, and, in Step’s discretion, changes to any Step policy;

  • Comply with regulatory requirements;

  • Prevent potentially prohibited or illegal activities;

  • Enforce our Terms of Service;

  • Conduct interviews, surveys, and test features

  • Protect the safety of any person, to address fraud, security or technical issues, or to protect the Company’s rights or property;

  • Comply with applicable laws, rules and regulations or court orders; and

  • For any other purpose for which you have given express permission or consent to Step.

• For marketing purposes: Step may analyze and use Personal Information to provide you with materials about offers, products, and Services from Step that may be of interest to you. Step may provide you with these materials by phone, postal mail, email, or otherwise as permitted by applicable law. Such uses include:

  • To tailor content, advertisements, and offers;

  • To notify you about offers, products, and services that may be of interest to you;

  • To provide Services to you;

  • For other purposes disclosed at the time you provide Personal Information; and

  • Otherwise, with your consent.

Non-personal Information

We may also use information that does not personally identify you, including by aggregating and/or de-identifying Personal Information, in order to understand better how our visitors use the Services, research our visitors’ demographics, interests, and behavior, improve the Services, and for other similar purposes. We may share this information with others for information or promotional purposes, and may use non-personal information in any manner permitted by law. When any non-personal information is combined with other information that identifies you, it will be treated as Personal Information in accordance with this Privacy Policy.

We may share Personal Information about you in the following ways:

• To verify your identity and report your credit history. For example, we may share information about you with credit reporting agencies to verify your Social Security number, and, where you authorize us to do so, for credit reporting. We may also share your information with vendors who help us verify your identity by performing biometric or other analyses to help us detect and prevent fraud. We use Persona to perform identity verification through facial geometry analysis.  Persona’s privacy policy is available at https://withpersona.com/legal/privacy-policy.

• With vendors and service providers for: (i) provision of IT and related services; (ii) provision of information and Services you have requested; (iii) payment processing; and (iv) customer service activities; (v) know-your customer services and fraud and anti-money laundering prevention; (vi) analytics services; and (vii) in connection with the provision of the Services. These service providers have contracted with us to use the Personal Information only for the purpose(s) permitted by us.

• Business partners. We may share Personal Information with our business partners, affiliates, and for our affiliates’ internal business purposes or to provide you with a product or service that you have requested. For example, we partner with Evolve Bank & Trust (“Evolve”) to provide you with banking and credit card services. We may share your Personal Information with Evolve to enable Evolve to provide banking and credit card services to you in connection with our Services. We also share your information with Visa in order to provide you with physical and digital secured credit cards. Similarly, if you choose to use either our stock investing or our crypto trading services, we partner with Drivewealth to provide you with stock investment services and with Zero Hash to provide you with crypto trading services after you independently agree to their terms of service and privacy policies. We may also share Personal Information with business partners with whom we may partner with to offer you products or services, or whose products or services we believe may be of interest to you.

• With third parties for legal or security reasons. We may share information about you if we reasonably believe that disclosing the information is needed to: (i) comply with any valid legal process, governmental request, or applicable law, rule, or regulation; (ii) investigate, remedy, or enforce potential Terms of Service violations; (iii) protect the rights, property, and safety of us, our users, or others; or (iv) detect and resolve any fraud or security concerns.  Upon verified request from a parent or guardian of a U18 User, we may at our discretion share the identity of that U18 User’s Sponsor with such parent or guardian. In the event of a transaction or proposed transaction involving the transfer of substantially all of the assets of Step or one or more of its businesses to another entity, whether an affiliate or a third party, or in connection with a bankruptcy, we may share your Personal Information in the diligence process or to otherwise facilitate the transaction, and with individuals assisting in the transaction or in connection with a bankruptcy. Your Personal Information may also be one of the transferred assets as part of the transaction or bankruptcy.

Advertising Cookies 

Advertising cookies are used to show you ads that are more relevant to you. For example, advertising cookies may be used to share data with advertisers so that the ads you see are more relevant to you, or allow you to share certain pages with social networks. We do not control third parties' use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads (including ads served using non-cookie technologies) from members of the NAI on the NAI's website, available at: https://optout.networkadvertising.org/?c=1. You can also visit the Digital Advertising Alliance’s website, available at https://youradchoices.com/, to use its Consumer Choice Tools. 

• Google Analytics collects personal information through the Website, including through the use of cookies. For information about how Google Analytics collects and processes data, please visit: https://policies.google.com/technologies/partner-sites. To opt out of having your information used by Google Analytics, please visit: https://tools.google.com/dlpage/gaoptout/. For more information, please visit Google’s privacy policy at: https://policies.google.com/privacy?hl=en&fg=1

• Additionally, third parties, including Google (through, for example, our use of Google Analytics Advertising Features, including Dynamic Remarketing), may place and read cookies on your browser, or use web beacons to collect information in connection with ad serving on or through the Website, including for the purposes of showing our ads on sites across the internet. Our partners will collect personal information for personalization of ads and may use first-party cookies or other first-party identifiers and third-party cookies and other third-party identifiers for personalized and non-personalized advertising and measurement. Ad serving may be based on users’ visits to the Website or other websites on the Internet, and your activity may be tracked over time and across websites. For information about how Google collects, shares, and uses data, please visit: https://policies.google.com/technologies/partner-sites. You can opt out of Google’s use of cookies or device identifiers by visiting the Google Ads Settings web page at: http://www.google.com/ads/preferences/. For more information, please visit Google’s privacy policy at: https://policies.google.com/privacy?hl=en&fg=1. You can opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page or control the use of device identifiers by using your device’s settings.

Microsoft also collects or receives personal information from our users or us to provide Microsoft Advertising (including through individual end user tracking and data sharing with third parties for advertising and marketing purposes). For more information, please visit the Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement.

• We use Meta Pixel to analyze user activity on our Website for remarketing and behavioral targeting. The Meta Pixel is triggered when you perform certain activities on the Website, and aids us in displaying Facebook ads to Facebooks users who have visited our Website, or Facebook users who share certain characteristics with visitors to our Website. Meta and other third parties may use cookies, web beacons, and other storage technologies to collect information from the Website and from other Internet websites, and use that information for the purposes of targeting ads and providing measurement services. Meta may track your activity over time and across websites. For more information about the data Meta collects, please visit Meta’s privacy found here. More specific information about Meta Pixel can be found here.

• The Website uses TikTok Business Products that involve TikTok's access to or storage of information on your device, including but not limited to the TikTok Pixel or other similar tracking technologies (such as access to data using pixels, cookies, APIs, SDKs, etc.) to collect information about how users use the Website. Information collected through such tools is used to provide measurement services and/or to target ads. You can opt out of receiving targeted ads (including ads served using non-cookie technologies) from members of the NAI on the NAI's website, available at: https://optout.networkadvertising.org/?c=1. You can also visit the Digital Advertising Alliance’s website, available at https://youradchoices.com/, to use its Consumer Choice Tools, or control the use of device identifiers by using your device’s settings.

Clear GIFs (Web Beacons)

We may employ a software technology called clear gifs (a.k.a. Web Beacons) that help us better manage content on our Website by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements and actions of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We may tie the information gathered by clear gifs to other Personal Information. We may use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns.

"Do Not Track" Signals

Our Website currently currently responds to the Global Privacy Control signal. It does not respond to other  “Do Not Track” (DNT) signals at this time.

We will retain your information for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our products and Services, resolve disputes, establish legal defenses, conduct audits, enforce our agreements, and comply with applicable laws or regulations.

External Websites

Our Services may contain links to other websites and other websites may reference or link to our Services. These websites are operated by third parties not controlled by us, and by linking to them or being linked from them Step does not endorse, approve or make any representations about third party websites or domains. We encourage you to read the privacy policies of each and every website and domain that you interact with. We are not responsible for the privacy practices or content of such other websites or domains and you visit them at your own risk.

Social Media

Our Services may contain links and interactive features with various social media platforms. If you already use these platforms, their cookies may be set on your device when using our Services. You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible social media platform, blog, or chat room, or otherwise online, or that you share in an open forum, may be viewed and used by others without any restrictions. We have no control over such uses of your information when interacting with a social media platform, forums or otherwise online and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties.

Security

Step takes commercially reasonable steps to protect the data you have given us from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. However, please be aware that no transmission of Personal Information over the Internet or the electronic storage of this information can be absolutely guaranteed to be free from unauthorized use or access. Before submitting any Personal Information via the Services, please keep in mind these risks and know that you do so at your own risk.

Communications Preferences

If you no longer want to receive marketing emails from us, you can use the “unsubscribe” link found at the bottom of the email to opt out of receiving future emails. You will continue to receive transaction-related emails regarding products or services you have requested.

Sharing Preferences

We may give you choices regarding the sharing of your information with affiliates and third parties. Choices you have about the sharing of your information will be described in the privacy policies or notices you receive in connection with specific Services you obtain from us. You can also change your cookie settings when you visit our Website to opt in or opt out of third-party cookies here.

Other Requests

If you wish to terminate your Step account or delete your data, you can contact us at privacy@step.com or initiate a request within our App.

We may change this Privacy Policy from time to time. If we do, we will post the revised policy on this page with a new “Last Updated” date. All changes will become effective when posted unless indicated otherwise. If we make any material changes we will notify you in accordance with applicable law. We encourage you to periodically review this page for the latest information on our privacy practices.

Our Website is not intended for children under the age of thirteen.  Children under the age of thirteen are permitted to use our App with their parent or guardian’s consent. Where we determine that an individual attempting to set up a Step account is a U13 User, we will ask for that U13 User’s parent or guardian’s contact information in order to obtain verifiable consent before allowing that U13 User to use our Services.

What Information Does Step Collect from Children and How Is It Used?

To participate in our Services, U18 Users and their Sponsors must create an account using the App. We ask all U18 Users to provide us with the phone number of their Sponsor, so we can notify the Sponsor of the U18 User’s interest in Step, request consent for the U18 User to use our Services and provide us with their personal information, and authorize the Sponsor to oversee the U18 User’s account. 

We request personal information from U18 Users that is reasonably necessary for their use of the Services, including their name, date of birth, phone number, email address, and mailing address. We also collect technical information and utilize cookies and analytics technologies when U18 Users engage with our Website. When we collect Personal Information from U18 Users, we will retain that information only as long as reasonably necessary to fulfill the purpose for which it was provided, ensure the security of our users and our Services, or as required by law. 

Parents or legal guardians of U18 Users older than thirteen who are not their child’s Sponsor can contact us at privacy@step.com to request the identity of their child’s Sponsor. Parents or legal guardians of U13 Users can contact us at privacy@step.com to access and review the Personal Information we have collected about their child, update their child’s information, request deletion of their child’s information, or restrict further collection or use of their child’s information. In the event we discover we have collected information from a U13 User in a manner inconsistent with applicable law, we will either delete the information or promptly seek consent from a parent or legal guardian. Please note that our deletion of your child’s information means that they will no longer be able to have a Step account or otherwise use our Services.

For more information, see our Children’s Privacy Statement.

Under California Civil Code Section 1798 (California's “Shine the Light” law), California residents with an established business relationship with us can annually request that we provide them with information about the Personal Information we have shared with third parties for those third parties own direct marketing purposes. Step does not share Personal Information with third parties for their own direct marketing purposes. If you would like to request more information under California’s “Shine the Light” law, you can contact us as detailed in the “Contact Us” section below.

The following disclosures are made pursuant to the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”). These disclosures apply to individuals who reside in the State of California and supplement any other privacy notice provided by Step. Any terms defined in the CCPA have the same meaning in this notice.

Right to Know

California residents have the right to be informed of the categories and specific pieces of personal information we collected about them, including sensitive personal information, collected, used, and disclosed, the categories of sources from which that information is collected, whether that information is sold or shared, the categories of third parties to whom that information has been disclosed, the business or commercial purposes for collecting and using each category of personal information, and the intended retention period for each category of personal information. 

The below chart reflects the categories of personal information we have collected from California residents both online and offline during the past twelve months, the categories of sources from which the information was collected, the business or commercial purpose for which the information was collected, and the categories of third parties with whom we disclosed that information, and our anticipated retention period for each category of information.

Right to Limit Use and Disclosure of Sensitive Personal Information

We do not collect or process sensitive personal information for the purpose of inferring characteristics about consumers. We also do not disclose sensitive personal information for purposes other than those specified in section 7027(m) of the CCPA regulations promulgated by the California Privacy Protection Agency. Therefore, we do not offer consumers the option to limit the use of their sensitive personal information.

Right to Opt Out of Sharing for Cross-Context Behavioral Advertising

In the past twelve months we have used data about your activities on our online properties to serve you ads on online properties owned or controlled by third parties. In the past twelve months, we have provided the following categories of information to advertising networks, data analytics providers, and social media networks for this purpose:

• Personal identifiers, such as unique personal identifier, online identifier, internet protocol address, device information and identifiers, and unique advertising identifiers and cookies; Internet and other electronic network activity information; geolocation information; and inference data.

If you would like to opt out of this sharing, you may exercise your right using our “Do Not Sell or Share My Personal Information” link to modify your cookie settings, or, you may do so in a frictionless manner by activating Global Privacy Control (“GPC”)  opt out preference signal to opt out of disclosures of your personal information through the browser you are using. To learn more about the GPC, click here.

Right to Opt Out of Sale

 While we do not sell personal information in exchange for monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA. The CCPA broadly defines “sale” in a way that may include activities such as the delivery of targeted advertising on websites or allowing third parties to receive certain information, such as cookies, IP address, and/or browsing behavior. In the past twelve months, we have provided the following categories of information to advertising networks, data analytics providers, and social media networks in ways that could be considered a “sale” under California law:

• Personal identifiers, such as unique personal identifier, online identifier, internet protocol address, device information and identifiers, and unique advertising identifiers and cookies; Internet and other electronic network activity information; geolocation information; and inference data.

We disclosed these categories of information to these third parties in order to market and advertise our products and services; perform analytics; and to maintain, improve, upgrade, or enhance our products or services.

California residents have the right to opt out of the “sale” of their personal or sensitive personal information.

 If you would like to opt out of such disclosures, you may exercise your right using our “Do Not Sell or Share My Personal Information” link to modify your cookie settings, or, you may do so in a frictionless manner by activating Global Privacy Control (“GPC”) opt out preference signal to opt out of disclosures of your personal information through the browser you are using. To learn more about the GPC, click here.  

Users Less Than 16 Years of Age

We have actual knowledge of selling and/or sharing personal information from users less than 16 years of age when they, or their parents, opt in to our use of certain cookies that perform these functionalities.

Right to Delete Personal Information 

California residents have the right to request deletion of the personal information we have collected from them, subject to certain exceptions.

Right to Correct Inaccurate Personal Information 

You have the right to request the correction of any inaccurate personal information that we maintain about you. 

Right to Access Personal Information 

You have the right to request the categories and specific pieces of personal information that we maintain about you. 

Right of Non-Retaliation and Non-Discriminiation 

California residents have the right to not receive discriminitory treatment for exercising their CCPA privacy rights. We do not discriminate against California residents who exercise their CCPA privacy rights. 

Exercising Your Rights

California residents or their authorized agent can submit a request by emailing us at privacy@step.com or by calling us at 1-888-378-6023. You will need to provide us with your name, phone number, and mailing address for us to match with information we have on file in order to verify your identity and residency. The personal information that we use to verify your identity and residency will not be used for any other purpose.

You may authorize an agent to submit a request on your behalf if you provide the authorized agent with written permission signed by you. We may require you to verify your identity directly with us and confirm that you provided the authorized agent with permission to submit a request on your behalf.

Financial Incentives

From time to time, we may offer you programs, benefits, and other offerings that may be considered a “financial incentive” as defined by the CCPA. You can opt into the financial incentive by submitting personal information, to include personal identifiers such as name, phone number, email address.

 While we do not assign a monetary value to the data that we collect, based on our reasonable estimate, the value you received in connection with the financial incentive is reasonably equal to or greater than the value we receive from the use of the personal information you provide. We use this information to improve our products, services, and customer experiences.

 Participation in these financial incentives are optional and you can withdraw your participation at any time. If you subsequently wish to withdraw from the financial incentive, you may do so by emailing us at privacy@step.com. 

If you opt out, we will not reduce the value of any financial incentives you previously received from us.

Contact Us

If you have questions or comments about this Privacy Policy, please contact us at privacy@step.com.